Have it fixed. Too many netfilter installs. Cleaned it up. I have ipset 4.2 iptables 1.4.9.1
The instructions I followed to create the set lists now fails, as ipset no longer supports it -B xxx.xxx.xxx.xxx -b command. Reading the docs that I can find now. I am trying to block 25 110 and 143 from sub networks and single ip addresses. I have lists of numbers I process and automatically create and load the set according to the netmask. That is broken now. But Shorewall is running like a clock. --john John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Wednesday, August 25, 2010 12:26 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Shorewall-4.4.12 ipset issue On 8/25/10 6:34 AM, Tom Eastep wrote: > On 8/25/10 5:25 AM, Hill, John wrote: >> netfilter-extensions-modules-2.6.26-2-amd64_20080719+debian-1+2.6.26- >> 24_ >> amd64 >> I can send it. >> This is off topic. But can I not compile a new ipset and install in >> this Debian system? >> I need to do some homework on Debian kernel compiling. > > You can install xtables-addons which doesn't require that you compile > the entire kernel. See > http://www.shorewall.net/Dynamic.html#xtables-addons. For Lenny, the > latest version that I've found to work correctly is 1.24. Note, however, that you will STILL need 4.4.12.1 for ipsets to work correctly (or you must use the capabilities file workaround). It is your iptables that is tripping up the shorewall 4.4.12 compiler, not ipsets. You could also build and install iptables 1.4.4 or later and update your shorewall config to point to that binary (by default, it is installed in /usr/local/sbin/). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
