Andrew Suffield wrote: > > This was a promising idea but ran into a couple of problems. My first > effort got me this: > > Validating hosts file... > ERROR: BRIDGING=Yes is needed for this zone definition: bario > eth0.102:+barionets > > I'm not really sure why that happened, but I guess shorewall thinks > this is a bridge port rather than an ipset?
It's a bug. The attached patch to /usr/share/shorewall/functions corrects the problem. > > I backed off from using a zone, and did all the work in the rules > file, which avoided the problem. However, I then discovered this: > > [EMAIL PROTECTED]:~/shorewall/sado$ grep home firewall > progress_message2 "Processing /home/asuffield/shorewall/sado/stop ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/stopped ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/params ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/init ..." > ipset -R < /home/asuffield/shorewall/sado/ipsets > progress_message2 "Processing /home/asuffield/shorewall/sado/continue ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/initdone ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/start ..." > progress_message2 "Processing /home/asuffield/shorewall/sado/started ..." > > That would work fine if I was using shorewall directly, but I don't > think it'll work very well with shorewall-lite. Presumably the > contents of the ipsets file should be copied into the firewall script > instead. If you want that behavior, then you will have to copy the contents of the ipsets file into your init script as in: ipset -R << _EOF_ <contents of ipsets> _EOF_ -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: functions
===================================================================
--- functions (revision 4877)
+++ functions (working copy)
@@ -797,7 +797,7 @@
case $host in
*.*.*)
;;
- *+)
+ +*)
eval ${z}_is_complex=Yes
;;
*)
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
