I added the following lines in the NEW section in `/etc/shorewall/rules`:
> ?COMMENT Redirect Out > #catch leaky DNS queries and redirect them to our own dns server> DNS(REDIRECT) lan 53 - 53 - !&lan > DNS(REDIRECT) fw 53 - 53 - !::1
when I ran `shorewall6 check` via sudo I received this: > Checking using Shorewall 5.2.3.6... > Processing /etc/shorewall6/params ... > Processing /etc/shorewall6/shorewall6.conf... > Loading Modules... > Checking /etc/shorewall6/zones... > Checking /etc/shorewall6/interfaces... > Determining Hosts in Zones... > Locating Action Files... > Checking /etc/shorewall6/policy... > Adding rules for DHCP > Checking TCP Flags filtering... > Checking Accept Routing Advertisements... > Checking MAC Filtration -- Phase 1... > Checking /etc/shorewall6/rules...> ERROR: Internal error in Shorewall::Chains::set_rule_option at /usr/share/shorewall/Shorewall/Chains.pm line 1153 /etc/shorewall6/rules (line 52) at /usr/share/shorewall/Shorewall/Config.pm line 1576. > Shorewall::Config::fatal_error("Internal error in Shorewall::Chains::set_rule_option at /usr/"...) called at /usr/share/shorewall/Shorewall/Config.pm line 1619 > Shorewall::Config::assert("") called at /usr/share/shorewall/Shorewall/Chains.pm line 1153 > Shorewall::Chains::set_rule_option(HASH(0x55beab832f98), "conntrack", "--ctorigdst ! \$SW_LAN_ADDRESS") called at /usr/share/shorewall/Shorewall/Chains.pm line 1266 > Shorewall::Chains::transform_rule("-p 6 --dport 53 -m conntrack --ctorigdstport 53 -m conntrack"..., SCALAR(0x55beaa73ec50)) called at /usr/share/shorewall/Shorewall/Chains.pm line 1570 > Shorewall::Chains::push_rule(HASH(0x55beab7f3ce0), "-p 6 --dport 53 -m conntrack --ctorigdstport 53 -m conntrack"...) called at /usr/share/shorewall/Shorewall/Chains.pm line 1746 > Shorewall::Chains::add_rule(HASH(0x55beab7f3ce0), "-p 6 --dport 53 -m conntrack --ctorigdstport 53 -m conntrack"..., 1) called at /usr/share/shorewall/Shorewall/Chains.pm line 8257 > Shorewall::Chains::expand_rule1(HASH(0x55beab7f3ce0), 4, "", "-p 6 --dport 53 -m conntrack --ctorigdstport 53 ", "::/0", "", "!&lan", "ACCEPT", ...) called at /usr/share/shorewall/Shorewall/Chains.pm line 8374 > Shorewall::Chains::expand_rule(HASH(0x55beab7f3ce0), 4, "", "-p 6 --dport 53 -m conntrack --ctorigdstport 53 ", "::/0", "", "!&lan", "ACCEPT", ...) called at /usr/share/shorewall/Shorewall/Rules.pm line 3344 > Shorewall::Rules::process_rule(undef, "", "", "REDIRECT", "", "lan", 53, "tcp", ...) called at /usr/share/shorewall/Shorewall/Rules.pm line 3816 > Shorewall::Rules::process_raw_rule1("REDIRECT", "lan", 53, "tcp,udp", 53, "-", "!&lan", "-", ...) called at /usr/share/shorewall/Shorewall/Rules.pm line 3885 > Shorewall::Rules::process_raw_rule() called at /usr/share/shorewall/Shorewall/Rules.pm line 3985 > Shorewall::Rules::process_rules() called at /usr/share/shorewall/Shorewall/Compiler.pm line 802 > Shorewall::Compiler::compiler("script", "", "directory", "", "verbosity", 1, "timestamp", 0, ...) called at /usr/share/shorewall/compiler.pl line 137
Creating the REDIRECT rules without using a macro produces the same result. Notably, my IPv4 installation of shorewall has no issue with the same rules.
Is there a difference in syntax between shorewall and shorewall6 for REDIRECT rules? I didn't see anything in the documentation specifying such.
shorewall6-trace.txt.gz
Description: GNU Zip compressed data
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
