-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/10/2017 09:30 AM, Steven Jan Springl wrote:
> Rule:
>
> REDIRECT lan 100 tcp:!syn 200 - 10.1.1.2
>
> Produces the following iptables rule:
>
> -A PREROUTING -i eth0 -p 6 ! --syn--dport 200 -d 10.1.1.2 -j
> REDIRECT --to-port 100 -m comment --comment "@@@
> /etc/shorewall207/rules:13 @@@"
>
> Which produces the following error:
>
> iptables-restore v1.4.21: unknown option "--syn--dport"
The attached simple patch should do the trick.
Thanks, Steven.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYwvuCAAoJEJbms/JCOk0QUaYP/1mCTENcQkxpjoQbfskUAVzC
Op5IJCyEDlxVPIRi5Pp2TRgbXpYOJUiLKwS0IMlWamj1ryoWcs7LnkKgGHrWwp1I
+4fdJET2ePMEy0YKVw60POZf9mXtYj7YYdUTHeVlRkRBUMCn08oI7TjFnJqC8xL7
hVXRvLDeenqm72/lykRIEAH6xxoHpow8V4NxkFika94188ynL1nLpEFgLCVX16CO
XXC4vC2RsCy6ju3GE0Ii64rWGw/ZGOsTG05vm6P8JliZKvZpukVpJPz9cyZ+qWkK
2OIEH02UIHUggLEUY4twWKk0RWs+ETVjAJFQ3IHiSWEu6H6jeQrsXVRi64azQZjN
nGWy1XAp4V/YcFg//RuOmbncssROXSr9hYVNiKw9uW7QpxvhQoBJpWYVnTEj+vpx
9iQ+eGGFvg2JTewDykkJiazlEgPBv7Bri36mlzeoBz7JwznXcacPDPYIvjIHDxDw
AH0LfswSJcHeflN+bTEtPqYwkdWapY+YmmsOtkVJOGPY8HdgqT4ArZIYSD4Bjkmt
b2hRepzkBQFy3r51txmEtVmpmHI4rj639OtuhjM94bK722pMeA6nJ3b24YcPjCRZ
yKEi1Mx/2J1S55ot39CAZlecaivowQRWuI7qXSMRtZ1ukiR7ve7l3U/57XdJddoS
A4BSMwouh6tL31nM2PBA
=1mWM
-----END PGP SIGNATURE-----
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 9de4ed8..1fe6241 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4575,7 +4575,7 @@ sub do_proto( $$$;$ )
$output = "${invert}-p ${proto} ";
} else {
fatal_error '":syn" is only allowed with tcp' unless $proto == TCP && ! $invert;
- $output = $notsyn ? "-p $proto ! --syn" : "-p $proto --syn ";
+ $output = $notsyn ? "-p $proto ! --syn " : "-p $proto --syn ";
}
fatal_error "SOURCE/DEST PORT(S) not allowed with PROTO !$pname" if $invert && ($ports ne '' || $sports ne '');
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
