On 9/11/10 12:18 PM, Steven Jan Springl wrote: > On Friday 10 September 2010 18:45:24 Tom Eastep wrote: >> Beta 4 is now available for testing. >> >> Problems Corrected: >> >> None. >> >> New Features: >> >> 1) Shorewall now supports the SECMARK and CONNSECMARK targets for >> manipulating the SELinux context of packets. >> >> See the shorewall-secmarks and shorewall6-secmarks manpages for >> details. >> >> As part of this change, the tcrules file now accepts chain >> designators 'I' and 'CI' for marking packets in the input chain. >> > > Tom > > I am having problems using the new designators 'I' and 'CI'. > > If I code tcrules entry: > > 25:CI 192.168.2.0/24 fw > > I get the following message: > > ERROR: Invalid MARK (25:CI) : /etc/shorewall2/tcrules (line 21) > > Am I doing something wrong or is this a bug?
It's a documentation issue. I removed the 'I' chain designator; all you need is $FW in the DEST column. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
