Niedermeier Günter wrote:
> Hi,
>
> usually my shorewall inst. uses compiler=perl.
>
> While some tests I changed my config to compiler=shell, and in this case
> I get an error like this:
>
> --------------------------------------------------------
>
> Setting up TCP Flags checking...
> iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0' not found
> Try `iptables -h' or 'iptables --help' for more information.
> ERROR: Command "/usr/sbin/iptables -A eth2_fwd -p tcp -s
> 169.254.0.0/16!169.254.1.0/24 -j tcpflags" Failed
> Processing /etc/shorewall/stop ...
> IP Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /sbin/shorewall: line 742: 9333 Terminated
> $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
There are many bugs like this in Shorewall shell -- that's one of the
primary reasons that we developed Shorewall Perl. I would not be
surprised if many of the options available in /etc/shorewall/hosts blow
up when the host groups has exclusion.
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
