On Sunday 10 June 2007 18:57, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Sunday 10 June 2007 17:44, Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> On Sunday 10 June 2007 17:37, Tom Eastep wrote:
> >>>> How about:
> >>>>
> >>>> iptables -N foo
> >>>> iptables -A FORWARD -j foo
> >>>> iptables -A foo -p 17 -m multiport --dports 555,666 -i br0 -m physdev
> >>>> --physdev-in eth0 -o br0 -m physdev --physdev-out eth1 -j RETURN
> >>>
> >>> That works. It just produces the message:
> >>>
> >>> physdev match: using --physdev-out in the OUTPUT, FORWARD and
> >>> POSTROUTING chains for non-bridged traffic is not supported anymore.
> >>
> >> Ok -- then please try r6506 on your original test case. That revision
> >> creates a chain called 'accountout' for OUTPUT accounting rules.
> >>
> >> -Tom
> >
> > Tom
> >
> > I have just tried r6507 with the original test case. Shorewall now starts
> > successfully.
> >
> > The same 'accounting iptables' rule is generated. It is called from the
> > INPUT and FORWARD chains.
> > The 'accountout' is not generated.
>
> 'accountout' is only generated if there are rules with $FW in the SOURCE
> column.
>
> -Tom
Tom
The accounting file contains:
DONE - eth0 eth1 udp 555,666
DONE - - eth1 udp 777,888
DONE - eth0 br0 udp 555,666
DONE - - br0 udp 777,888
and the rules contains (amongst other rules):
ACCEPT fw lan udp 555,666,777,888
but 'accountout' is still not generated. What am I missing?
Steven.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
