On 12/17/2017 6:01 PM, Tom Eastep wrote: > On 12/16/2017 10:50 AM, Matt Darfeuille wrote: >> Hi, >> >> If I set in /etc/shorewall/params: >> >> NET_IF=enp2s0 >> >> and in /etc/shorewall/stoppedrules: >> >> ACCEPT net $FW:&$NET_IF tcp 22 >> >> I get the folloing error while stopping Shorewall: >> >> $ shorewall debug stop >> Stopping Shorewall.... >> Preparing iptables-restore input... >> Running debug_restore_input... >> Bad argument `6' >> Try `iptables -h' or 'iptables --help' for more information. >> ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -s >> 172.17.211.254 -d -p 6 --dport 22 -i enp2s0 -j ACCEPT" Failed >> Terminated >> >> The address for the --destination option is missing. > > The real problem here is that the compiler should flag 'net' as invalid. > Zone names (other than $FW) aren't allowed in the stoppedrules file. > Or is 'net' actually the name of an interface? > > In my test case: > > Checking /home/teastep/test/stoppedrules... > ERROR: Unknown Interface (net) /home/teastep/test/stoppedrules (line 17) > teastep@debianvm:~/test$ >
What I meant was: ACCEPT $NET_IF $FW:&$NET_IF tcp 22 I mixed up the syntax with the rules file, sorry!!! :) -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
