> Da: Tom Eastep [mailto:[email protected]] > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 10/23/2016 12:09 AM, [email protected] wrote: > > Hi all > > > > > > > > Issue #2, Another problem I encounter is that I have to manually > > pre-create the wuhosts set, otherwise I get another error: > > > > Setting up Traffic Control... ipset: unknown set name 'wuhosts' ... > > ipset(wuhosts >>dst)<< ... ... ipset(>>wuhosts<< dst)... Usage: > > ipset(SETNAME FLAGS) where: SETNAME:= string FLAGS := { > > FLAG[,FLAGS] } FLAG := { src | dst } > > > > Example: 'ipset(bulk src,dst)' Illegal "ematch" ERROR: Command "tc > > filter add dev ifb0 protocol ip parent 2:0 prio 1 basic match > > ipset(wuhosts dst) flowid 2:140" Failed > > > > > > I am sure there is support in shorewall to automatically create ipsets > > when needed, because for example I use dynamic zones which are > > implemented with ipsets (and in fact it calls add_ipset($ipset); ). > > Inspired by that I tried to simply do something like this: > > > > --- Tc.pm.orig 2016-10-23 07:41:55.000000000 +0200 +++ Tc.pm > > 2016-10-23 08:55:24.529013933 +0200 @@ -1517,8 +1517,9 @@ if ( $source > > ne '-' ) { $rule .= ' and' if $have_rule; > > > > - if ( $source =~ /^\+/ ) { + if ( $source =~ > > /^\+(\S+)/ ) { $rule .= join( '', "\\\n ", handle_ematch( > > $source, 'src' ) ); + add_ipset($1); } else { my @parts = > > decompose_net_u32( $source ); > > > > but it gave me this weird error. Apparently I have to know something > > more about ipset handling in Shorewall. Could this be addressed? > > Please see if the attached patch addresses your issue.
Yes it did. Thank you again. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
