Tom Eastep wrote:
> Tom Eastep wrote:
>> Brian J. Murrell wrote:
>>> The following tcrule:
>>>
>>> 128:P 10.75.22.1 pbx.foo.com udp 4569 4569
>>>
>>> produces the following error in Shorewall{,-lite} 3.4.2:
>>>
>>> iptables v1.3.3: multiport can only have one option
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> ERROR: Command "/usr/sbin/iptables -t mangle -A tcpre -s 10.75.22.1 -d
>>> pbx.foo.com -p udp -m multiport --dports 4569 --sport 4569 -j MARK
>>> --set-mark 128" Failed
>>>
>>> Is this a bug in shorewall or a limitation of of the multiport match on
>>> openwrt? This rule, interestingly enough doesn't even need a multiport
>>> match
>
> In the tcrules file, shorewall 3.4 uses multiport match if it is
> available. Unfortunately, in this case that is the wrong choice because
> multiport match is braindead when it comes to matching both source and
> destination ports.Brian, Please try the lib.tcrules found at http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.3/errata/Shorewall/lib.tcrules. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
