On 1/29/2015 8:20 AM, Tom Eastep wrote: > On 1/28/2015 12:39 AM, Gerhard Wiesinger wrote: >> Hello, >> >> I've set all ip addresses in /etc/hosts. >> >> But I'm unable to use >> SMTP(ACCEPT) myzone loc:smtp-server >> >> ERROR: Unknown Interface (smtp-server) >> /usr/share/shorewall/macro.SMTP (line 21) >> from /etc/shorewall/rules (line 157) >> >> # IP addresses work well >> SMTP(ACCEPT) myzone loc:192.168.99.100 >> >> I know that ipsets are working well but I would like to use some rules >> without ipsets. >> >> On the other hand it works well with DNAT: >> SMTP(DNAT) myzone loc:smtp-server >> >> Any ideas how to use it? >> If it is not possible any plans to implement it? >> > > All DNS names must be fully-qualified (e.g., my.domain.smtp-server). >
Or rather smtp-server.mydomain.com. Using the unqualified name in a DNAT rule happens to work because the only thing that can directly follow the destination zone is an address. But in the case of an ACCEPT rule, it can be an interface name which is how the compiler is trying to interpret it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
