On 6/30/10 11:22 PM, Trent O'Callaghan wrote: > I have tested blacklist for the first time and have found a error with > my configuration or a bug. > > > Following http://www.shorewall.net/FAQ.htm#faq84 I place a blacklist > entry against my external interface but Shorewall check gives: > > Checking /etc/shorewall/blacklist... > > WARNING: The entries in /etc/shorewall/blacklist have been ignored > because there are no 'blacklist' interfaces : /etc/shorewall/blacklist > (line 15) > > Now where my configuration is different to most is my external interface > is a bonded pair eth2 & eth5 so I tested adding eth2 blackest entry to > interfaces and the warning disappeared. > > Should I ignore the warning or should I put in interface entries for all > interfaces that make up the bonded interface?
If you have 'blacklist' specified on any interface in /etc/shorewall/interfaces, you should not receive that warning message. So I would like you to: a) shorewall show -f capabilities > /etc/shorewall/caps b) tar -czf shorewall.tgz /etc/shorewall c) Send me the shorewall.tgz archive. Be that as it may, you should not be describing eth2 and eth5 to Shorewall at all but rather should only mention the bondN device (e.g., 'bond0'); it is that device that should have the 'blacklist' option. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
