Re: [Shorewall-users] ERROR: SAVE rules are not allowed in the INPUT chain

Tue, 20 Jan 2015 06:45:19 -0800 

That fixes it.

Thanks for all your hard work.

Bill

On 1/19/2015 11:51 AM, Tom Eastep wrote:
> On 1/18/2015 6:40 PM, Bill Shirley wrote:
>> I'm setting up a new server to be a backup of the production server.
>>
>> Production is running Fedora 19: shorewall-4.5.15-1.fc19.noarch
>>
>> New server is running Fedora 21: shorewall-4.6.5.3-1.fc21.noarch
>>
>> I've copied over my Shorewall configuration files and when I run 'shorewall 
>> check' I get:
>> Checking /etc/shorewall/tcrules...
>>      ERROR: SAVE rules are not allowed in the INPUT chain 
>> /etc/shorewall/tcrules (line 198)
>>
>> The relevant rules are:
>> ?COMMENT -vpn- decrypted
>> SAVE/$CONNMASK                  $mem_net        $FW !esp    ; state=NEW 
>> test=$MEM_VPN1_FWMARK/$CONNMASK
>> SAVE/$CONNMASK                  $mem_net        $FW !esp    ; state=NEW 
>> test=$MEM_VPN2_FWMARK/$CONNMASK
>> SAVE/$CONNMASK                  $phx_net        $FW !esp    ; state=NEW 
>> test=$PHX_VPN_FWMARK/$CONNMASK
>> SAVE/$CONNMASK                  $sfn_net        $FW !esp    ; state=NEW 
>> test=$SFN_VPN1_FWMARK/$CONNMASK
>> SAVE/$CONNMASK                  $sfn_net        $FW !esp    ; state=NEW 
>> test=$SFN_VPN2_FWMARK/$CONNMASK
>>
>> My question is: Why can't I do a SAVE in the INPUT chain?  Am I doing 
>> something stupid?
> No -- I did.  Patch attached.
>
> -Tom
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
>
>
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users


------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to