Re: [Shorewall-devel] Shorewall 4.0.0 Beta 4

Sun, 10 Jun 2007 09:12:04 -0700 

Steven Jan Springl wrote:
> On Sunday 10 June 2007 17:00, Tom Eastep wrote:
>> Tom Eastep wrote:
>>> Steven Jan Springl wrote:
>>>> the following iptables rule is generated:
>>>>
>>>> -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m
>>>> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
>>>>
>>>> which produces the following messages:
>>>>
>>>> iptables-restore: line 341 failed
>>>>    ERROR: iptables-restore Failed. Input is
>>>> in /var/lib/shorewall/.iptables-restore-input
>>>> /sbin/shorewall: line 347: 12488 Terminated             
>>>> ${VARDIR}/.start $debugging start
>>> Hmmm -- that is a valid rule.
>>>
>>> [EMAIL PROTECTED]:~# iptables -N foo
>>> [EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports 555,666 -i 
>>> br0
>>> -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j
>>> RETURN [EMAIL PROTECTED]:~#
>> What happens if you pass the attached file to iptables-restore?
>>
>> Thanks,
>> -Tom
> 
> Tom
> 
> That works.
> 
> If the following rules are removed from the original restore file:
> 
>       -A FORWARD -j accounting
>       -A OUTPUT -j accounting
> 
> then then the restore works.
> 
> The presence of:
> 
>       -A INPUT -j accounting
> 
> does not cause the restore to fail.

After "shorewall clear", please try this:

iptables -N foo
iptables -A OUTPUT -j foo
iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev
--physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN

Thanks,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to