Package: iptables Version: 1.3.6.0debian1-5 Severity: important
Using latest debian/lenny shorewall 4.0.13-1 perl iptables1.3.6.0debian1-5 works iptables1.4.1.1-3 fails on /var/lib/shorewall/.iptables-restore-input Line: -A zlcl12fw -p 6 --dport 3128 -m conntrack --ctorigdst ! 192.168.0.1 -j ACCEPT with iptables-restore v1.4.1.1: host/network `!' not found I'll also file this in shorewall Detail follows: >From shorewall-init.log: 11:20:50 Compiling... 11:20:50 Processing /etc/shorewall/params ... 11:20:51 Loading Modules... Shorewall has detected the following capabilities: Address Type Match: Available CLASSIFY Target: Available CONNMARK Target: Available Capability Version: 4.0.6 Comments: Available Connection Tracking Match: Available Connmark Match: Available Extended CONNMARK Target: Available Extended Connmark Match: Available Extended Mark Target: Available Extended Multi-port Match: Available Extended Reject: Available Hashlimit Match: Available IP Range Match: Available IPP2P Match: Not Available Ipset Match: Not Available MARK Target: Available Mangle FORWARD Chain: Available Multi-port Match: Available NAT: Available NFQUEUE Target: Available Owner Match: Available Packet Mangling: Available Packet Type Match: Available Packet length Match: Available Physdev Match: Available Physdev-is-bridged support: Available Policy Match: Available Raw Table: Available Recent Match: Available Repeat match: Available TCPMSS Match: Available 11:20:51 Compiling /etc/shorewall/zones... 11:20:51 Compiling /etc/shorewall/interfaces... 11:20:51 Interface "zwap1 ath2 detect nosmurfs,logmartians,routefilter,tcpflags,dhcp" Validated WARNING: Shorewall no longer uses broadcast addresses in rule generation when Address Type Match is available : /etc/shorewall/interfaces (line 13) 11:20:51 Interface "- br0 192.168.0.255,192.168.43.255 bridge,nosmurfs,logmartians,dhcp" Validated 11:20:51 Interface "inet1 eth1 detect blacklist,logmartians,norfc1918,nosmurfs,routefilter,tcpflags,arp_filter,routeback" Validated 11:20:51 Compiling /etc/shorewall/hosts... ... 11:20:51 Generating Rule Matrix... 11:20:51 Creating iptables-restore input... 11:20:51 Compiling iptables-restore input for chain blacklst... 11:20:51 Shorewall configuration compiled to /var/lib/shorewall/.restart 11:20:51 Processing /etc/shorewall/params ... 11:20:51 Restarting Shorewall.... 11:20:51 Initializing... 11:20:51 Loading Modules... 11:20:52 Processing /etc/shorewall/init ... 11:20:52 Setting up ARP filtering... 11:20:52 Setting up Route Filtering... 11:20:52 Setting up Martian Logging... 11:20:52 Setting up Accept Source Routing... 11:20:52 Setting up Proxy ARP... 11:20:53 Setting up Traffic Control... 11:20:53 Adding IP Addresses... 11:20:53 IP Address 64.4.171.82 added to interface eth1 with label eth1:1 11:20:53 Preparing iptables-restore input... 11:20:53 Running /sbin/iptables-restore... iptables-restore v1.4.1.1: host/network `!' not found Error occurred at line: 288 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input 11:20:53 Processing /etc/shorewall/stop ... 11:20:53 IP Forwarding Enabled 11:20:53 Processing /etc/shorewall/stopped ... Terminated >From /var/lib/shorewall/.iptables-restore-input -A smurfs -s 224.0.0.0/4 -j ULOG --ulog-prefix "Shorewall:smurfs:DROP:" -A smurfs -s 224.0.0.0/4 -j DROP -A tcpflags -p tcp --tcp-flags ALL FIN,URG,PSH -j logflags -A tcpflags -p tcp --tcp-flags ALL NONE -j logflags -A tcpflags -p tcp --tcp-flags SYN,RST SYN,RST -j logflags -A tcpflags -p tcp --tcp-flags SYN,FIN SYN,FIN -j logflags -A tcpflags -p tcp --syn --sport 0 -j logflags -A zlcl12fw -m state --state ESTABLISHED,RELATED -j ACCEPT -A zlcl12fw -p 6 --dport 3128 -m conntrack --ctorigdst ! 192.168.0.1 -j ACCEPT The last -A line above is 288, the line that failed. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages iptables depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libselinux1 2.0.65-5 SELinux shared libraries iptables recommends no packages. iptables suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
