Thanks Tom, The patch does work and the IPTABLES line with the -I modification indeed it's effective in stopping the unwanted packets. Before the patch we were receiving 1pckt/sec!
Costa -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: 15 October 2012 01:25 To: Shorewall Users Subject: Re: [Shorewall-users] the right syntax for run_iptables command? On 10/14/2012 03:34 PM, Costantino wrote: > Whatever I do, whether I insert the escape character before the double > quote or not it complains with the message: > > <-- cut --> > Processing /etc/shorewall/start ... > Bad argument `KeepAlive' > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Command "/sbin/iptables -I INPUT -p udp -m udp --dport 5060 > -m string --string "Cirpack KeepAlive Packet" --algo bm -j DROP" > Failed Processing /etc/shorewall/stop ... > <-- cut --> > > It looks to me as if as soon as it encounters a <blank> character it > declares the end of the string. > Did you apply the patch? -Tom -- -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
