In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug:
http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp 80,443 The problem is this is the shorewall6-tcrules page, and 192.168.1.0/24 and 0.0.0.0/0 are IPV4 addresses. It's pretty minor, but, it is something to update in the documentation. Another issue, but it may be documented in a place I didn't look: In tcrules, I was trying to do the IPv6 equivalent of: TPROXY(3129) eth2:!192.168.2.1 0.0.0.0/0 tcp 8 I discovered that: TPROXY(3129) eth2:![2001:1931:313::1/64] tcp 8 generates an error when shorewall compiles the rules. However, the following does work: TPROXY(3129) eth2:[!2001:1931:313::1/64] tcp 8 Whether bad judgement on my part or otherwise, I would have expected the former syntax (with the ! negation outside of [ip:v6:;ad/dr]) to be the correct one. The exclusion rules document (http://www.shorewall.net/manpages6/shorewall6-exclusion.html) doesn't giive a single example of a negated IPv6 address. I believe it would be helpful if one were added. -- Troy Telford ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
