Tom
I have been testing IPMARK in environment:
kernel 2.6.29
iptables 1.4.3.2
xtables-addons 1.13
Iptables allows mask1 and mask2 to be in the range -4294967295 to 4294967295
or -0XFFFFFFFF to 0XFFFFFFFF. If a value is entered that is outside this
range, Shorewall allows it but iptables-restore produces the following
message:
iptables-restore v1.4.3.2: IPMARK: Bad value for "and-mask"
option: "-4294967296"
Additionally if the value is in hex and is greater than 0XFFFFFFFF the
following shorewall messages are produced:
Integer overflow in hexadecimal number
at /usr/share/shorewall/Shorewall/Config.pm line 738, <$currentfile> line 45.
Hexadecimal number > 0xffffffff non-portable
at /usr/share/shorewall/Shorewall/Config.pm line 738, <$currentfile> line 45.
Similarly iptables allows the value of shift to be in the range 0 to 128 or 0
to 0x80. If a value outside this range is entered, shorewall allows it but
iptables-restore produces the following message:
iptables-restore v1.4.3.2: IPMARK: Bad value for "--shift" option: "154"
------------------------------------------------------------------------------------------------------------
Issuing 'shorewall6 show -f capabilities' gives:
CAPVERSION=40205
Creating a capabilities file, then issuing "shorewall6 check" produces the
following message:
WARNING: Your capabilities file is out of date -- it does not contain all of
the capabilities defined by Shorewall6 version 4.3.9
Manually changing CAPVERSION to 40309 in the capabilities file stops the
message being produced.
Using IPMARK in /etc/shorewall6/tcrules produces the following message:
ERROR: IPMARK requires IPMARK Target in your kernel and
iptables : /etc/shorewall6/tcrules (line 22)
I don't know if this a Shorewall6 issue or there is a problem with my setup.
------------------------------------------------------------------------------------------------------------------
There is a minor typo in the release notes on the following line:
Destination IP address is 192.168.4.3 = 0xc0a80103
The IP address doesn't tie up with the hex value.
Steven.
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
