Steven Jan Springl wrote: > Tom > > I have been testing IPMARK in environment: > > kernel 2.6.29 > iptables 1.4.3.2 > xtables-addons 1.13 > > Iptables allows mask1 and mask2 to be in the range -4294967295 to 4294967295 > or -0XFFFFFFFF to 0XFFFFFFFF. If a value is entered that is outside this > range, Shorewall allows it but iptables-restore produces the following > message: > > iptables-restore v1.4.3.2: IPMARK: Bad value for "and-mask" > option: "-4294967296" > > Additionally if the value is in hex and is greater than 0XFFFFFFFF the > following shorewall messages are produced: > > Integer overflow in hexadecimal number > at /usr/share/shorewall/Shorewall/Config.pm line 738, <$currentfile> line 45. > Hexadecimal number > 0xffffffff non-portable > at /usr/share/shorewall/Shorewall/Config.pm line 738, <$currentfile> line 45. > > Similarly iptables allows the value of shift to be in the range 0 to 128 or 0 > to 0x80. If a value outside this range is entered, shorewall allows it but > iptables-restore produces the following message: > > iptables-restore v1.4.3.2: IPMARK: Bad value for "--shift" option: "154" > > ------------------------------------------------------------------------------------------------------------ > > Issuing 'shorewall6 show -f capabilities' gives: > > CAPVERSION=40205 > > Creating a capabilities file, then issuing "shorewall6 check" produces the > following message: > > WARNING: Your capabilities file is out of date -- it does not contain all of > the capabilities defined by Shorewall6 version 4.3.9 > > Manually changing CAPVERSION to 40309 in the capabilities file stops the > message being produced. > > Using IPMARK in /etc/shorewall6/tcrules produces the following message: > > ERROR: IPMARK requires IPMARK Target in your kernel and > iptables : /etc/shorewall6/tcrules (line 22) > > I don't know if this a Shorewall6 issue or there is a problem with my setup. > > ------------------------------------------------------------------------------------------------------------------ > > There is a minor typo in the release notes on the following line: > > Destination IP address is 192.168.4.3 = 0xc0a80103 > > The IP address doesn't tie up with the hex value.
Thanks, Steven. I believe that all issues are corrected in Git commit 34791612b537b90ceb76edf31fce2f299e687bee. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
