I changed the zones file like below: fw firewall net network loc local and then restart the shorewall ...... [root@shorewall shorewall]# shorewall restart Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Restarting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Available Raw Table: Available CLASSIFY Target: Available Determining Zones... ERROR: Invalid Zone Type: internet Terminated Thank _______________________________________ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk
On Thursday 20 April 2006 11:04, Wilson Kwok wrote:> I changed the zones file like below: > > fw firewall > net network > loc local > > and then restart the shorewall ......> Determining Zones... > ERROR: Invalid Zone Type: internet > TerminatedYou are using Shorewall 2.x zones file syntax with Shorewall 3.0. If you *really* want to do that then you must set IPSECFILE=ipsec in shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Thursday 20 April 2006 11:14, Tom Eastep wrote:> On Thursday 20 April 2006 11:04, Wilson Kwok wrote: > > I changed the zones file like below: > > > > fw firewall > > net network > > loc local > > > > and then restart the shorewall ...... > > > > Determining Zones... > > ERROR: Invalid Zone Type: internet > > Terminated > > You are using Shorewall 2.x zones file syntax with Shorewall 3.0. If you > *really* want to do that then you must set IPSECFILE=ipsec in > shorewall.conf.And you may not define the firewall zone in /etc/shorewall/zones -- you must define it using the FW variable in shorewall.conf. If this is a new installation, I would advise against this approach. Rather, you should be using the 3.0 syntax for the zones file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key