On Saturday 19 May 2007 15:49, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Saturday 19 May 2007 15:33, Tom Eastep wrote: > >> Tom Eastep wrote: > >>> Steven Jan Springl wrote: > >>>> Tom > >>>> > >>>> Having never used IPSEC, I don't know if this is a bug or I'm missing > >>>> something. > >>>> > >>>> Masq file entry: > >>>> > >>>> eth0 192.168.0.0/16 - - - strict,next > >>>> > >>>> produces error: > >>>> > >>>> iptables-restore v1.3.6: policy match: empty policy element > >>>> > >>>> Coding 'strict,next' in the zones file works. > >>> > >>> 'strict' and 'next' are only applicable when multiple policies are > >>> strung together. I'll investigate what is going on in the zones file > >>> since "strict,next" shouldn't work there either. > >> > >> Did you just use "strict,next" and nothing else in the zones file? That > >> shouldn't work either according to the rules generated. > >> > >> -Tom > > > > Tom > > > > My zones file is attached. > > Are the zones non-empty? > > -Tom Tom
wan has an entry in the interfaces file, but vpn does not, and is reported as empty at shorewall startup. Steven ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
