On Thu, 2007-03-22 at 15:14 -0700, Tom Eastep wrote: > On Thu, 2007-03-22 at 19:08 -0300, Bruce S. Skinner wrote: > > > > > To get a successful IKE on port 4500 I replaced the above snippet > > with: > > > > if [ $kind = ipsec ]; then > > run_iptables -A $outchain -p udp $(dest_ip_range $1) --dport 500 > > $options > > run_iptables -A $inchain -p udp $(source_ip_range $1) --dport 500 > > $options > > else > > run_iptables -A $outchain -p udp $(source_ip_range $1) --dport 500 > > $options > > run_iptables -A $outchain -p udp $(source_ip_range $1) --dport 4500 > > $options > > The above rule should read: > > run_iptables -A $outchain -p udp $(dest_ip_range $1) --dport 4500 > $options > > > run_iptables -A $inchain -p udp $(source_ip_range $1) --dport 500 > > $options > > run_iptables -A $inchain -p udp $(source_ip_range $1) --dport 4500 > > $options > > fi > > > > Is this reasonable or am I way out in left field? > > Except for the incorrect range selection, it looks correct.
I've also uploaded fixes for this problem for Shorewall 3.2 and 3.4. Thanks again, Bruce -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
