Running Arch Linux kernel 5.2.8-arch1-1-ARCH, Shorewall installed from Arch community repo.
I'm trying to configure the policy: > lan wan NFQUEUE(0:1) The goal being to utilize two instances of snort (for blocking outgoing sensitive information, in this case) running on separate cores and let netfilter balance connections between them as per the shorewall-policy manpage provided with the arch package and currently available on shorewall.net. "NFQUEUE" passes 'check'. "NFQUEUE(0)" passes 'check'. "NFQUEUE(0:1)" fails 'check' with the error: > Checking /etc/shorewall/policy... > ERROR: Invalid policy (NFQUEUE(0) /etc/shorewall/policy (line 15) Perhaps I'm misunderstanding the documented syntax? Additionally, is the syntax really different from the NFQUEUE action in the shorewall-rules? I'm hoping "no" but, of course, the documentation says it is. Trace attached.
shorewall_trace.gz
Description: GNU Zip compressed data
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
