Hi, I have the following problem while activating this rule entry using shorewall-shell: ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 "-m iprange" in front of "--dst-range" is missing in the activation command. The logging entry (above) is set correct. Below is the debug output. Thanks Regards Günter + case $level in + /usr/sbin/iptables -A WAN2INT -p udp --sport 1024:65535 -s 139.x.x.226 -m iprange --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j LOG --log-level notice --log-prefix ''Shorewall:WAN2INT:ACCEPT:rul '' + ''['' 0 -ne 0 '']'' + run_iptables -A WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT + ''['' -n '''' '']'' + /usr/sbin/iptables -A WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT iptables v1.3.5: Unknown arg `--dst-range'' Try `iptables -h'' or ''iptables --help'' for more information. + ''['' 2 -ne 0 '']'' + error_message ''ERROR: Command "/usr/sbin/iptables -A'' WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ''ACCEPT" Failed'' + echo '' ERROR: Command "/usr/sbin/iptables -A'' WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ''ACCEPT" Failed'' ERROR: Command "/usr/sbin/iptables -A WAN2INT -p udp -s 139.x.x.226 --sport 1024:65535 --dst-range 139.x.x.153-139.x.x.156 --dport 1024:65535 -j ACCEPT" Failed + stop_firewall + case $COMMAND in + set +x ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Niedermeier Günter wrote:> Hi, > > I have the following problem while activating this rule entry using shorewall-shell: > > ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 > > "-m iprange" in front of "--dst-range" is missing in the activation command. > > The logging entry (above) is set correct. > > Below is the debug output.I cannot reproduce this problem -- you''ll need to forward a complete trace. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Hi Tom, the tracefile is too big, to append it in the mailinglist. So I send it directly to you. Shorewall was called with "shorewall trace restart -C shell" Using "shorewall trace restart -C perl" works fine I also have my config dir attached. Thanks for your help --Günter Tom Eastep schrieb:> Niedermeier Günter wrote: >> Hi, >> >> I have the following problem while activating this rule entry using shorewall-shell: >> >> ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 >> >> "-m iprange" in front of "--dst-range" is missing in the activation command. >> >> The logging entry (above) is set correct. >> >> Below is the debug output. > > I cannot reproduce this problem -- you''ll need to forward a complete trace. > > -Tom------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Niedermeier Günter wrote:> Hi Tom, > > the tracefile is too big, to append it in the mailinglist. > > So I send it directly to you. > > Shorewall was called with "shorewall trace restart -C shell" > Using "shorewall trace restart -C perl" works fine > > I also have my config dir attached. >I had just succeeded in reproducing the problem when your post arrived. Attached please find a patch for /usr/share/shorewall-shell/compiler. It works for me in my test cases but please verify it in your case. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Wonderful! The patch works. Thank you very much for this extremely fast solution. --Günter ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/