Re: [Shorewall-users] Error finding primary ip of int in $FW zone stoppedrules file

Bill Shirley Sat, 16 Dec 2017 13:11:00 -0800

It should be without the &:
ACCEPT net $FW:$NET_IF tcp 22


Bill

On 12/16/2017 1:50 PM, Matt Darfeuille wrote:

Hi,

If I set in /etc/shorewall/params:

NET_IF=enp2s0

and in /etc/shorewall/stoppedrules:

ACCEPT net $FW:&$NET_IF tcp 22

I get the folloing error while stopping Shorewall:

$ shorewall debug stop
Stopping Shorewall....
Preparing iptables-restore input...
Running debug_restore_input...
Bad argument `6'
Try `iptables -h' or 'iptables --help' for more information.
    ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -s
172.17.211.254 -d  -p 6 --dport 22 -i enp2s0 -j ACCEPT" Failed
Terminated

The address for the --destination option is missing.

-Matt



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Error finding primary ip of int in $FW zone stoppedrules file

Reply via email to