Re: [Shorewall-devel] Shorewall 3.9.5

Sat, 05 May 2007 07:43:05 -0700 

Steven Jan Springl wrote:
> On Saturday 05 May 2007 15:18, Tom Eastep wrote:
>> Tom Eastep wrote:
>>> Steven Jan Springl wrote:
>>>> Tom
>>>>
>>>> Tos rule:
>>>>
>>>> lan  all  tcp  -  22  16
>>>>
>>>> compiles with shorewall-shell but produces the following error when
>>>> compiled with shorewall-perl:
>>>>
>>>> ERROR: Unknown Interface (lan): "lan               all             tcp     
>>>>         -       22      16" :
>>>> /etc/shorewall/tos ( line 9 )
>>>>
>>>>
>>>> Note, the following tos rule also produces the same error:
>>> Steven,
>>>
>>> This is expected -- see the Shorewall-perl documentation.
>> In particular, this item from the release notes:
>>
>>     h) The /etc/shorewall/tos file now has zone-independent SOURCE and
>>        DEST columns as do all other files except the rules and policy
>>        files.
>>
>>        The SOURCE column may be one of the following:
>>
>>            [all:]<address>[,...]
>>            [all:]<interface>[:<address>[,...]]
>>            $FW[:<address>[,...]]
>>
>>        The DEST column may be one of the following:
>>
>>            [all:]<address>[,...]
>>            [all:]<interface>[:<address>[,...]]
>>
>>        This is a permanent change. The old zone-based rules have never
>>        worked right and this is a good time to replace them. I've tried
>>        to make the new syntax cover the most common cases without
>>        requiring change to existing files. In particular, it will
>>        handle the tos file released with Shorewall 1.4 and earlier.
>>
>> -Tom
> Tom
> 
> Sorry, I have based most of the testing on the content of the man pages, only 
> going elsewhere when I have needed further clarification.
> 
> Changing the rule to:
> 
> eth0  all  tcp  -  22  16
> 
> generates the following iptables rule
> 
> -A OUTPUT -j outtos
> 
> which produces the following error:
> 
> iptables-restore v1.3.6: Couldn't load target 
> `outtos':/lib/iptables/libipt_outtos.so: cannot open shared object file: No 
> such file or directory

Fixed in 6249.

Thanks, Steven

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to