On 12/16/2017 10:50 AM, Matt Darfeuille wrote: > Hi, > > If I set in /etc/shorewall/params: > > NET_IF=enp2s0 > > and in /etc/shorewall/stoppedrules: > > ACCEPT net $FW:&$NET_IF tcp 22 > > I get the folloing error while stopping Shorewall: > > $ shorewall debug stop > Stopping Shorewall.... > Preparing iptables-restore input... > Running debug_restore_input... > Bad argument `6' > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -s > 172.17.211.254 -d -p 6 --dport 22 -i enp2s0 -j ACCEPT" Failed > Terminated > > The address for the --destination option is missing.
The real problem here is that the compiler should flag 'net' as invalid. Zone names (other than $FW) aren't allowed in the stoppedrules file. Or is 'net' actually the name of an interface? In my test case: Checking /home/teastep/test/stoppedrules... ERROR: Unknown Interface (net) /home/teastep/test/stoppedrules (line 17) teastep@debianvm:~/test$ -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
