On 9/28/2013 10:37 PM, Paul Gear wrote: > On 09/25/2013 09:37 AM, Tom Eastep wrote: >> On 9/24/2013 2:34 PM, Orion Poplawski wrote: >>> I want to be able to serve some mDNS information from our firewall to our >>> visitor network. I tried adding the following to our rules: >>> >>> mDNS(ACCEPT) net:10.11.0.0/24 $FW >>> >>> shorewall check errors with: >>> >>> Checking /etc/shorewall/rules... >>> ERROR: Unknown destination zone (224.0.0.251) >>> /usr/share/shorewall/macro.mDNS (line 16) >>> from /etc/shorewall/rules (line 62) >>> >>> Any idea what is up? >> >> The way that the macro is written, you may not qualify the SOURCE. You need: >> >> mDNS(ACCEPT) NET $FW >> >> -Tom > > Hi Tom, > > Should we be thinking about a rewrite of that macro? Looking at it > right now, it doesn't make a lot of sense to me if the destination is > the firewall. (e.g. We don't necessarily care that the destination is > 224.0.0.251) Or perhaps add another rule specifically using $FW as the > destination? I'd be happy to have a shot at it with Orion and get you a > patch after he's tested it.
Hi Paul, Sure -- if you want to offer an alternative macro, I'll add it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
