On 10/11/2018 05:36 AM, Jan Bergner wrote: > Am 10.10.18 um 18:14 schrieb Tom Eastep: >> On 10/10/2018 07:04 AM, Jan Bergner wrote: >>> Dear shorewall-users list, >>> >>> I have some virtual network interfaces due to the fact, I use >>> systemd-nspawn-containers which get names containing a minus sign. (The >>> scheme is basically "ve-MACHINE_NAME".) >>> >>> Unfortunately, I cannot seem to find any indication on how to treat such >>> an interface name in, say, a zone assignment. >>> >>> In particular, I would like to have an /etc/shorewall/interfaces like this: >>> >>> #ZONE INTERFACE BROADCAST OPTIONS >>> >>> net eth+ detect dhcp >>> nspa ve-m1 detect dhcp >>> nspa ve-m2 detect dhcp >>> nspb ve-m3 detect dhcp >>> nspb ve-m4 detect dhcp >>> oth + detect dhcp >>> >>> >>> However, this does not seem to be working; my interfaces end up in the >>> oth-zone, as can be expected, since this is my catch-all-zone, assuming >>> the ve-interfaces are not recognized, properly.) >>> >>> Initially, I thought there mus be a simple way of escaping this, but I >>> could not seem to find it. >>> >>> Can someone give me a hint? >>> >>> >>> Thanks in advance and best regards, >>> >> Which Shorewall version are you using? Your interfaces file above is >> FORMAT 1, which suggests that the version is quite old. >> >> -Tom > > Hello Tom, > > thank you for your response. > > On this particular system, we use the official version, shipped with > Debian 9. (5.0.15.6) > > However, we produce some IoT devices, based on OpenEmbedded, that are > using version 4.4.14, and we try to use a config style that is working > for both versions. > > Thus, we use the old format, indeed. >
Okay - I believe that something else is going on in your configuration that is causing the issue. It would be helpful if you would: a) shorewall show -f capabilities > /etc/shorewall/capabilities b) Tar up your /etc/shorewall/ directory and sent the tar file to me privately. Thanks! -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
