2012-10-01 00:46 keltezéssel, Tom Eastep írta:
On 9/30/12 3:36 PM, Gémes Géza wrote:
Hi Tom,
On 9/30/12 1:09 PM, Tom Eastep wrote:
On 9/30/12 12:59 PM, "Gémes Géza" <[email protected]
<mailto:[email protected]>> wrote:
2012-09-30 21:45 keltezéssel, Tom Eastep írta:
On 9/30/12 12:15 PM, "Gémes Géza" <[email protected]
<mailto:[email protected]>> wrote:
Sorry missed your question about shorewall show zones
It returns:
Shorewall 4.5.5.3 Zones at gw0 - 2012. szept. 30., vasárnap,
21.13.24 CEST
fw (firewall)
net (ipv4)
dnt-if:0.0.0.0/0
ppp0:0.0.0.0/0
snt-if:0.0.0.0/0
dmz (ipv4)
dmz-if:192.168.0.0/24
okt (ipv4)
dmz-if:192.168.255.0/24
kag (ipv4)
dmz-if:192.168.13.0/24
nonet (ipv4)
lan-if:+nonet_lanif_3
nocom (ipv4)
lan-if:+nocom_lanif_3
loc (ipv4)
lan-if:0.0.0.0/0
That certainly looks like the name of the interface is lan-if.3
rather than lan-if. Does 'Shorewall add lan-if_3:<address> nonet'
work?
I've checked after applying the patches you've sent and yes it
works, what is strange that the interface is called lan-if (in
interfaces file too) and not lanif_3
Please send me a tarball of your configuration; also please include a
capabilities file. You can send it to me personally.
Okay -- the reason that the _3 is appended is because 'lan-if; is the
third interface name with a dash ("-") in it's name. The compiler forms
the name of the ipset as follows:
1) Replaces '.' with '_' in the interface name.
2) Compresses out any non 'word' characters ('word' characters in Perl
are letters, digits or '_'). If any characters were removed, a
unique suffix of the form '_<digit>' is added to the resulting name.
3) The result is then joined to the zone name with an underscore ("_").
That algorithm ensures that all ipset names are unique, but means that
interface names with characters such as '-' work oddly with dynamic zones.
-Tom
Thanks for sorting this out, one question remains:
Are the patches still needed for correct operation, if yes will they be
included in a next release?
Yes and Yes. But it's unclear whether they will be available in Wheezy
or not.
-Tom
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Thank you!
Getting into account the debian policy probably too late for wheazy, but
I'm ok with maintaining my own packages.
Cheers
Geza
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
