> On 5/16/2014 2:10 AM, Simon Matter wrote: >>> The Shorewall team is pleased to announce the availability of Shorewall >>> 4.6.0. >> >> Hi Tom and all, >> >> Thanks for the new release! >> >> I found an issue I'm not sure how to solve, sorry for finding it only >> now >> that the release is out. >> >> >> I was having this in my tcrules file: >> # >> # fix udp checksums for dhclient on local KVM guests >> # >> CHECKSUM:T $FW 0.0.0.0/0 udp bootpc >> >> >> I converted it using "shorewall update -t" and it gave me this in >> mangle: >> CHECKSUM:T fw 0.0.0.0/0 udp bootpc >> >> >> On restart I got >> Checking /etc/shorewall/mangle... >> ERROR: Rules with SOURCE $FW must use the OUTPUT chain >> /etc/shorewall/mangle (line 33) >> >> >> Now, I've just removed :T like so >> CHECKSUM fw 0.0.0.0/0 udp bootpc >> >> >> Now I get this: >> Running /sbin/iptables-restore... >> iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is >> required >> Error occurred at line: 41 >> Try `iptables-restore -h' or 'iptables-restore --help' for more >> information. >> ERROR: iptables-restore Failed. Input is in >> /var/lib/shorewall/.iptables-restore-input >> >> >> and line 41 is: >> -A tcout -p 17 --dport 68 -j CHECKSUM >> >> The --checksum-fill is really missing somehow. >> >> Is my config wrong or is it a bug? >> > > Hi Simon, > > Using :T with SOURCE $FW is incorrect on your part (and Shorewalll > should have flagged it all along), but the missing --checksum-fill is a > bug. Patch is attached.
Thanks Tom, it works perfect now! Regards, Simon ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
