Tom, > Or you can 'shorewall trace show capabilities 2> /tmp/trace' and look at the > /tmp/trace file.
>From /tmp/trace, I think this is the relevant area, + MANGLE_FORWARD=Yes + qt /usr/sbin/iptables -t raw -L -n + /usr/sbin/iptables -t raw -L -n + RAW_TABLE=Yes + qt mywhich ipset + mywhich ipset + qt ipset -X fooX3566 + ipset -X fooX3566 + qt ipset -N fooX3566 iphash + ipset -N fooX3566 iphash + qt /usr/sbin/iptables -A fooX3566 -m set --set fooX3566 src -j ACCEPT + /usr/sbin/iptables -A fooX3566 -m set --set fooX3566 src -j ACCEPT + qt ipset -X fooX3566 + ipset -X fooX3566 + qt /usr/sbin/iptables -A fooX3566 -m pkttype --pkt-type broadcast -j ACCEPT + /usr/sbin/iptables -A fooX3566 -m pkttype --pkt-type broadcast -j ACCEPT + USEPKTTYPE=Yes > Also note that if you patch iptables yourself and 'make install', the new > iptables is > installed in /usr/local/sbin/. So be sure to 'which iptables' to be sure that > your iptables > , and not your distribution's version, is being run. Note that you can use > the IPTABLES setting > in /etc/shorewall/shorewall.conf to specify your version. which iptables /usr/sbin/iptables ls -al /usr/local/sbin/iptables /bin/ls: cannot access /usr/local/sbin/iptables: No such file or directory Well that sure sounds like there's a step I missed, patching iptables. Reading both the pages at http://ipset.netfilter.org/install.html & http://www.netfilter.org/projects/ipset/index.html, I don't see anything to *do* about that. So I guess I have to 'patch' iptables to use it with ipset & ShoreWall? If that's right, are there any how-to Docs that you know of? --JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
