Hello, I am planning to upgrade to shorewall-perl for the next major release of our software. At the mement, I have to use shorewall 3.4.4. I have several installs with shorewall 3.4.4 and I need to give a fix for these installs.
Thanks, Hebbar. > Srinivasa Hebbar wrote: > > Hello, > > > > I am using shorewall 3.4.4 > > > > When I specify an interface name in the rules file, I expected the > > interface name is given to "-i" option of iptable for all the IP > > addresses. But, I am seeing different results. > > > > Example1: > > ACCEPT loc:net0:192.168.3.1,192.168.3.2 net > > tcp 80 -The above rule gernerated the following code: > > run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j > > ACCEPT run_iptables -A loc2net -p tcp -s 192.168.3.2 --dport 80 -j ACCEPT > > progress_message " Rule \"ACCEPT loc:net0:192.168.3.1,192.168.3.2 net > > tcp 80 \" added." > > > > Example2: > > ACCEPT loc:net0:192.168.3.1,net0:192.168.3.2 > > net tcp 80 -The above rule gernerated the following code: > > run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.1 --dport 80 -j > > ACCEPT run_iptables -A loc2net -p tcp -i net0 -s 192.168.3.2 --dport 80 > > -j ACCEPT progress_message " Rule \"ACCEPT > > loc:net0:192.168.3.1,net0:192.168.3.2 net tcp 80 \" added." > > > > Is it required to prepend interface name for every comma seperated IP > > address within the rule? > > > > Note: In the above example, the interface name is "net0" > > loc = Local zone > > net = Wan zone. > > Looks like another bug in Shorewall-shell. > > Have you considered upgrading to 4.0.7 and switching to Shorewall-perl? > My main reason for creating Shorewall-perl was because Shorewall-shell > is buggy and the bugs are hard to fix without breaking something else. > > Neither of the defects you have reported this week are present in > Shorewall-perl. > > -Tom ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
