Shorewall users - Dec 2007 - shorewall STOPS when MAC address in source field.

Hello,

I  have two rules in my rules file as below.

Rule1: 
ACCEPT     loc:~00-01-01-01-01-01                  net              tcp 80

Rule2:
ACCEPT     loc:eth0:~00-02-02-02-02-02          net              tcp 80

Rule 2 failes with the following error.

   Rule "ACCEPT loc:~00-01-01-01-01-01 net tcp 80     " added.
iptables v1.3.3: host/network `~00-02-02-02-02-02'' not found
Try `iptables -h'' or ''iptables --help'' for more
information.
   ERROR: Command "/sbin/iptables -A loc2net -p tcp -i net0 -s
~00-02-02-02-02-02 --dport 80 -j ACCEPT" Failed
/sbin/shorewall: line 647: 30795 Terminated              $SHOREWALL_SHELL
${VARDIR}/.restart $debugging restart



The rules generated ${VARDIR/.restart is as follows.
    run_iptables -A loc2net -p tcp --match mac --mac-source 00:01:01:01:01:01
--dport 80 -j ACCEPT
    progress_message "   Rule \"ACCEPT loc:~00-01-01-01-01-01 net tcp
80     \" added."
    run_iptables -A loc2net -p tcp -i net0 -s ~00-02-02-02-02-02 --dport 80 -j
ACCEPT
    progress_message "   Rule \"ACCEPT loc:net0:~00-02-02-02-02-02 net
tcp 80     \" added."

Looks like this is a compiler issue.

I am using shorewall  3.4.4

Thanks,
Srinivas

-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

Srinivasa Hebbar wrote:
> The rules generated ${VARDIR/.restart is as follows.
>     run_iptables -A loc2net -p tcp --match mac --mac-source
00:01:01:01:01:01 --dport 80 -j ACCEPT
>     progress_message "   Rule \"ACCEPT loc:~00-01-01-01-01-01 net
tcp 80     \" added."
>     run_iptables -A loc2net -p tcp -i net0 -s ~00-02-02-02-02-02 --dport 80
-j ACCEPT
>     progress_message "   Rule \"ACCEPT
loc:net0:~00-02-02-02-02-02 net tcp 80     \" added."
> 
> Looks like this is a compiler issue.
> 
> I am using shorewall  3.4.4
Attached is a patch for 4.0 Shorewall-shell which applies with an offset to
3.4.4.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace

Tom Eastep wrote:
> Srinivasa Hebbar wrote:
> 
>> The rules generated ${VARDIR/.restart is as follows.
>>     run_iptables -A loc2net -p tcp --match mac --mac-source
00:01:01:01:01:01 --dport 80 -j ACCEPT
>>     progress_message "   Rule \"ACCEPT loc:~00-01-01-01-01-01
net tcp 80     \" added."
>>     run_iptables -A loc2net -p tcp -i net0 -s ~00-02-02-02-02-02
--dport 80 -j ACCEPT
>>     progress_message "   Rule \"ACCEPT
loc:net0:~00-02-02-02-02-02 net tcp 80     \" added."
>>
>> Looks like this is a compiler issue.
>>
>> I am using shorewall  3.4.4
> 
> Attached is a patch for 4.0 Shorewall-shell which applies with an offset to
> 3.4.4.
A similar problem exists with the tcrules file. Patch attached.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace