Hi,
the new function ''shorewall show zones'' in 2.2.0-Beta showed a
thing
which is (in my view) either abug or not documented.
If I have a line in /etc/shorewall/hosts which reads
work br0:eth0:192.168.2.10,192.168.2.11,192.168.2.12
then "show zones" has the output
work
br0:eth0:192.168.2.10
br0:192.168.2.11
br0:192.168.2.12
That is, the interface eth0 is ignored for the latter 2 entries in the list.
However, the line
work br0:eth0:192.168.2.10,eth0:192.168.2.11,eth0:192.168.2.12
yields the right thing:
work
br0:eth0:192.168.2.10
br0:eth0:192.168.2.11
br0:eth0:192.168.2.12
However, the configuration
work
br0:eth0:192.168.2.10,br0:eth0:192.168.2.11,br0:eth0:192.168.2.12
results in errors ("Warning: wierd character in interface
`br0:eth0'' (No
aliases, :, ! or *).") and shorewall is not started, which is somehow
inconsistent in my view. ;-)
/ben
On Sun, 2004-12-05 at 15:18 +0100, Ben Greiner wrote:> Hi, > > the new function ''shorewall show zones'' in 2.2.0-Beta showed a thing > which is (in my view) either abug or not documented.Actually, it''s been right in front of you all along. Both "shorewall check" and "shorewall start" show exactly the same information.> > If I have a line in /etc/shorewall/hosts which reads > > work br0:eth0:192.168.2.10,192.168.2.11,192.168.2.12 > > then "show zones" has the output > work > br0:eth0:192.168.2.10 > br0:192.168.2.11 > br0:192.168.2.12 > > That is, the interface eth0 is ignored for the latter 2 entries in the list. > > However, the line > > work br0:eth0:192.168.2.10,eth0:192.168.2.11,eth0:192.168.2.12 > > yields the right thing: > work > br0:eth0:192.168.2.10 > br0:eth0:192.168.2.11 > br0:eth0:192.168.2.12 > > > However, the configuration > work > br0:eth0:192.168.2.10,br0:eth0:192.168.2.11,br0:eth0:192.168.2.12 > > results in errors ("Warning: wierd character in interface `br0:eth0'' (No > aliases, :, ! or *).") and shorewall is not started, which is somehow > inconsistent in my view. ;-) >Read the definition of the HOST(S) column again (http://shorewall.net/Documentation.htm#Hosts). It says that the column must begin with an interface defined in /etc/shorewall/interfaces (br0) followed by a colon (":") and a comma-separated list. Each element in the list may be: - The IP address of a host - A sub-network in the form <subnet-address>/<mask width> - a physical port name which may be optionally followed by a comma and an address. What you have just demonstrated is completely consistent with that definition. Or am I missing something? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ben Greiner
2004-Dec-05 16:07 UTC
Re: host list in /etc/shorewall/hosts: interface ignored
On 05.12.2004 16:57, Tom Eastep wrote:>Read the definition of the HOST(S) column again >(http://shorewall.net/Documentation.htm#Hosts). > >It says that the column must begin with an interface defined >in /etc/shorewall/interfaces (br0) followed by a colon (":") and a >comma-separated list. Each element in the list may be: > >- The IP address of a host >- A sub-network in the form <subnet-address>/<mask width> >- a physical port name which may be optionally followed by a comma and >an address. > >What you have just demonstrated is completely consistent with that >definition. Or am I missing something? > >-Tom > >You are right. I confused ''interface'' (which I thought is br0:eth0 and not only br0) and ''physical port''. Thanks for clarifying. /ben -- _____________________________________________________________________________ Ben Greiner Universität zu Köln/University of Cologne Staatswissenschaftliches Seminar Lehrstuhl Prof. Dr. Ockenfels Albertus-Magnus-Platz 50923 KÖLN, GERMANY PHONE ++49 (0) 221 470 6116 E-MAIL bgreiner@uni-koeln.de http://ockenfels.uni-koeln.de