> > I use inline modu, > > But I find that pf 3.01 can't delete rule in mangle tables when users > timeout. > > I use fun:iptables_do_command(),error info: > > DEBUG: [Function] init() libiptc handle (returning singleton object) > (IPTables::Interface::new) > Oct 24 16:30:39 pfmon(1) DEBUG: removing mark 0x1 on node 00:0c:29:a4:86:3d > (pf::iptables::iptables_unmark_node) > Oct 24 16:30:39 pfmon(1) DEBUG: [Function] iptables_do_command(-D > prerouting-int-inline-if --match mac --mac-source 00:0c:29:a4:86:3d --jump > MARK --set-mark 0x1) (IPTables::Interface::iptables_do_command) > Oct 24 16:30:39 pfmon(1) WARN: [Function] iptables_do_command(-D > prerouting-int-inline-if --match mac --mac-source 00:0c:29:a4:86:3d --jump > MARK --set-mark 0x1): No chain/target/match by that name > (IPTables::Interface::record_info) > Oct 24 16:30:39 pfmon(1) ERROR: Unable to unmark mac 00:0c:29:a4:86:3d: No > chain/target/match by that name (pf::iptables::iptables_unmark_node) >
Are you sure you iptables is properly populated on startup? Have you confirmed if it's the -j MARK that fails (missing kernel module?) or the chain that doesn't exist? What's the output of # iptables -t mangle -L -nv -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
