Hi Tom,
I was lurking for a long time here and finally decided to jump into the perl
testing (mostly due to the slow shell compilation).
I upgraded my 3.4.1 to 3.9.4 and run shorewall check on my current settings.
I got a few errors:
Checking /etc/shorewall/blacklist...
ERROR: ipset names in Shorewall configuration files requires Ipset Match in
your kernel and iptables : /etc/shorewall/blacklist ( line 62 )
My capabilities list:
[EMAIL PROTECTED]/etc/shorewall]# shorewall show capabilities
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
and:
Checking /etc/shorewall/tcrules...
ERROR: Invalid Numeric Value : /etc/shorewall/tcrules ( line 11 )
Commenting out line 11 I got the following error:
Checking /etc/shorewall/tcrules...
Use of uninitialized value in concatenation (.) or string at
/usr/share/shorewall-perl/Shorewall/Config.pm line 683, <$currentfile> line 12.
ERROR: PROTO = ipp2p requires in your kernel and iptables :
/etc/shorewall/tcrules ( line 12 )
Commenting out line 12 I got the following error:
Checking /etc/shorewall/tcrules...
ERROR: Invalid MARK (512:P) : /etc/shorewall/tcrules ( line 29 )
I have HIGH_ROUTE_MARKS=Yes in shorewall.conf
I bit the bullet and get the latest repository (6152). It failed to install the
manpages but I wasn't upset about that one :)
I got the exact same errors with that version too.
Here is the tcrules file:
#
# Shorewall version 3.2 - Tcrules File
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
# For usage in selecting among multiple ISPs, see
# http://shorewall.net/MultiISP.html
###############################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER TEST
LENGTH TOS
# PORT(S) PORT(S)
RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0
CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0
6 0.0.0.0/0 0.0.0.0/0 ipp2p:all
SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0
1 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
2 0.0.0.0/0 0.0.0.0/0 tcp 22
2 0.0.0.0/0 0.0.0.0/0 tcp - 22
3 0.0.0.0/0 0.0.0.0/0 tcp smtp,pop3
3 0.0.0.0/0 0.0.0.0/0 tcp - smtp,pop3
5 0.0.0.0/0 0.0.0.0/0 udp 6881:6901
5 0.0.0.0/0 0.0.0.0/0 udp - 6881:6901
5 0.0.0.0/0 0.0.0.0/0 tcp 6881:6901
5 0.0.0.0/0 0.0.0.0/0 tcp - 6881:6901
512:P 192.168.2.169/32 0.0.0.0/0 all - -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
The given file set compiles with the shell compiler just fine.
Do I miss some settings in the shorewall.conf file to resolve those errors?
Thanks,
Andras
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
