In the SOURCE field in the rules file I tried to use: loc:!~00-A0-C9-15-39-78 I was trying to say apply this rule except for the interface with the above MAC address. Shorewall did not like this syntax. It was a REDIRECT rule if it makes a difference. I see in the rules file documentation that without the "!" operator it is valid syntax, but I was not sure if what I am trying to do is allowed. Thanks. Scott -- ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
Scott Ruckh wrote:> In the SOURCE field in the rules file I tried to use: > > loc:!~00-A0-C9-15-39-78 > > I was trying to say apply this rule except for the interface with the > above MAC address. Shorewall did not like this syntax. It was a REDIRECT > rule if it makes a difference. I see in the rules file documentation that > without the "!" operator it is valid syntax, but I was not sure if what I > am trying to do is allowed.It is my intention that it should work but without anything more to go on than "Shorewall did not like this syntax", I can''t tell you anything more. Questions that come to mind: a) Shorewall version? b) Trace? (http://www.shorewall.net/support.htm clearly asks for a trace when "shorewall start" fails). I cannot guarantee that I will be able to provide you with any sort of fix for the next two weeks -- I''m on vacation and I have nothing but a one-interface laptop to try to reproduce problems on (and it only runs 3.2.0 Beta7+). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Scott Ruckh wrote:> In the SOURCE field in the rules file I tried to use: > > loc:!~00-A0-C9-15-39-78 > > I was trying to say apply this rule except for the interface with the > above MAC address. Shorewall did not like this syntax. It was a REDIRECT > rule if it makes a difference. I see in the rules file documentation that > without the "!" operator it is valid syntax, but I was not sure if what I > am trying to do is allowed.There is an untested fix for this problem at http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.7/errata/firewall Replace /usr/share/shorewall/firewall with that file. Note that this fix is against Shorewall version 3.0.7. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
This is what you said Tom Eastep> Scott Ruckh wrote: >> In the SOURCE field in the rules file I tried to use: >> >> loc:!~00-A0-C9-15-39-78 >> >> I was trying to say apply this rule except for the interface with the >> above MAC address. Shorewall did not like this syntax. It was a >> REDIRECT >> rule if it makes a difference. I see in the rules file documentation >> that >> without the "!" operator it is valid syntax, but I was not sure if what >> I >> am trying to do is allowed. > > There is an untested fix for this problem at > http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.7/errata/firewall > > Replace /usr/share/shorewall/firewall with that file. > > Note that this fix is against Shorewall version 3.0.7.I am running 3.0.4, but I will take a look at the patch. This is not an urgent request, nor a big deal. It was just unexpected. I have never seen anyone so dedicated to supporting an open source project. Enjoy your vacation you deserve it. I will go through the "proper" means of getting support when you get back from vacation. Thanks for your dedication and assistance. Scott ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642