> I have fixed that but my tree has advanced to the point that the patch > won't apply to Beta 3. > No worries - I liked the way it was, but I assume that would impact the performance (or not) of the optimiser, so I left it up to you whether to fix this.
>> 2. >> rules >> ~~~~~ >> INLINE $FW net ; -m mickey-mouse --name test2 >> >> produces >> >> -A fw2net -m mickey -mouse --name test2 >> >> Note the space between "mickey" and "-mouse" - I expected either "-A >> fw2net -m mickey-mouse --name test2" or an error if match names in >> iptables cannot have a dash (-) >> > > Patch attached. > Works as expected. > This is going to be surprisingly difficult. I'll need some time to > determine what (if anything) is possible. > If you can't find an easy solution to this, not to worry - I could always include the entire rule after ";" and leave the bare minimum (<src> and <dst>) on the left side of ";". I am not sure how this would impact the optimiser though. > I think that I'll leave this as it is. Shorewall understands --dport which > is why this works the way it does. > Yep, that's good. In the meantime I found a few more: 5. rules ~~~~~ INLINE:info $FW net ; -m mouse --name test2 produces "ERROR: Invalid column/value pair (-m)" 6. rules ~~~~~ INLINE $FW:10.1.1.1 net:+mickey-mouse ; ! -m mickey-mouse --name test2 produces -A fw2net -s 10.1.1.1 -m mickey-mouse ! --name test2 -m set --match-set mickey-mouse dst I presume the "!" will mess things up if I try other such combinations, so I am not fully testing this for the time being. One query: are parameters accepted in the bit after ";"? Something like "INLINE $FW net ; ! -m my-owner --owner $MY_UID -j DROP"? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
