I've run into a problem with using SAVE(0x3ffff) and RESTORE(0x3ffff) in the
mangle table:
[0:root@elmo dhcp]$ shorewall6 check
Checking...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Checking /etc/shorewall6/zones...
Checking /etc/shorewall6/interfaces...
Checking /etc/shorewall6/hosts...
Determining Hosts in Zones...
Locating Action Files...
Checking /etc/shorewall6/policy...
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Accept Routing Advertisements...
Checking /etc/shorewall6/mangle...
ERROR: Mark value (0x3ff00) too large /etc/shorewall6/mangle (line 106)
Line 106 is a RESTORE:
RESTORE($CONNMASK) $FW - all
{ test=0/$CONNMASK }
It's the RESTORE operand that's failing. If I code 0xff for the test operand
it still fails. However, if I
code 0xff for RESTORE it's happy. Also note, it's a mask; not a mark.
[2:root@elmo shorewall6]$ rpm -q shorewall6
shorewall6-4.6.11.1-2.fc22.noarch
/etc/shorewall6/params:
CONNMASK=0x3ff00
IPSEC_MARK=0x10000
/var/lib/shorewall6/marks:
Traffic Shaping:0-255 (0x0-0xff) mask 0xff
User:256-16776960 (0x100-0xffff00) mask 0xffff00
Provider: Not Enabled
Zone:16777216-520093696 (0x1000000-0x1f000000) mask 0x1f000000
Exclusion:536870912 mask 0x20000000
TProxy:1073741824 mask 0x40000000
grep -i -e bits -e wide -e high shorewall6.conf:
TC_BITS=
PROVIDER_BITS=
MASK_BITS=
ZONE_BITS=0
TC_BITS=8
MASK_BITS=8
PROVIDER_BITS=0
ZONE_BITS=5
How can I make Mr. Mangle happy?
Thanks,
Bill
PS. I also just found 'My Network Configuration' in the documentation yesterday:
http://shorewall.net/MyNetwork.html
That looks to be a good reference. You don't use a mangle file?
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
