Steven Jan Springl wrote: > On Tuesday 01 May 2007 22:49, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> On Tuesday 01 May 2007 22:24, Tom Eastep wrote: >>>> Steven Jan Springl wrote: >>>>> Tom >>>>> >>>>> >>>>> When a rule that specifies source port 0 or destination port 0 calls a >>>>> macro the source port and destination ports in the macro are not >>>>> overridden. E.G. >>>>> >>>>> rule: >>>>> sjs/ACCEPT $FW $L3 tcp 0 0 >>>>> >>>>> macro sjs: >>>>> PARAM - - tcp 22 10 >>>>> >>>>> generates iptables-rule: >>>>> -A fw2lan -p 6 --dport 22 --sport 100 -d 192.168.0.3 -j ACCEPT >>>> Revision 6183 should fix it. >>>> >>>> Thanks, Steven >>>> >>>> -Tom >>> Tom >>> >>> I have just tried revision 6184. It now generates an iptables rule >>> without either a source or destination port: >>> >>> -A fw2lan -p 6 -d 192.168.0.3 -j ACCEPT >> Port 0 is equivalent to Port 'any' in Netfilter/Iptables. >> >> -Tom > Tom > > I have just tried the following: > > rule: > DROP lan $FW tcp 22 > > drops port 22 > > rule: > DROP lan $FW tcp 0 > > does not drop port 22. > > If I have understood your comment correctly, then second rule should have > dropped port 22. > > Am I missing something here?
No -- I was (my mind). Try 6185. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
