Steven Jan Springl wrote: > Tom > > 'shorewall add' command with an invalid IP address: > > shorewall add eth0:192.168.1.555 lan > > produces the following messages: > > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > iptables v1.3.8: host/network `192.168.1.555' not found > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Can't add eth0:192.168.1.555 to zone lan > > but still adds 'eth0:192.168.1.555' to /var/lib/shorewall/zones:
Steven, That's day-one behavior for the 'add' command and I don't intend to change it. I consider the current dynamic zones implementation to be a stop-gap measure until ipsets are in the standard distributions. Although the bogus entry gets added to /var/lib/shorewall/zones, a corresponding 'delete' command will remove it again (while generating many more iptables errors). Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
