--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi List, I recently installed shorewall (v 1.2.13) on my Debian Sid Box, and most things works excellent! This is realy a good piece of software! But there is one thing that seems to fail. Wenn I insert a MAC-Adress into the whitelist I get the following error: | $ shorewall restart |=20 | [...] |=20 | Setting up Whitelisting... | 00:00:86:55:74:4E added to White List | 00:E0:7D:93:14:04 added to White List | 00:10:5A:A2:DE:13 added to White List | 192.168.88.2 added to White List | 192.168.88.3 added to White List |=20 | [...] |=20 | Activating Rules... | iptables: Invalid argument | Terminated My whitelist looks like that: | #ADDRESS/SUBNET | ~00-00-86-55-74-4E | ~00-E0-7D-93-14-04 | ~00-10-5A-A2-DE-13 | 192.168.88.2 | 192.168.88.3 | #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE If I remove the MAC-Entries all does well. I also found this in my /varlog/messages: | May 23 19:00:02 wrack kernel: ipt_mac: only valid for PRE_ROUTING, | LOCAL_IN or FORWARD. The ipt_mac Kernel module is loadet. Markus --=20 [ markus hubig ] [ mail: mhubig@web.de ] [ debian/gnu linux (sid) ] [ vorholzstrasse 6 ] [ saft: markus@pot.ath.cx ] [ linux 2.4.17 i686 ] [ 76131 karlsruhe ] [ tele: +049 721 6657522 ] [ reg. Linux user #204961 ] --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE87SI/81LrZFia79wRAjYhAKDBGNK/kUB6Ckmqhd+gEpNQSfqhswCg5qWd tmDiKhwZ+P8bDLEaB1GdUc0=zht4 -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc--
On Thu, 23 May 2002, Markus Hubig wrote:> Hi List, > > I recently installed shorewall (v 1.2.13) on my Debian Sid Box, and > most things works excellent! This is realy a good piece of software! > > But there is one thing that seems to fail. Wenn I insert a > MAC-Adress into the whitelist I get the following error: > | > | Activating Rules... > | iptables: Invalid argument > | Terminated > > My whitelist looks like that: >Because of this and other problems, Whitelist support is being discontinued in version 1.3. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Steve Herber
2002-May-23 20:24 UTC
[Shorewall-devel] Re: [Shorewall-users] MAC Adresses in whitelist ...
I looked at your 1.3 beta page about whitelist support a few days ago. I don''t need whitelist support but I like the fact that it so well complemented the blacklist support just like yes goes with no. But in my quick review of the page, I didn''t get any idea how do do a whitelist. My mind might have been running on empty. Anyway, are you dropping whitelist support, or is it going to be supported the original way, whatever that was? I now the whitelist file will go away, but can we document a ''how to whitelist'' so just the method changes? Thanks, -- Steve Herber herber@thing.com work: 206-261-0307 Systems Engineer, AMCIS, UoW home: 425-454-2399 On Thu, 23 May 2002, Tom Eastep wrote:> On Thu, 23 May 2002, Markus Hubig wrote: > > > Hi List, > > > > I recently installed shorewall (v 1.2.13) on my Debian Sid Box, and > > most things works excellent! This is realy a good piece of software! > > > > But there is one thing that seems to fail. Wenn I insert a > > MAC-Adress into the whitelist I get the following error: > > | > > | Activating Rules... > > | iptables: Invalid argument > > | Terminated > > > > My whitelist looks like that: > > > > Because of this and other problems, Whitelist support is being > discontinued in version 1.3. > > -Tom
Tom Eastep
2002-May-23 21:15 UTC
[Shorewall-devel] Re: [Shorewall-users] MAC Adresses in whitelist ...
On Thu, 23 May 2002, Steve Herber wrote:> > Anyway, are you dropping whitelist support, or is it going to be > supported the original way, whatever that was? I now the whitelist > file will go away, but can we document a ''how to whitelist'' so just > the method changes? >Well, that was the intent of: http://www.shorewall.net/whitelisting_under_shorewall.htm. I take it that you didn''t find that adaquate... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Paul Gear
2002-May-24 20:01 UTC
[Shorewall-devel] Re: [Shorewall-users] MAC Adresses in whitelist ...
Tom Eastep wrote:> On Thu, 23 May 2002, Steve Herber wrote: > > > > > Anyway, are you dropping whitelist support, or is it going to be > > supported the original way, whatever that was? I now the whitelist > > file will go away, but can we document a ''how to whitelist'' so just > > the method changes? > > > > Well, that was the intent of: > > http://www.shorewall.net/whitelisting_under_shorewall.htm. > > I take it that you didn''t find that adaquate...That''s http://www.shorewall.net/1.3/whitelisting_under_shorewall.htm for those of you who, like me, went looking for it... Paul http://paulgear.webhop.net