On 9/30/12 3:36 PM, Gémes Géza wrote: > Hi Tom, >> On 9/30/12 1:09 PM, Tom Eastep wrote: >>> On 9/30/12 12:59 PM, "Gémes Géza" <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> 2012-09-30 21:45 keltezéssel, Tom Eastep írta: >>>> On 9/30/12 12:15 PM, "Gémes Géza" <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Sorry missed your question about shorewall show zones >>>> It returns: >>>> Shorewall 4.5.5.3 Zones at gw0 - 2012. szept. 30., vasárnap, >>>> 21.13.24 CEST >>>> >>>> fw (firewall) >>>> net (ipv4) >>>> dnt-if:0.0.0.0/0 >>>> ppp0:0.0.0.0/0 >>>> snt-if:0.0.0.0/0 >>>> dmz (ipv4) >>>> dmz-if:192.168.0.0/24 >>>> okt (ipv4) >>>> dmz-if:192.168.255.0/24 >>>> kag (ipv4) >>>> dmz-if:192.168.13.0/24 >>>> nonet (ipv4) >>>> lan-if:+nonet_lanif_3 >>>> nocom (ipv4) >>>> lan-if:+nocom_lanif_3 >>>> loc (ipv4) >>>> lan-if:0.0.0.0/0 >>>> >>>> >>>> That certainly looks like the name of the interface is lan-if.3 >>>> rather than lan-if. Does 'Shorewall add lan-if_3:<address> nonet' >>>> work? >>> I've checked after applying the patches you've sent and yes it >>> works, what is strange that the interface is called lan-if (in >>> interfaces file too) and not lanif_3 >>> >>> >>> Please send me a tarball of your configuration; also please include a >>> capabilities file. You can send it to me personally. >>> >> Okay -- the reason that the _3 is appended is because 'lan-if; is the >> third interface name with a dash ("-") in it's name. The compiler forms >> the name of the ipset as follows: >> >> 1) Replaces '.' with '_' in the interface name. >> 2) Compresses out any non 'word' characters ('word' characters in Perl >> are letters, digits or '_'). If any characters were removed, a >> unique suffix of the form '_<digit>' is added to the resulting name. >> 3) The result is then joined to the zone name with an underscore ("_"). >> >> That algorithm ensures that all ipset names are unique, but means that >> interface names with characters such as '-' work oddly with dynamic zones. >> >> -Tom > Thanks for sorting this out, one question remains: > Are the patches still needed for correct operation, if yes will they be > included in a next release?
Yes and Yes. But it's unclear whether they will be available in Wheezy or not. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
