I was very careful to check it. I get Bad argument 'iptables' I added a ; before the second iptables. The first command entered the second says Unknown arg '(null)'
John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Tuesday, August 24, 2010 3:52 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Shorewall-4.4.12 ipset issue On 8/24/10 12:03 PM, Hill, John wrote: > I have been on the side now for a long, long time. After all of these > years, last month I rebuilt my firewall. Today I hit a snag. > > > > I have 2 ipset lists Blacklistnets and Blacklisthosts. I have a > portmap, BLOCKPORTS from 1 to 1024. I have port 25, 110 and 143 added > to BLOCKPORTS and bound to both lists. > > All works in 4.4.11.2. I was just trying to keep the versions up. > > > > Now when I install 4.4.12 and start it, it is says that ipset match > and iprange must be in the kernel and IPtables. Version 4.4.11.2 works fine. > > > > I found the instructions for creating a capabilities file, I have > never purposefully done that before? I did just create one with > 4.4.11.2 and it lists both of these requirements as yes. And 4.4.12 does not? > > > > Do I need to create this in 4.4.12 before I run it? If so is the > /etc/shorewall directory ok? > > > > Debian lenny Kernel 2.6.26-2amd64 Iptables 1.4.2 ipset 2.3.3. Ipset > for Debian kernel was hard to come by, and it is old. I run ipsets fine with shorewall 4.4.12 and the 2.6.26 Debian kernel (although I use xtables-addons-1.24 to install ipsets and the netfilter module that goes with it). Please try the following from a root shell prompt: iptables -N foo iptables -A foo -m set --set Blacklistnets src -j ACCEPT iptables -A foo -m set --match-set Blacklistnets src -j ACCEPT What is the result? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
