Am 12.10.18 um 00:54 schrieb Tom Eastep: > On 10/11/2018 05:36 AM, Jan Bergner wrote: >> Am 10.10.18 um 18:14 schrieb Tom Eastep: >>> On 10/10/2018 07:04 AM, Jan Bergner wrote: >>>> Dear shorewall-users list, >>>> >>>> I have some virtual network interfaces due to the fact, I use >>>> systemd-nspawn-containers which get names containing a minus sign. (The >>>> scheme is basically "ve-MACHINE_NAME".) >>>> >>>> Unfortunately, I cannot seem to find any indication on how to treat such >>>> an interface name in, say, a zone assignment. >>>> >>>> In particular, I would like to have an /etc/shorewall/interfaces like this: >>>> >>>> #ZONE INTERFACE BROADCAST OPTIONS >>>> >>>> net eth+ detect dhcp >>>> nspa ve-m1 detect dhcp >>>> nspa ve-m2 detect dhcp >>>> nspb ve-m3 detect dhcp >>>> nspb ve-m4 detect dhcp >>>> oth + detect dhcp >>>> >>>> >>>> However, this does not seem to be working; my interfaces end up in the >>>> oth-zone, as can be expected, since this is my catch-all-zone, assuming >>>> the ve-interfaces are not recognized, properly.) >>>> >>>> Initially, I thought there mus be a simple way of escaping this, but I >>>> could not seem to find it. >>>> >>>> Can someone give me a hint? >>>> >>>> >>>> Thanks in advance and best regards, >>>> >>> Which Shorewall version are you using? Your interfaces file above is >>> FORMAT 1, which suggests that the version is quite old. >>> >>> -Tom >> Hello Tom, >> >> thank you for your response. >> >> On this particular system, we use the official version, shipped with >> Debian 9. (5.0.15.6) >> >> However, we produce some IoT devices, based on OpenEmbedded, that are >> using version 4.4.14, and we try to use a config style that is working >> for both versions. >> >> Thus, we use the old format, indeed. >> > Okay - I believe that something else is going on in your configuration > that is causing the issue. It would be helpful if you would: > > a) shorewall show -f capabilities > /etc/shorewall/capabilities > b) Tar up your /etc/shorewall/ directory and sent the tar file to me > privately. > > Thanks! > -Tom
Hello Tom, actually, I just got it sorted out, myself - at least it would seem that way. When you asked for capabilities, I noticed, that they differed from the capabilities on another Debian-9-host. The difference between the machines is, that my troublemaker system was not freshly installed, but upgraded over quite some OS versions. So, I replaced the shorewall.conf by the one from the clean-install-system and created a test zone and it worked. I guess that settles it, but I see that I should look into the new config formats. Anyway, thanks for your time. I appreciate it. Best regards, Jan > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- ________________________________________ *Jan Bergner, M.Sc. * Senior IT Administrator *indurad GmbH* *The Industrial Radar Company* Belvedereallee 5 52070 Aachen, Germany Office: + 49 241 538070-61 Front Desk: + 49 241 538070-0 Fax: + 49 241 538070-99 jan.berg...@indurad.com www.indurad.com <http://www.indurad.com/> _______________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
