I had a quick question about the multiport match, I am wondering if it is possible in shorewall to specify the equivalent of the following iptables command. iptables -A accountin -m multiport --ports 123 -j ntp Or similar, has the effect of being a single rule that matches where either the source or destination port is 123, I was hoping to use it for accounting purposes as currently it takes two separate rules that then have to be added together separately. If not is there an alternative to using run_iptables in the start script that would achieve this I would rather it be in the accounting file if possible because it is easier for maintainability if things are not scattered through different files. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On 3/2/13 5:13 PM, "Matt Joyce" <mjoyce@mttjocy.co.uk> wrote:>I had a quick question about the multiport match, I am wondering if it >is possible in shorewall to specify the equivalent of the following >iptables command. > >iptables -A accountin -m multiport --ports 123 -j ntp > >Or similar, has the effect of being a single rule that matches where >either the source or destination port is 123, I was hoping to use it for >accounting purposes as currently it takes two separate rules that then >have to be added together separately. If not is there an alternative to >using run_iptables in the start script that would achieve this I would >rather it be in the accounting file if possible because it is easier for >maintainability if things are not scattered through different files.There is currently no way to generate a ''-m multiport --ports'' match. -Tom PS -- your iptables command above is invalid :-) You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
lol, wrote that a bit quickly so completely missed the -p specifier, iptables wouldn''t have liked me much lol. Guess for now will work around it with the start file and the run_iptables hook, heh, every time I find myself coming up with ideas I can''t implement in shell I keep saying I need to find time to go learn perl getting to be a long list so is going to happen sooner or later no doubt perhaps will manage to learn enough to write some patches one day. On 03/03/13 02:59, Tom Eastep wrote:> On 3/2/13 5:13 PM, "Matt Joyce" <mjoyce@mttjocy.co.uk> wrote: > >> I had a quick question about the multiport match, I am wondering if it >> is possible in shorewall to specify the equivalent of the following >> iptables command. >> >> iptables -A accountin -m multiport --ports 123 -j ntp >> >> Or similar, has the effect of being a single rule that matches where >> either the source or destination port is 123, I was hoping to use it for >> accounting purposes as currently it takes two separate rules that then >> have to be added together separately. If not is there an alternative to >> using run_iptables in the start script that would achieve this I would >> rather it be in the accounting file if possible because it is easier for >> maintainability if things are not scattered through different files. > There is currently no way to generate a ''-m multiport --ports'' match. > > -Tom > > PS -- your iptables command above is invalid :-) > > You do not need a parachute to skydive. You only need a parachute to > skydive twice. > > > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On 03/02/2013 07:41 PM, Matt Joyce wrote:> lol, wrote that a bit quickly so completely missed the -p specifier, > iptables wouldn''t have liked me much lol. > Guess for now will work around it with the start file and the > run_iptables hook, heh, every time I find myself coming up with ideas I > can''t implement in shell I keep saying I need to find time to go learn > perl getting to be a long list so is going to happen sooner or later no > doubt perhaps will manage to learn enough to write some patches one day. >Attached is a patch against 4.5.14 RC 1 that implements the feature you requested. To generate -m multiport --ports ...., place the port list in the DEST PORT(S) column and place ''='' in the SOURCE PORT(S) column. e.g. #ACTION CHAIN SOURCE DEST PROTO DEST SOURCE # PORT(S) PORT(S) COUNT - br0 - tcp 80 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
Great work, thank you for that taken me a while to reply as I wanted to get it up and running first and took me a little bit to figure out how to successfully edit an ebuild to install the latest version latest in portage was 4.5.11.2 and prefer that portage is keeping track of things for future updates etc. Portage aside the patch is working just great for me here so thanks again for the hard work. Noticed it was an RC so will just add the update itself all looks good on my box, no issues as far as I can tell, perl 5.16.1 iptables 1.4.17 with ipset 6.16.1, xtables 2.1 kernel linux-amd64 3.7.8, selinux on intel i7 870. On 04/03/13 17:18, Tom Eastep wrote:> On 03/02/2013 07:41 PM, Matt Joyce wrote: >> lol, wrote that a bit quickly so completely missed the -p specifier, >> iptables wouldn''t have liked me much lol. >> Guess for now will work around it with the start file and the >> run_iptables hook, heh, every time I find myself coming up with ideas I >> can''t implement in shell I keep saying I need to find time to go learn >> perl getting to be a long list so is going to happen sooner or later no >> doubt perhaps will manage to learn enough to write some patches one day. >> > Attached is a patch against 4.5.14 RC 1 that implements the feature you > requested. > > To generate -m multiport --ports ...., place the port list in the DEST > PORT(S) column and place ''='' in the SOURCE PORT(S) column. > > e.g. > > #ACTION CHAIN SOURCE DEST PROTO DEST SOURCE > # PORT(S) PORT(S) > COUNT - br0 - tcp 80 > > -Tom > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
Hello ! Sorry for the recent spam email. Looks like the yahoo account got hacked. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On 3/4/13 1:13 PM, "Matt Joyce" <mjoyce@mttjocy.co.uk> wrote:>Great work, thank you for that taken me a while to reply as I wanted to >get it up and running first and took me a little bit to figure out how >to successfully edit an ebuild to install the latest version latest in >portage was 4.5.11.2 and prefer that portage is keeping track of things >for future updates etc. > >Portage aside the patch is working just great for me here so thanks >again for the hard work. > >Noticed it was an RC so will just add the update itself all looks good >on my box, no issues as far as I can tell, perl 5.16.1 iptables 1.4.17 >with ipset 6.16.1, xtables 2.1 kernel linux-amd64 3.7.8, selinux on >intel i7 870.I don''t intend to release this feature until 4.5.15, because I don''t like to add new features after I''ve uploaded the first RC. So when 4.5.14 is released, you will need to re-apply the patch. The patch will be included in 4.5.15 Beta 1. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb