REF: Mon Feb 17 16:20:20 PST 2003 Gilson Soares Routestopped Don''t accept comma seperated values REF: Thu Feb 20 17:06:22 PST 2003 Tom Eastep Question about the Route Stopped File I am using shorewall 1.3.14 and below are the two different ways I tried to set up routestopped. I am also using iptables v1.2.6a I have gone back over the mailing list archive in an attempt to not be more redundant that I usually am. I have also gone through and looked. I tried Gilson Soares routestopped entries in my routestopped file and they did not work. However changing them to " "(SPACE) delimited allowed iptables to load them without a problem. As you can see from the first list there looks to be a small problem with the iptables --list return. The fact that there is an "ACCEPT all -- ANYWHERE ANYWHERE" makes it look like my tables entries don''t matter. The only reason this is in there is because in order to capture the output I needed to add a routestopped entry for eth1 like eth1 -. Even with that removed and returned to a statefull entry " "(SPACE) delimited works fine in routestopped. Now my question is although it works using a space with the version of iptables that I have. Are the instructions for shorewall/routestopped file pointed towards a specific version of iptables. ROUTESTOPPED ENTRY: eth0 192.168.10.2 224.0.0.18 (please note the white space and not comma separated for the list) [root@localhost shorewall]# iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- 192.168.10.2 anywhere ACCEPT all -- 224.0.0.18 anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- 192.168.10.2 224.0.0.18 ACCEPT all -- 192.168.10.2 anywhere ACCEPT all -- 192.168.10.2 anywhere ACCEPT all -- 224.0.0.18 192.168.10.2 ACCEPT all -- 224.0.0.18 anywhere ACCEPT all -- 224.0.0.18 anywhere ACCEPT all -- anywhere 192.168.10.2 ACCEPT all -- anywhere 224.0.0.18 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 192.168.10.2 ACCEPT all -- anywhere 224.0.0.18 ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere 192.168.10.2 ACCEPT all -- anywhere 224.0.0.18 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere _________________________________________________________________________ ROUTESTOPPED ENTRY: eth0 192.168.10.2,224.0.0.18 (Please note the comma separated list) [root@localhost shorewall]# shorewall stop Processing /etc/shorewall/params ... Stopping Shorewall...Processing /etc/shorewall/stop ... iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found Try `iptables -h'' or ''iptables --help'' for more information. Processing /etc/shorewall/stopped ... done. [root@localhost shorewall]# iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
ADDENDUM TO EMAIL TO FIX TYPOS DUE TO LACK OF SLEEP: *I have also gone through and looked at the documentation for how to configure shorewall. *As you can see with the second iptables list there seems to be a problem. The first iptables/routestopped list is just how it should be. At 02:44 PM 2/21/2003 -0600, you wrote:>REF: Mon Feb 17 16:20:20 PST 2003 Gilson Soares Routestopped Don''t >accept comma seperated values >REF: Thu Feb 20 17:06:22 PST 2003 Tom Eastep Question about the Route >Stopped File > >I am using shorewall 1.3.14 and below are the two different ways I tried >to set up routestopped. >I am also using iptables v1.2.6a > >I have gone back over the mailing list archive in an attempt to not be >more redundant that I usually am. I have also gone through and looked. I >tried Gilson Soares routestopped entries in my routestopped file and they >did not work. However changing them to " "(SPACE) delimited allowed >iptables to load them without a problem. As you can see from the first >list there looks to be a small problem with the iptables --list >return. The fact that there is an "ACCEPT all >-- ANYWHERE ANYWHERE" makes it look like my tables entries >don''t matter. The only reason this is in there is because in order to >capture the output I needed to add a routestopped entry for eth1 like eth1 >-. Even with that removed and returned to a statefull entry " "(SPACE) >delimited works fine in routestopped. >Now my question is although it works using a space with the version of >iptables that I have. Are the instructions for shorewall/routestopped >file pointed towards a specific version of iptables. >ROUTESTOPPED ENTRY: > >eth0 192.168.10.2 224.0.0.18 (please note the white space and >not comma separated for the list) > > >[root@localhost shorewall]# iptables --list >Chain INPUT (policy DROP) >target prot opt source destination >ACCEPT all -- 192.168.10.2 anywhere >ACCEPT all -- 224.0.0.18 anywhere >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere > >Chain FORWARD (policy DROP) >target prot opt source destination >ACCEPT all -- 192.168.10.2 224.0.0.18 >ACCEPT all -- 192.168.10.2 anywhere >ACCEPT all -- 192.168.10.2 anywhere >ACCEPT all -- 224.0.0.18 192.168.10.2 >ACCEPT all -- 224.0.0.18 anywhere >ACCEPT all -- 224.0.0.18 anywhere >ACCEPT all -- anywhere 192.168.10.2 >ACCEPT all -- anywhere 224.0.0.18 >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere 192.168.10.2 >ACCEPT all -- anywhere 224.0.0.18 >ACCEPT all -- anywhere anywhere > >Chain OUTPUT (policy DROP) >target prot opt source destination >ACCEPT all -- anywhere 192.168.10.2 >ACCEPT all -- anywhere 224.0.0.18 >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >_________________________________________________________________________ > >ROUTESTOPPED ENTRY: >eth0 192.168.10.2,224.0.0.18 (Please note the comma separated list) > > >[root@localhost shorewall]# shorewall stop >Processing /etc/shorewall/params ... >Stopping Shorewall...Processing /etc/shorewall/stop ... >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >iptables v1.2.6a: host/network `192.168.10.2,224.0.0.18'' not found >Try `iptables -h'' or ''iptables --help'' for more information. >Processing /etc/shorewall/stopped ... >done. > > >[root@localhost shorewall]# iptables --list >Chain INPUT (policy DROP) >target prot opt source destination >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere > >Chain FORWARD (policy DROP) >target prot opt source destination >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere > >Chain OUTPUT (policy DROP) >target prot opt source destination >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere >ACCEPT all -- anywhere anywhere > > > > >Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum >immane mittam. > > > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.shorewall.net >http://lists.shorewall.net/mailman/listinfo/shorewall-usersCatapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam.
Charles Holbrook wrote:> REF: Mon Feb 17 16:20:20 PST 2003 Gilson Soares Routestopped > Don''t accept comma seperated values > REF: Thu Feb 20 17:06:22 PST 2003 Tom Eastep Question about the Route > Stopped File > > I am using shorewall 1.3.14 and below are the two different ways I tried > to set up routestopped. > I am also using iptables v1.2.6a >If you would simply install the firewall script from the errata as I recommended in my last post, it would work as documented. Until you install that version of the firewall script, I don''t want to hear any more about it. [root@wookie STABLE]# shorewall stop Processing /etc/shorewall/params ... Stopping Shorewall...Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... done. [root@wookie STABLE]# cat /etc/shorewall/routestopped eth0 192.168.1.0/24,192.168.2.0/24 [root@wookie STABLE]# -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net