Shorewall generates duplicate rules - seemingly one for each interface(?) when multiple interfaces are zoned together.
On Sun, 2003-10-19 at 07:00, Taso Hatzi wrote:> Shorewall generates duplicate rules - seemingly one for each > interface(?) when multiple interfaces are zoned together.Please forward an example: a) /etc/shorewall/hosts b) /etc/shorewall/interfaces c) Output of "shorewall status" as a text attachment. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
this looks like the same problem i had (see thread redundant rules) tom provided a fixed script ( /usr/share/shorewall/firewall ) which according to him is available in cvs. Holger Brueckner net-labs Systemhaus GmbH On Sun, 2003-10-19 at 16:55, Tom Eastep wrote:> On Sun, 2003-10-19 at 07:00, Taso Hatzi wrote: > > Shorewall generates duplicate rules - seemingly one for each > > interface(?) when multiple interfaces are zoned together. > > Please forward an example: > > a) /etc/shorewall/hosts > b) /etc/shorewall/interfaces > c) Output of "shorewall status" as a text attachment. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
On Tue, 2003-10-21 at 08:59, Holger Br?ckner wrote:> this looks like the same problem i had > (see thread redundant rules) > > tom provided a fixed script ( /usr/share/shorewall/firewall ) which > according to him is available in cvs. >In Taso''s case, he was using "iptables -nL" to display his ruleset rather than "shorewall show" (which does "iptables -L -n -v"). Without the ''-v'' option, some of the rules appear to be duplicates. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net