Re: [Shorewall-devel] Shorewall 4.0.0 Beta 4

Sun, 10 Jun 2007 08:59:49 -0700 

On Sunday 10 June 2007 16:55, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom.
> >
> > When the accounting file contains:
> >
> >     DONE  -  eth0  eth1  udp  555,666
> >
> > (both eth0 and eth1 are ports on bridge br0)
> >
> > the following iptables rule is generated:
> >
> > -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m
> > physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> >
> > which produces the following messages:
> >
> > iptables-restore: line 341 failed
> >    ERROR: iptables-restore Failed. Input is
> > in /var/lib/shorewall/.iptables-restore-input
> > /sbin/shorewall: line 347: 12488 Terminated              ${VARDIR}/.start
> > $debugging start
>
> Hmmm -- that is a valid rule.
>
> [EMAIL PROTECTED]:~# iptables -N foo
> [EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports 555,666 -i 
> br0
> -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> [EMAIL PROTECTED]:~#
>
> "shorewall show capabilities" indicates that you have 'Repeat match'
> support?
>
> > Additionally the following message is also produced:
> >
> > physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
> > chains for non-bridged traffic is not supported anymore.
> >
> > Note: this last message is produced for every iptables rule that contains
> > a --physdev-out parameter, but iptables-restore normally works.
>
> I can't do anything about that. The Netfilter developers added that noise
> to alert people that physdev doesn't work the way it used to.
>
> -Tom
Tom

Repeat match support is available. 

I am using kernel 2.6.21.4 and iptables 1.3.7.

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to