[0:root@apinetstore shorewall]$ rpm -qa | grep -i shorewall
shorewall-core-4.5.15-1.fc19.noarch
shorewall-4.5.15-1.fc19.noarch
There is a bug in tcrules processing that will not allow you to OR a mark:
/etc/shorewall/tcrules:
$MEMPHIS_VPN1_FWMARK/$CONNMASK $FW:+IpUp $MEMPHIS_COMCAST_VPN_IP esp
|$NEW_OUTPUT_MARK $FW - all
- - - !0/$CONNMASK
CONTINUE $FW - all
- - - !0/$CONNMASK
This will not compile without the attached patch. Notice the ! and the
| characters.
Thanks for all the effort put in to making Shorewall a great tool.
Bill
--- Tc.pm.orig 2013-04-10 11:17:54.000000000 -0400
+++ Tc.pm 2014-01-04 20:49:23.979452999 -0500
@@ -532,7 +532,7 @@
unless ( $classid ) {
{
- if ( $cmd =~ /^([[A-Z!&]+)/ ) {
+ if ( $cmd =~ /^([[A-Z|&]+)/ ) {
if ( my $tccmd = $tccmd{$1} ) {
fatal_error "Invalid $1 ACTION ($originalmark)" unless
$tccmd->{match}($cmd);
fatal_error "$mark not valid with :C[FPT]" if $connmark;
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
