Tom,
Looking at /usr/share/shorewall/lib.base I couldn't understand much of
what might be wrong, so I just added a few echo statements to see
what's going on, e.g.
...
if qt mywhich ipset; then
qt ipset -X $chain # Just in case something went wrong the last time
if qt ipset -N $chain iphash ; then
echo "TEST1"
if qt $IPTABLES -A $chain -m set --set $chain src -j ACCEPT; then
echo "TEST2"
qt $IPTABLES -D $chain -m set --set $chain src -j ACCEPT
IPSET_MATCH=Yes
fi
echo "TEST3"
qt ipset -X $chain
fi
fi
echo "TEST4"
exit
...
Then,
> shorewall show capabilities
TEST1
TEST3
TEST4
So "TEST2" is never reached which I think points to a problem in
if qt $IPTABLES -A $chain -m set --set $chain src -j ACCEPT; then
And then IPSET_MATCH=Yes never gets defined and results in
shorewall show capabilities | grep -i ipset
Ipset Match: Not available
If I'm right, why that happens I have no idea yet.
--JC
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
