Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT - It is surely just me, but I do not see why the error happens. I think this should work. Am I missing something ? Any hale appreciated - Thanks ! ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/22/10 5:25 PM, lanas wrote:> Hello, > > This is using version 4.4.11.3 (Debian). > > The following error occurs: > > ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : > > The configuration is a test config. Commented lines removed to keep > it clear: > > # cat zones > fw firewall > loc ipv4 > > # cat interfaces > loc eth1 - > > # cat hosts > loc eth1:10.128.23.34/16You have already declared in the interfaces file that the ''loc'' zone includes all hosts connecting through eth1. So of what possible use is the entry in hosts? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/22/10 5:50 PM, Tom Eastep wrote:> On 11/22/10 5:25 PM, lanas wrote: >> Hello, >> >> This is using version 4.4.11.3 (Debian). >> >> The following error occurs: >> >> ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : >> >> The configuration is a test config. Commented lines removed to keep >> it clear: >> >> # cat zones >> fw firewall >> loc ipv4 >> >> # cat interfaces >> loc eth1 - >> >> # cat hosts >> loc eth1:10.128.23.34/16 > > You have already declared in the interfaces file that the ''loc'' zone > includes all hosts connecting through eth1. So of what possible use is > the entry in hosts?If you really want to restrict ''loc'' to 10.128.0.0/16, then: interfaces: - eth1 - hosts: loc eth1:10.128.0.0/16 broadcast -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/23/10 10:01 AM, Tom Eastep wrote:> > If you really want to restrict ''loc'' to 10.128.0.0/16, then: > > interfaces: > > - eth1 - > > hosts: > > loc eth1:10.128.0.0/16 broadcast >Another way that your version of Shorewall supports uses just the interfaces file: loc eth1 - nets=(10.128.0.0/16) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On Tue, 23 Nov 2010 13:08:47 -0800, Tom Eastep <teastep@shorewall.net> wrote :> Another way that your version of Shorewall supports uses just the > interfaces file: > > loc eth1 - nets=(10.128.0.0/16)Thanks you very much for your suggestions ! -.. And thank you also for your sig about the Grandfather - that brought a good smile ! ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev