On Jun 2, 2013, at 11:52 AM, [email protected] wrote: > > Hi, > > I have the following entry in blrules. > > BLACKLIST play:+blacklist all > > > In earlier that rule generate the correct iptables rules: > > $sudo shorewall show | grep BLACK > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > match-set blacklist src /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > match-set blacklist src /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > match-set blacklist src /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > match-set blacklist src /* BLACKLIST */ > > But in shorewall-4.5.17 the ipset match dissapeared. > > $sudo shorewall show | grep BLACK > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > /* BLACKLIST */ > 0 0 blacklog all -- * * 0.0.0.0/0 0.0.0.0/0 > /* BLACKLIST */ > > I have bisected and found that: > > 0b5a316cfc287c9d3ab0d964372081ffb67d5751 is the first bad commit >
The attached patch corrects the issue. Thanks Christer, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
