On Saturday 19 May 2007 15:58, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Saturday 19 May 2007 15:49, Tom Eastep wrote: > >> Steven Jan Springl wrote: > >>> On Saturday 19 May 2007 15:33, Tom Eastep wrote: > >>>> Tom Eastep wrote: > >>>>> Steven Jan Springl wrote: > >>>>>> Tom > >>>>>> > >>>>>> Having never used IPSEC, I don't know if this is a bug or I'm > >>>>>> missing something. > >>>>>> > >>>>>> Masq file entry: > >>>>>> > >>>>>> eth0 192.168.0.0/16 - - - strict,next > >>>>>> > >>>>>> produces error: > >>>>>> > >>>>>> iptables-restore v1.3.6: policy match: empty policy element > >>>>>> > >>>>>> Coding 'strict,next' in the zones file works. > >>>>> > >>>>> 'strict' and 'next' are only applicable when multiple policies are > >>>>> strung together. I'll investigate what is going on in the zones file > >>>>> since "strict,next" shouldn't work there either. > >>>> > >>>> Did you just use "strict,next" and nothing else in the zones file? > >>>> That shouldn't work either according to the rules generated. > >>>> > >>>> -Tom > >>> > >>> Tom > >>> > >>> My zones file is attached. > >> > >> Are the zones non-empty? > >> > >> -Tom > > > > Tom > > > > wan has an entry in the interfaces file, but vpn does not, and is > > reported as empty at shorewall startup. > > Then I don't understand why it worked. Please send me the generated > firewall script > > Thanks, > -Tom
Tom Sorry, I have messed around with the zones file since reporting the problem. The only zone entry that works with "strict,next" is one that is empty (vpn). Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
