Hi
my Shorewall6 for the SSH rule on an interface without an internal network
provides the following error message:
# shorewall6 check
Checking using Shorewall 5.2.3.2...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Checking /etc/shorewall6/zones...
Checking /etc/shorewall6/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /etc/shorewall6/policy...
Checking TCP Flags filtering...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall6/rules...
ERROR: Unknown destination zone (2a03) /etc/shorewall6/macro.SSH (line 9)
from /etc/shorewall6/rules (line 35)
Below are my config files
/etc/shorewall6/rules:
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW
# Drop packets in the INVALID state
Invalid(DROP) net $FW tcp
# Drop Ping from the "bad" net zone.. and prevent your log from being
flooded..
Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net ipv6-icmp
SSH(ACCEPT) net 2a03:4871:5ca:7a::1 tcp 51001
/etc/shorewall6/zones:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv6
/etc/shorewall6/interfaces:
#ZONE INTERFACE OPTIONS
net $NET_IF $NET_OPTIONS
with
/etc/shorewall6/params:
NET_IF=ens3
NET_OPTIONS=tcpflags,physical=$NET_IF
cat /etc/shorewall6/macro.SSH
#
# Shorewall -- /usr/share/shorewall/macro.SSH
#
# This macro handles secure shell (SSH) traffic.
#
###############################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
PARAM - - tcp 51001
What am I doing wrong?
Regards
Andreas
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
