Ok, I see that Mr. mangle has a slightly different syntax. I would suggest updating the documentation http://shorewall.net/manpages/shorewall-mangle.html by removing the forward slash in the *SAVE[(//mask)/]* and *RESTORE*[(//mask/)] targets.
Bill On 1/18/2015 10:24 PM, Bill Shirley wrote: > Setting up a new server with shorewall-4.6.5.3-1.fc21.noarch > > Copied rules from old server (shorewall-4.5.15-1.fc19.noarch). > Moved tcrules -> mangle. > Ran 'shorewall check' and got: > Checking /etc/shorewall/mangle... > ERROR: Invalid ACTION (RESTORE/0xff00) /etc/shorewall/mangle (line 36) > > The mangle rule: > RESTORE/$CONNMASK:P - - all - - > - 0/$CONNMASK > > parms: > CONNMASK=0xff00 > > shorewall.conf: > TC_ENABLED=Internal > #TC_ENABLED=No > TC_EXPERT=Yes > > TC_BITS=8 > MASK_BITS=8 > PROVIDER_OFFSET=24 > PROVIDER_BITS=0 > ZONE_BITS=5 > > The RESTORE action is in the mangle documentation so I'm thinking Shorewall > is choking on the mask? > > Thanks in advance for any help, > Bill > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
