-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Macklem wrote:
| Tom,
|
| As I said in a previous mail, these rules file changes work. Thanks.
|
| However, I''m not sure that your firewall changes to handle the
GATEWAY
column in the tunnels file does work. I downloaded the most recent
STABLE2 release from CVS and replaced my copy of the firewall script
with the updated version (v1.33). I now get the following error
starting shorewall when the tunnels file has this line:
|
| pptpserver net !199.84.155.150
|
| Sep 25 09:33:53 mtsi-serv shorewall: Processing /etc/shorewall/tunnels...
| Sep 25 09:33:53 mtsi-serv shorewall: iptables v1.2.9: host/network
`!199.84.155.150'' not found
| Sep 25 09:33:53 mtsi-serv shorewall: Try `iptables -h'' or
''iptables
- --help'' for more information.
|
| BTW, I''ve moved this off of the mailing list, feel free to put it
back
on there if you want.
Hmmm -- the tunnels file has never accepted "!" in the GATEWAY column
regardless of the tunnel type :-(
Change the ''addrule()'' function (line 293 in
/usr/share/shorewall/firewall) to use ''run_iptables2'' rather
than
''run_iptables''.
~ addrule() # $1 = chain name, remainder of arguments specify the rule
~ {
~ ensurechain $1
~ run_iptables2 -A $@
~ }
I''ve tested that change with this tunnels file entry:
pptpserver net !64.139.97.48
The change is also checked into CVS in all three threads.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBVbrXO/MAbZfjDLIRAnYKAJ9Cf8ZSXO3hGR9XJUf9u08nYbO4ZQCeIXvG
YeODpXxVOVW46QPjok4h3JE=zvtH
-----END PGP SIGNATURE-----
