Keith Edmunds wrote: > Shorewall 4.0.15 (Debian Lenny) > > I'm trying to drop all packets from any IP address not listed in a specific > ipset. http://oss.org.cn/man/network/shorewall-docs-html-3.0.8/ipsets.html > says, "To generate a negative match, prefix the "+" with "!" as in > "!+Mirrors"." > > My rule: > > DROP net:!+kaelist $FW tcp 222 > > When restarting Shorewall, I get: > > ERROR: Unknown interface !+kaelist in rule: "DROP net:!+kaelist fw tcp > 222 " > > Is what I'm doing possible and, if so, what's the syntax needed?
It doesn't work in 4.0.15. There is a Lenny repository for Shorewall 4.4; check the Shorewall Download page (http://www.shorewall.net/download.htm). Also be sure to check http://www.shorewall.net/LennyToSqueeze.html for 4.0->4.4 upgrade advice. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
