On Wed, 2011-12-28 at 22:46 +0000, Steven Jan Springl wrote: > I have done some further testing of ':P' and ':F' and have found that: > > ':F' produces an iptables error if DEST is fw. > > ':P' produces an iptables error if DEST is fw. > > ':P' produces an iptables error if SOURCE is not fw.
Steven, This patch eliminates ':P' and complains if :F is used when the SOURCE or DEST is $FW. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 6bf0cc2..359bdc0 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -249,7 +249,7 @@ sub process_tc_rule( ) {
if ( $dest ) {
if ( $dest eq $fw ) {
- fatal_error 'A CLASSIFY rule may not have $FW as the DEST' if $classify;
+ fatal_error 'A CLASSIFY rule may not have $FW as the DEST' if $classid;
$chain = 'tcin';
$dest = '';
} else {
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
