Tom Eastep wrote:
> Brian J. Murrell wrote:
>> The following tcrule:
>>
>> 128:P 10.75.22.1 pbx.foo.com udp 4569 4569
>>
>> produces the following error in Shorewall{,-lite} 3.4.2:
>>
>> iptables v1.3.3: multiport can only have one option
>> Try `iptables -h' or 'iptables --help' for more information.
>> ERROR: Command "/usr/sbin/iptables -t mangle -A tcpre -s 10.75.22.1 -d
>> pbx.foo.com -p udp -m multiport --dports 4569 --sport 4569 -j MARK
>> --set-mark 128" Failed
>>
>> Is this a bug in shorewall or a limitation of of the multiport match on
>> openwrt? This rule, interestingly enough doesn't even need a multiport
>> matchIn the tcrules file, shorewall 3.4 uses multiport match if it is available. Unfortunately, in this case that is the wrong choice because multiport match is braindead when it comes to matching both source and destination ports. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
