On 10/8/19 12:29 AM, Andreas Günther wrote: > > Am Montag, 7. Oktober 2019, 21:32:18 CEST schrieb Vieri Di Paola: > > > On Monday, October 7, 2019, Justin Pryzby <pry...@telsasoft.com> wrote: > > > > On Mon, Oct 07, 2019 at 07:39:36PM +0200, Andreas Günther wrote: > > > > > Hi > > > > > my Shorewall6 for the SSH rule on an interface without an internal > > > > > > > > network > > > > > > > > > provides the following error message: > > > > > ERROR: Unknown destination zone (2a03) /etc/shorewall6/macro.SSH > (line > > > > > > > > 9) > > > > > > > > > from /etc/shorewall6/rules (line 35) > > > > > > > > > > /etc/shorewall6/rules: > > > > > SSH(ACCEPT) net 2a03:4871:5ca:7a::1 tcp 51001 > > > > > > Try using square brackets around the IPv6 address and a zone. You > probably > > > wanted something like: > > > ... net $FW:[$IPv6] ... > > > > Thanks Justin, > > > > I tried your propose with success with > > > > SSH(ACCEPT) net $FW:[2a03:4871:5ca:7a::1] tcp > 51001 > > I interpret that now as follows, that also with HTTP the rules must be so > > HTTP(ACCEPT) net $FW:[2a03:4871:5ca:7a::1] > > HTTP(ACCEPT) $FW:[2a03:4871:5ca:7a::1] net > > > > I do not understand that yet. Because with IPv4 it is enough > > HTTP (ACCEPT) net $ FW HTTP (ACCEPT) $ FW net > It is also enough with IPv6.
-Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
