On 8/26/2015 7:14 AM, Lennart Sorensen wrote: > On Wed, Aug 26, 2015 at 04:48:50PM +0530, hitesh menghani wrote: >> Whenever I am using IPv6 range in shorewall6/hosts file, it fails to >> restart and throwing *Invalid IPv6 Address ([1:2:3::ffff:ffff:ffff:fffc* >> >> For more information: >> *shorewall6 zone file:* >> WAN ipv6 >> DMZ ipv6 >> fwall firewall >> LAN:WAN ipv6 >> >> *shorewall6 interface file:* >> WAN eth0 routeback >> >> *shorewall6 interface file:* >> LAN >> eth0:[1:2:3::ffff:ffff:ffff:fffc-1:2:3::ffff:ffff:ffff:fffd,1:2:3::ffff:ffff:ffff:ff11-1:2:3::ffff:ffff:ffff:ff22] >> >> Also, I checked installed ip6tables support iprange. >> >> Am I doing it wrong? Or is there syntactical mistake in my configuration >> file. >> Expecting reply. > > Looking at the source code, it appears the [] around the range is not > expected. The parsing code for IPv4 (which does not show [] around > the address in the man page) and the ipV6 code seems pretty much the > same (although the man page for shorewall6's hosts does show [] around > the address). Unfortunate that the shorewall6 hosts man page does not > currently include examples. > > So I would try removing the [] around your address range. > > Not sure if this was the intended syntax or if the man page syntax was > intended and this is a bug. >
The correct syntax (folded by my mailer) is: eth0:[1:2:3::ffff:ffff:ffff:fffc]-[1:2:3::ffff:ffff:ffff:fffd],[1:2:3::ffff:ffff:ffff:ff11]-[1:2:3::ffff:ffff:ffff:ff22] But there is also a bug which is corrected by the attached patch: patch /path/to/Shorewall/IPAddrs.pm < IPV6RANGE.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm
b/Shorewall/Perl/Shorewall/IPAddrs.pm
index edf18e2..d6d9c0a 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -779,6 +779,18 @@ sub normalize_6addr( $ ) {
sub validate_6range( $$ ) {
my ( $low, $high ) = @_;
+ if ( $low =~ /^\[(.+)\]$/ ) {
+ $low = $1;
+ } elsif ( $low =~ /^\[(.+)\]\/(\d+)$/ ) {
+ $low = join( '/', $1, $2 );
+ }
+
+ if ( $high =~ /^\[(.+)\]$/ ) {
+ $high = $1;
+ } elsif ( $high =~ /^\[(.+)\]\/(\d+)$/ ) {
+ $high = join( '/', $1, $2 );
+ }
+
validate_6address $low, 0;
validate_6address $high, 0;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
