I haven't debugged this enough to understand what is happening, but I observe the following:
someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn't match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn't match anything) Is it possible/sensible/feasible to have shorewall figure out the 'arity of the ipset? Is it an artifact of the ipset type used here? Not tested this yet, but is it a more descriptive setup to do something like defining someipset:loc in zones and "somealias br0:+someipset[2]" in hosts? That way I *think* I can use "somealias" everywhere and avoid needing to remember the "arity" in various rules? Other suggestions appreciated? Note, probably a stupid question (like previous...), still trying to get my head around the generated iptables rules and what is valid ipset syntax (Recent iptables/ipset/shorewall) Thanks Ed W ------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
