Tom
I have been testing Shorewall-perl with ipsets and have come across a couple
of problems.
The ipsets documentation states that negative matches are allowed, however,
Shorewall only allows this in the hosts file.
Message:
ERROR: Invalid ipset name (!+sjsset) .......
is produced If any of the following negative matches are specified:
accounting file
sjsx - !+sjsset[2] !+sjsset2[dst,dst] udp 53
blacklist file
!+sjsset -
maclist
ACCEPT br0 11:22:33:44:55:66 !+sjsset
rules
ACCEPT lan:!+sjsset[2] brd:!+sjsset2[5] tcp 22
tcrules
32:CT !+sjsset[1] !+sjsset2[4] tcp
tos
!+sjsset[2] !+sjsset2[3] all - - 8
tunnels
ipsec:noah wan !+sjsset[4] lan,wan
###############################
If the following hosts file configuration is specified:
loo br0:+sjsset[2] maclist
produces the following message:
ERROR: Invalid ipset name (+sjsset[2]) ......
Note: an ipset of the above format is allowed in all other config files.
Steven.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
