Steven Jan Springl wrote:
> On Sunday 10 June 2007 17:11, Tom Eastep wrote:
>> Steven Jan Springl wrote:
>>> On Sunday 10 June 2007 17:00, Tom Eastep wrote:
>>>> Tom Eastep wrote:
>>>>> Steven Jan Springl wrote:
>>>>>> the following iptables rule is generated:
>>>>>>
>>>>>> -A accounting -p 17 -m multiport --dports 555,666 -i br0 -m
>>>>>> physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j
>>>>>> RETURN
>>>>>>
>>>>>> which produces the following messages:
>>>>>>
>>>>>> iptables-restore: line 341 failed
>>>>>> ERROR: iptables-restore Failed. Input is
>>>>>> in /var/lib/shorewall/.iptables-restore-input
>>>>>> /sbin/shorewall: line 347: 12488 Terminated
>>>>>> ${VARDIR}/.start $debugging start
>>>>> Hmmm -- that is a valid rule.
>>>>>
>>>>> [EMAIL PROTECTED]:~# iptables -N foo
>>>>> [EMAIL PROTECTED]:~# iptables -A foo -p 17 -m multiport --dports 555,666
>>>>> -i
>>>>> br0 -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1
>>>>> -j RETURN [EMAIL PROTECTED]:~#
>>>> What happens if you pass the attached file to iptables-restore?
>>>>
>>>> Thanks,
>>>> -Tom
>>> Tom
>>>
>>> That works.
>>>
>>> If the following rules are removed from the original restore file:
>>>
>>> -A FORWARD -j accounting
>>> -A OUTPUT -j accounting
>>>
>>> then then the restore works.
>>>
>>> The presence of:
>>>
>>> -A INPUT -j accounting
>>>
>>> does not cause the restore to fail.
>> After "shorewall clear", please try this:
>>
>> iptables -N foo
>> iptables -A OUTPUT -j foo
>> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev
>> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
>>
>> Thanks,
>> -Tom
>
> Tom
> It produces the following messages:
>
> physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING
> chains for non-bridged traffic is not supported anymore.
>
> iptables: Invalid argumentHow about: iptables -N foo iptables -A FORWARD -j foo iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
