On Sunday 10 June 2007 17:44, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Sunday 10 June 2007 17:37, Tom Eastep wrote: > >> How about: > >> > >> iptables -N foo > >> iptables -A FORWARD -j foo > >> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev > >> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN > > > > That works. It just produces the message: > > > > physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING > > chains for non-bridged traffic is not supported anymore. > > Ok -- then please try r6506 on your original test case. That revision > creates a chain called 'accountout' for OUTPUT accounting rules. > > -Tom Tom
I have just tried r6507 with the original test case. Shorewall now starts successfully. The same 'accounting iptables' rule is generated. It is called from the INPUT and FORWARD chains. The 'accountout' is not generated. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
