Am Montag, 7. Oktober 2019, 21:32:18 CEST schrieb Vieri Di Paola: > On Monday, October 7, 2019, Justin Pryzby <pry...@telsasoft.com> wrote: > > On Mon, Oct 07, 2019 at 07:39:36PM +0200, Andreas Günther wrote: > > > Hi > > > my Shorewall6 for the SSH rule on an interface without an internal > > > > network > > > > > provides the following error message: > > > ERROR: Unknown destination zone (2a03) /etc/shorewall6/macro.SSH (line > > > > 9) > > > > > from /etc/shorewall6/rules (line 35) > > > > > > /etc/shorewall6/rules: > > > SSH(ACCEPT) net 2a03:4871:5ca:7a::1 tcp 51001 > > Try using square brackets around the IPv6 address and a zone. You probably > wanted something like: > ... net $FW:[$IPv6] ...
Thanks Justin, I tried your propose with success with SSH(ACCEPT) net $FW:[2a03:4871:5ca:7a::1] tcp 51001 I interpret that now as follows, that also with HTTP the rules must be so HTTP(ACCEPT) net $FW:[2a03:4871:5ca:7a::1] HTTP(ACCEPT) $FW:[2a03:4871:5ca:7a::1] net I do not understand that yet. Because with IPv4 it is enough HTTP (ACCEPT) net $ FW HTTP (ACCEPT) $ FW net accept. Only if I have internal hosts and no standalone I say HTTP (ACCEPT) net loc: 192.168.1.2 HTTP (ACCEPT) loc: 192.168.1.2 net Best regards Andreas
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
