On Monday 24 Sep 2012 01:23:59 Tom Eastep wrote: > On 9/23/12 3:05 PM, "Steven Jan Springl" <[email protected]> wrote: > >When the following entry is placed in the tcrules file: > > > >TTL(+0):P ppp0 eth0 > > > >the following iptables rule is generated: > > > >-A tcpre -d 192.168.0.0/24 -i ppp0 -j TTL --ttl-inc 0 > > > >which produces the following error message: > > > >iptables v1.4.15: TTL: bad value for option "--ttl-inc", or out of range > >(1-255). > > > >Note the same error occurs if 'TTL(-0):P' is specified. > > Steven, > > This patch correct the problem and a similar problem with HL() in > Shorewall6. > > Thanks, > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice.
Tom I can confirm the patch does correct the issue, however the following tcrules file entries produce the same error: TTL(+00):P ppp0 eth0 TTL(-00):P ppp0 eth0 Additionally the following tcrules file entry is rejected by Shorewall: TTL(0):P ppp0 eth0 But the following entry is allowed by Shorewall and does not produce an iptables-restore error: TTL(00):P ppp0 eth0 Steven. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
