Tom Eastep wrote:
> Tom Eastep wrote:
>> Tom Eastep wrote:
>>> Brian J. Murrell wrote:
>>>> The following tcrule:
>>>>
>>>> 128:P 10.75.22.1 pbx.foo.com udp 4569 4569
>>>>
>>>> produces the following error in Shorewall{,-lite} 3.4.2:
>>>>
>>>> iptables v1.3.3: multiport can only have one option
>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>> ERROR: Command "/usr/sbin/iptables -t mangle -A tcpre -s 10.75.22.1 -d
>>>> pbx.foo.com -p udp -m multiport --dports 4569 --sport 4569 -j MARK
>>>> --set-mark 128" Failed
>>>>
>>>> Is this a bug in shorewall or a limitation of of the multiport match on
>>>> openwrt? This rule, interestingly enough doesn't even need a multiport
>>>> match
>> In the tcrules file, shorewall 3.4 uses multiport match if it is
>> available. Unfortunately, in this case that is the wrong choice because
>> multiport match is braindead when it comes to matching both source and
>> destination ports.
>
> Brian,
>
> Please try the lib.tcrules found at
> http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.3/errata/Shorewall/lib.tcrules.I've tested that code this morning on a Shoreall 3.4.3 system and it seems to work okay. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
