On 9/30/12 1:09 PM, Tom Eastep wrote: > On 9/30/12 12:59 PM, "Gémes Géza" <[email protected] > <mailto:[email protected]>> wrote: > > 2012-09-30 21:45 keltezéssel, Tom Eastep írta: >> On 9/30/12 12:15 PM, "Gémes Géza" <[email protected] >> <mailto:[email protected]>> wrote: >> >> Sorry missed your question about shorewall show zones >> It returns: >> Shorewall 4.5.5.3 Zones at gw0 - 2012. szept. 30., vasárnap, >> 21.13.24 CEST >> >> fw (firewall) >> net (ipv4) >> dnt-if:0.0.0.0/0 >> ppp0:0.0.0.0/0 >> snt-if:0.0.0.0/0 >> dmz (ipv4) >> dmz-if:192.168.0.0/24 >> okt (ipv4) >> dmz-if:192.168.255.0/24 >> kag (ipv4) >> dmz-if:192.168.13.0/24 >> nonet (ipv4) >> lan-if:+nonet_lanif_3 >> nocom (ipv4) >> lan-if:+nocom_lanif_3 >> loc (ipv4) >> lan-if:0.0.0.0/0 >> >> >> That certainly looks like the name of the interface is lan-if.3 >> rather than lan-if. Does 'Shorewall add lan-if_3:<address> nonet' >> work? > I've checked after applying the patches you've sent and yes it > works, what is strange that the interface is called lan-if (in > interfaces file too) and not lanif_3 > > > Please send me a tarball of your configuration; also please include a > capabilities file. You can send it to me personally. >
Okay -- the reason that the _3 is appended is because 'lan-if; is the
third interface name with a dash ("-") in it's name. The compiler forms
the name of the ipset as follows:
1) Replaces '.' with '_' in the interface name.
2) Compresses out any non 'word' characters ('word' characters in Perl
are letters, digits or '_'). If any characters were removed, a
unique suffix of the form '_<digit>' is added to the resulting name.
3) The result is then joined to the zone name with an underscore ("_").
That algorithm ensures that all ipset names are unique, but means that
interface names with characters such as '-' work oddly with dynamic zones.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
