________________________________ From: Tom Eastep <[email protected]> > > root@debianvm:/etc/shorewall# shorewall start
[...] > Compiling /etc/shorewall/providers... > ERROR: Providers interfaces may not specify 'routefilter' when > USE_DEFAULT_RT=Yes /etc/shorewall/providers (line 10) Do you mean that it's fixed in 5.1.5, or that you cannot reproduce the issue I reported? I redid the same, but this time in "interfaces" I not only have routefilter but also rpfilter (for the sake of testing -- not that I need both options). Now I'm getting a different error with "shorewall check", but "shorewall start" still doesn't complain and exits successfully. If I run the following: shorewall stop > swtest 2>&1 3>&1 shorewall status >> swtest 2>&1 3>&1 shorewall check >> swtest 2>&1 3>&1 echo ">>> shorewall start:" >> swtest 2>&1 3>&1 shorewall start >> swtest 2>&1 3>&1 echo ">>> interfaces:" >> swtest 2>&1 3>&1 cat interfaces >> swtest echo ">>> providers:" >> swtest 2>&1 3>&1 cat providers >> swtest I get this: Stopping Shorewall.... Processing /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... Preparing iptables-restore input... Running /sbin/iptables-restore... IPv4 Forwarding Enabled Processing /etc/shorewall/stopped ... done. Shorewall-5.1.4.4 Status at inf-fw2 - Wed Jul 5 08:59:27 CEST 2017 Shorewall is stopped State:Stopped Wed Jul 5 08:59:27 CEST 2017 (/var/lib/shorewall/firewall compiled Wed Jul 5 08:53:34 CEST 2017 by Shorewall version 5.1.4.4) Checking using Shorewall 5.1.4.4... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Checking /etc/shorewall/zones... Checking /etc/shorewall/interfaces... ERROR: The 'routefilter', 'sfilter' and 'rpfilter' options are mutually exclusive /etc/shorewall/interfaces (line 2) >>> shorewall start: Starting Shorewall.... Initializing... Processing /etc/shorewall/init ... Processing /etc/shorewall/tcclear ... Setting up ARP filtering... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Setting up log backend Setting up Proxy ARP... Adding Providers... Preparing iptables-restore input... Running /sbin/iptables-restore ... IPv4 Forwarding Enabled Processing /etc/shorewall/start ... Processing /etc/shorewall/started ... done. >>> interfaces: #ZONE INTERFACE OPTIONS net4 $IF_ISP4 optional,tcpflags,nosmurfs,logmartians,proxyarp=0,arp_ignore=1,sourceroute=0,rpfilter,routefilter net3 $IF_ISP3 optional,tcpflags,nosmurfs,logmartians,proxyarp=0,arp_ignore=1,sourceroute=0,rpfilter,routefilter net2 $IF_ISP2 optional,tcpflags,nosmurfs,logmartians,proxyarp=0,arp_ignore=1,sourceroute=0,rpfilter,routefilter net1 $IF_ISP1 optional,tcpflags,nosmurfs,logmartians,proxyarp=0,arp_ignore=1,sourceroute=0,rpfilter,routefilter dmz $IF_DMZ routeback loc $IF_LAN routeback >>> providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONSCOPY ISP1 1 1 - $IF_ISP1 $IF_ISP1_GW track,balance=3,persistent ISP2 2 2 - $IF_ISP2 $IF_ISP2_GW track,balance=2,persistent ISP3 3 3 - $IF_ISP3 $IF_ISP3_GW track,balance=1,persistent ISP4 4 4 - $IF_ISP4 $IF_ISP4_GW track,balance=1,persistent ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
