$ rpm -q shorewall6
shorewall6-5.1.10.2-1.fc27.noarch
I have a rule to detect if my IPSEC VPN is down:
?COMMENT vpn down
REJECT(no-route):notice:VPNdown any any {
mark=$NO_GRP_XLATE/$NO_GRP_XLATE }
This produces a warning when I do a shorewall6 reload:
WARNING: Log Prefix shortened to "Shorewall:VPNdown:REJECT(no- "
/etc/shorewall6/rules (line 108)
However, with this rule (notice the additional comma) I get no warning:
?COMMENT vpn down
REJECT(no-route):notice:VPN,down any any {
mark=$NO_GRP_XLATE/$NO_GRP_XLATE }
Is this the intended behavior?
Ah, I just checked on:
$ rpm -q shorewall6
shorewall6-5.2.3.5-1.fc32.noarch
There is no warning with or without the additional comma. I'm sending this as
documentation
in case someone finds it useful.
Bill
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
