August 19, 2019 4:47 PM, "Tom Eastep" <teas...@shorewall.net> wrote:
> On 8/19/19 2:26 AM, J Cliff Armstrong via Shorewall-users wrote: > >> Running Arch Linux kernel 5.2.8-arch1-1-ARCH, Shorewall installed from Arch >> community repo. >> >> I'm trying to configure the policy: >> >>> lan wan NFQUEUE(0:1) >> >> The goal being to utilize two instances of snort (for blocking outgoing >> sensitive information, in >> this case) running on separate cores and let netfilter balance connections >> between them as per the >> shorewall-policy manpage provided with the arch package and currently >> available on shorewall.net. >> "NFQUEUE" passes 'check'. "NFQUEUE(0)" passes 'check'. "NFQUEUE(0:1)" fails >> 'check' with the error: >> >>> Checking /etc/shorewall/policy... >>> ERROR: Invalid policy (NFQUEUE(0) /etc/shorewall/policy (line 15) >> >> Perhaps I'm misunderstanding the documented syntax? Additionally, is the >> syntax really different >> from the NFQUEUE action in the shorewall-rules? I'm hoping "no" but, of >> course, the documentation >> says it is. > > It's a bug. Patch attached. > > -Tom > > PS: I assume that your version is 5.2.3... There is no version 5.2.8. > -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users Hey, thanks Tom. I appreciate it. I had just pulled the latest source from git after actually taking a look at the code in my local copy. My knowledge of Perl is 2 decades out of date so I wasn't sure if what I thought I saw was really there. Thanks again! Regards, J Cliff Armstrong P.S. Correct. My Shorewall version is 5.2.3.3. My Kernel version is 5.2.8 w/Arch distro patches applied. Sorry if I was unclear. Next time(?) I'll put the version info for Shorewall in the body instead of the subject. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
