Hi,
I have the following problem while activating this rule entry using
shorewall-shell:
ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535
1024:65535
"-m iprange" in front of "--dst-range" is missing in the activation command.
The logging entry (above) is set correct.
Below is the debug output.
Thanks
Regards
Günter
+ case $level in
+ /usr/sbin/iptables -A WAN2INT -p udp --sport 1024:65535 -s 139.x.x.226 -m
iprange --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j LOG
--log-level notice --log-prefix 'Shorewall:WAN2INT:ACCEPT:rul '
+ '[' 0 -ne 0 ']'
+ run_iptables -A WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range
139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT
+ '[' -n '' ']'
+ /usr/sbin/iptables -A WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535
--dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT
iptables v1.3.5: Unknown arg `--dst-range'
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 2 -ne 0 ']'
+ error_message 'ERROR: Command "/usr/sbin/iptables -A' WAN2INT -p udp -s
139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport
1024:65535 -j 'ACCEPT" Failed'
+ echo ' ERROR: Command "/usr/sbin/iptables -A' WAN2INT -p udp -s 139.x.x.226
--sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j
'ACCEPT" Failed'
ERROR: Command "/usr/sbin/iptables -A WAN2INT -p udp -s 139.x.x.226 --sport
1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT"
Failed
+ stop_firewall
+ case $COMMAND in
+ set +x
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
