[Shorewall-users] tcfilters with +ipset in DEST column

Tue, 22 Jul 2014 03:22:29 -0700 

I am trying to use an ipset in the DEST column in the tcfilters file,
like this:

#CLASS  SOURCE  DEST    PROTO   DPORT   SPORT   TOS     LENGTH  PRIO

2:100   0.0.0.0 +fast
2:200   0.0.0.0 +slow

where "fast" and "slow" are ipsets that contain IP addresses that
should get special treatment.  However, I get errors like this:

Compiling /etc/shorewall/tcfilters...
IN===> 2:100    0.0.0.0 +fast
   ERROR: An ipset name (+fast) is not allowed in this context 
/etc/shorewall/tcfilters (line 16) at /usr/share/shorewall/Shorewall/Config.pm 
line 1348.
        Shorewall::Config::fatal_error('An ipset name (+fast) is not allowed in 
this context') called at /usr/share/shorewall/Shorewall/IPAddrs.pm line 216
        Shorewall::IPAddrs::validate_4net('+fast', 0) called at 
/usr/share/shorewall/Shorewall/IPAddrs.pm line 878
        Shorewall::IPAddrs::validate_net('+fast', 0) called at 
/usr/share/shorewall/Shorewall/IPAddrs.pm line 302
        Shorewall::IPAddrs::decompose_net('+fast') called at 
/usr/share/shorewall/Shorewall/Tc.pm line 2023
        Shorewall::Tc::process_tc_filter1('2:100', 0.0.0.0, '+fast', '-', '-', 
'-', '-', '-', '-', ...) called at /usr/share/shorewall/Shorewall/Tc.pm line 
2561
        Shorewall::Tc::process_tc_filter() called at 
/usr/share/shorewall/Shorewall/Tc.pm line 2579
        Shorewall::Tc::process_tcfilters() called at 
/usr/share/shorewall/Shorewall/Tc.pm line 2752
        Shorewall::Tc::process_traffic_shaping() called at 
/usr/share/shorewall/Shorewall/Tc.pm line 3003
        Shorewall::Tc::process_tc() called at 
/usr/share/shorewall/Shorewall/Compiler.pm line 774
        Shorewall::Compiler::compiler('script', '/var/lib/shorewall/.restart', 
'directory', '', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at 
/usr/share/shorewall/compiler.pl line 152

--apb (Alan Barrett)

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to