Re: [Shorewall-users] Shorewall 4.4.13 Beta 6

Fri, 17 Sep 2010 17:14:59 -0700 

On 9/17/10 4:41 PM, Tom Eastep wrote:
> On 9/17/10 4:35 PM, Steven Jan Springl wrote:
>> Tom
>>
>> When routestopped contains:
>>
>> eth3  192.168.0.0/29,10.1.1.1  notrack
>>
>> After 'shorewall start' and 'shorewall clear' commands have been executed,
>> iptables-save shows the following rules are still active:
>>
>> raw
>> :PREROUTING ACCEPT [0:0]
>> :OUTPUT ACCEPT [0:0]
>> -A PREROUTING -s 192.168.0.0/29 -i br1 -m physdev --physdev-in eth3 -j 
>> NOTRACK 
>> -A PREROUTING -s 10.1.1.1/32 -i br1 -m physdev --physdev-in eth3 -j NOTRACK 
>> -A OUTPUT -d 192.168.0.0/29 -o br1 -m physdev --physdev-out 
>> eth3 --physdev-is-bridged -j NOTRACK 
>> -A OUTPUT -d 10.1.1.1/32 -o br1 -m physdev --physdev-out 
>> eth3 --physdev-is-bridged -j NOTRACK 
>> COMMIT
>>
>> Is this correct?
> 
> No.
> 
> I'll work on a fix...
> 

This should fix it.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header
index b00bbbf..3d85d6b 100644
--- a/Shorewall/Perl/prog.header
+++ b/Shorewall/Perl/prog.header
@@ -614,6 +614,7 @@ clear_firewall() {
     setpolicy OUTPUT ACCEPT
 
     run_iptables -F
+    qt $IPTABLES -t raw -F
 
     echo 1 > /proc/sys/net/ipv4/ip_forward
 
diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6
index 1931f24..979a6ad 100644
--- a/Shorewall/Perl/prog.header6
+++ b/Shorewall/Perl/prog.header6
@@ -584,6 +584,7 @@ clear_firewall() {
     setpolicy OUTPUT ACCEPT
 
     run_iptables -F
+    qt $IP6TABLES -t raw -F
 
     echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to