Simon On Wed, May 27, 2015, at 01:25 AM, Simon Hobson wrote: > > On compile I get an ERROR, > > > > ... > > Adding Providers... > > RTNETLINK answers: Invalid argument > > ERROR: Command "/sbin/ip -4 route add 192.168.1.254/24 dev eth0 > > table ISP01" Failed > > Restoring Shorewall Lite... > > ... > > Don't know if it's the problem, but 192.168.1.254/24 probably wants to be > either 192.168.1.254/32 or 192.168.1.0/24
Completely missed that :-/ This works ISP01 192.168.0.0/16 blackhole ISP01 192.168.1.254/32 - eth0 Thanks! Now to figure out the effects of the other settings ... > I've done my RFC1918 filtering with rules, rather than routes. So it's easy > to permit a set of traffic and then block the larger block. I don't know if > that works with routes - and also consider ordering, do routes specified in > this file work in order specified or in order of "most specific first" ? > Worst case, you might need to specify the 192.168 block in pieces : Iiuc, /routes does the same, although I did not yet test, or find/look at the actual expansion. In /routes, order of entry does not matter: http://shorewall.net/MultiISP.html#null_routing "The order in which the two routes above are defined in "routes" is not important, simply because, by definition, routes with lower mask value are always traversed first. In that way, packets originating from or destined to 10.1.0.0/24 will always be processed before the 10.0.0.0/8 blackhole route." ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
