Steven Jan Springl wrote: > On Sunday 10 June 2007 17:44, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> On Sunday 10 June 2007 17:37, Tom Eastep wrote: >>>> How about: >>>> >>>> iptables -N foo >>>> iptables -A FORWARD -j foo >>>> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev >>>> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN >>> That works. It just produces the message: >>> >>> physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING >>> chains for non-bridged traffic is not supported anymore. >> Ok -- then please try r6506 on your original test case. That revision >> creates a chain called 'accountout' for OUTPUT accounting rules. >> >> -Tom > Tom > > I have just tried r6507 with the original test case. Shorewall now starts > successfully. > > The same 'accounting iptables' rule is generated. It is called from the INPUT > and FORWARD chains. > The 'accountout' is not generated.
'accountout' is only generated if there are rules with $FW in the SOURCE column. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
