Re: [Shorewall-devel] Shorewall 4.0.0 Beta 4

Sun, 10 Jun 2007 08:55:22 -0700 

Steven Jan Springl wrote:
> Tom.
> 
> When the accounting file contains:
> 
>       DONE  -  eth0  eth1  udp  555,666 
> 
> (both eth0 and eth1 are ports on bridge br0)
> 
> the following iptables rule is generated:
> 
> -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m 
> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> 
> which produces the following messages:
> 
> iptables-restore: line 341 failed
>    ERROR: iptables-restore Failed. Input is 
> in /var/lib/shorewall/.iptables-restore-input
> /sbin/shorewall: line 347: 12488 Terminated              ${VARDIR}/.start 
> $debugging start

Hmmm -- that is a valid rule.

[EMAIL PROTECTED]:~# iptables -N foo
[EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 
-m
physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
[EMAIL PROTECTED]:~#

"shorewall show capabilities" indicates that you have 'Repeat match' support?

> 
> Additionally the following message is also produced:
> 
> physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING 
> chains for non-bridged traffic is not supported anymore.
> 
> Note: this last message is produced for every iptables rule that contains 
> a --physdev-out parameter, but iptables-restore normally works.

I can't do anything about that. The Netfilter developers added that noise to
alert people that physdev doesn't work the way it used to.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to