On Sunday 10 June 2007 17:00, Tom Eastep wrote:
> Tom Eastep wrote:
> > Steven Jan Springl wrote:
> >> the following iptables rule is generated:
> >>
> >> -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m
> >> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> >>
> >> which produces the following messages:
> >>
> >> iptables-restore: line 341 failed
> >> ERROR: iptables-restore Failed. Input is
> >> in /var/lib/shorewall/.iptables-restore-input
> >> /sbin/shorewall: line 347: 12488 Terminated
> >> ${VARDIR}/.start $debugging start
> >
> > Hmmm -- that is a valid rule.
> >
> > [EMAIL PROTECTED]:~# iptables -N foo
> > [EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports 555,666 -i
> > br0
> > -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j
> > RETURN [EMAIL PROTECTED]:~#
>
> What happens if you pass the attached file to iptables-restore?
>
> Thanks,
> -Tom
Tom
That works.
If the following rules are removed from the original restore file:
-A FORWARD -j accounting
-A OUTPUT -j accounting
then then the restore works.
The presence of:
-A INPUT -j accounting
does not cause the restore to fail.
Steven.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
