Tom Shorewall rule:
ACCEPT lan:!192.168.20.1 fw tcp 999 generates iptables rule: -A lan2fw -p 6 --dport 999 -s ! 192.168.20.1 -j ACCEPT with iptables 1.4.3.1 the following information message is produced: Using intrapositioned negation (`--option ! this`) is deprecated in favour of extrapositioned (`! --option this`). Note: This does not cause shorewall start to fail. Changing the iptables rule to: -A lan2fw -p 6 --dport 999 ! -s 192.168.20.1 -j ACCEPT resolves the issue. The message is also produced when exclusion is used in the DEST or ORIGINAL DEST columns. The new rule format works with iptables 1.3.6. (debian etch). I don't have anything older than this to try it on. The same message is produced with shorewall6 when exclusion is used. Note: there is a bug in iptables-save and ip6tables-save 1.4.3.1, rules are saved in the deprecated format. The netfilter team have released a patch for this. Steven. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
