Hi, I''m using shorewall 2.0.3. When I use a subnet/ip in tcrules''s DEST, I got an error. For example, if I put 1 eth1 0.0.0.0/0 icmp or 1 eth1 203.111.134.13 icmp I would get this error: Unknown interface 0.0.0.0/0 in rule "1 eth1 0.0.0.0/0 icmp" But from the documentation, it can be done that way? __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Rudy Koento wrote:> Hi, > > I''m using shorewall 2.0.3. When I use a subnet/ip in > tcrules''s DEST, I got an error. > > For example, if I put > > 1 eth1 0.0.0.0/0 icmp > > or > > 1 eth1 203.111.134.13 icmp > > I would get this error: > > Unknown interface 0.0.0.0/0 in rule "1 eth1 0.0.0.0/0 > icmp" > > But from the documentation, it can be done that way? >Oops; bug introduced in 2.0.3 -- Edit your /usr/share/shorewall/firewall script and replace this code at line 2053: if [ "x$dest" != "x-" ]; then verify_interface $dest || fatal_error "Unknown interface $dest in rule \"$rule\"" r="${r}$(match_dest_dev $dest) " fi with this code: [ "x$dest" = "x-" ] || r="${r}-d $dest " -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:>> > Oops; bug introduced in 2.0.3 -- Edit your /usr/share/shorewall/firewall > script and replace this code at line 2053: > > if [ "x$dest" != "x-" ]; then > verify_interface $dest || fatal_error "Unknown interface $dest > in rule \"$rule\"" > r="${r}$(match_dest_dev $dest) " > fi > > with this code: > > > [ "x$dest" = "x-" ] || r="${r}-d $dest " >The CVS STABE2/ project has been updated and corrected code is available at: http://shorewall.net/pub/shorewall/errata/2.0.3/firewall ftp://shorewall.net/pub/shorewall/errata/2.0.3/firewall -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net