[Shorewall-users] ERROR: SAVE rules are not allowed in the INPUT chain

Bill Shirley Sun, 18 Jan 2015 19:06:46 -0800

I'm setting up a new server to be a backup of the production server.

Production is running Fedora 19: shorewall-4.5.15-1.fc19.noarch


New server is running Fedora 21: shorewall-4.6.5.3-1.fc21.noarch

I've copied over my Shorewall configuration files and when I run 'shorewall 
check' I get:
Checking /etc/shorewall/tcrules...
    ERROR: SAVE rules are not allowed in the INPUT chain /etc/shorewall/tcrules 
(line 198)

The relevant rules are:
?COMMENT -vpn- decrypted
SAVE/$CONNMASK                  $mem_net        $FW !esp    ; state=NEW 
test=$MEM_VPN1_FWMARK/$CONNMASK
SAVE/$CONNMASK                  $mem_net        $FW !esp    ; state=NEW 
test=$MEM_VPN2_FWMARK/$CONNMASK
SAVE/$CONNMASK                  $phx_net        $FW !esp    ; state=NEW 
test=$PHX_VPN_FWMARK/$CONNMASK
SAVE/$CONNMASK                  $sfn_net        $FW !esp    ; state=NEW 
test=$SFN_VPN1_FWMARK/$CONNMASK
SAVE/$CONNMASK                  $sfn_net        $FW !esp    ; state=NEW 
test=$SFN_VPN2_FWMARK/$CONNMASK

My question is: Why can't I do a SAVE in the INPUT chain?  Am I doing something 
stupid?

Bill



------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] ERROR: SAVE rules are not allowed in the INPUT chain

Reply via email to