On Wednesday 02 May 2007 00:10, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Tuesday 01 May 2007 22:49, Tom Eastep wrote: > >> Steven Jan Springl wrote: > >>> On Tuesday 01 May 2007 22:24, Tom Eastep wrote: > >>>> Steven Jan Springl wrote: > >>>>> Tom > >>>>> > >>>>> > >>>>> When a rule that specifies source port 0 or destination port 0 calls > >>>>> a macro the source port and destination ports in the macro are not > >>>>> overridden. E.G. > >>>>> > >>>>> rule: > >>>>> sjs/ACCEPT $FW $L3 tcp 0 0 > >>>>> > >>>>> macro sjs: > >>>>> PARAM - - tcp 22 10 > >>>>> > >>>>> generates iptables-rule: > >>>>> -A fw2lan -p 6 --dport 22 --sport 100 -d 192.168.0.3 -j ACCEPT > >>>> > >>>> Revision 6183 should fix it. > >>>> > >>>> Thanks, Steven > >>>> > >>>> -Tom > >>> > >>> Tom > >>> > >>> I have just tried revision 6184. It now generates an iptables rule > >>> without either a source or destination port: > >>> > >>> -A fw2lan -p 6 -d 192.168.0.3 -j ACCEPT > >> > >> Port 0 is equivalent to Port 'any' in Netfilter/Iptables. > >> > >> -Tom > > > > Tom > > > > I have just tried the following: > > > > rule: > > DROP lan $FW tcp 22 > > > > drops port 22 > > > > rule: > > DROP lan $FW tcp 0 > > > > does not drop port 22. > > > > If I have understood your comment correctly, then second rule should have > > dropped port 22. > > > > Am I missing something here? > > No -- I was (my mind). > > Try 6185. > > Thanks, > -Tom Tom
It works now. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
