Phil Cordier wrote: > Hi Tom - thanks much for the patch - has done the trick (and greetings > from Shoreline, we're neighbors).
Cool! (On both counts). > > It only happened with the startup error, ie when there was a CONTINUE > policy, or IMPLICIT_CONTINUE=Yes was set in shorewall.conf - there's > nothing in my stop file... Hmmm -- that's worrisome since I can't reproduce it under those same circumstances. I'll try again. > > - eth1+ detect tcpflags,nosmurfs > - eth1.+ detect tcpflags,nosmurfs > Those are correct syntax: > With my corresponding hosts file entries of : > > foo1 eth1.2:192.168.168.0/24 tcpflags > foo2 eth1.3:192.168.169.0/24 tcpflags > > But 'shorewall check' is returning things like (with the + sign) : > > Validating hosts file... > ERROR: Unknown interface (eth1.2) in record "foo1 > eth1.2:192.168.168.0/24 tcpflags" This is expected behavior. The interface in a hosts entry much match the entry in an Interfaces file exactly (Shorewall 4 will change that and allow what you are trying to do). So you either must define each VLAN interface in /etc/shorewall/interfaces or you must use one of the ...+ forms as follows: /etc/shorewall/interfaces: - eth1.+ detect tcpflags,nosmurfs /etc/shorewall/hosts: foo1 eth1.+:192.168.168.0/24 tcpflags > > PS: Tom I would not dare impinge upon your time, but if you might know a > good Shorewall person preferably in our local Seattle area that would be > available for a few hours of consulting work, I could really use some > hands-on help getting this all up and running... I'm stumbling in the > dark on some of this stuff... Thanks!!! I'm afraid that I know of no one in the Seattle area that does Shorewall consulting. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
