Dear all, After update from 3.2.4 to 3.2.5 version my maclist seem not working stop with this error : Setting up MAC Filtration -- Phase 1... iptables v1.3.6: policy match: invalid policy `--dir'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state --state NEW -m policy --pol --dir in -j eth1_mac" Failed Processing /etc/shorewall/stop ... IP Forwarding Enabled here my config files MACLIST_LOG_LEVEL=info MACLIST_TABLE=filter MACLIST_TTLMACLIST_DISPOSITION=REJECT # --- interfaces # net eth0 detect norfc1918,routefilter,blacklist,tcpflags,nosmurfs wpa $wpa_if detect detectnets,norfc1918,routefilter,blacklist,tcpflags,maclist,nosmurfs # # -- params # wpa_if=eth1 # # maclist ACCEPT $wpa_if 00:09:92:01:CC:16 192.168.0.100 # # zones # fw firewall net ipv4 wpa ipv4 # thank for advances ------------------------------------------------------ Wratmoko Hadi HSW GSM : +62.8157115488 CDMA : +62.22.91175530 E-Mail : wra_eng@bdg.pacific.net.id System & Network Dev Pacific Telematika Indonesia Phone : +62.22.7308600 Fax : +62.22.7308601 Bandung - Indonesia http://www.bdg.pacific.net.id ------------------------------------------------------ Mon Nov 13 13:20:38 WIT 2006 Linux 2.6.17-1.2142_FC4 GNU/Linux Linux Counter #361972 KPLI #022-200011-495 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-11-13 at 16:52 +1000, Paul Gear wrote:> Wratmoko Hadi HSW wrote: > > Dear all, > > > > After update from 3.2.4 to 3.2.5 version > > my maclist seem not working > > stop with this error : > > > > Setting up MAC Filtration -- Phase 1... > > iptables v1.3.6: policy match: invalid policy `--dir'' > > Try `iptables -h'' or ''iptables --help'' for more information. > > ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state > > --state NEW -m policy --pol --dir in -j eth1_mac" Failed > > Have you also upgraded your kernel and/or iptables? If you downgrade > your shorewall package to 3.2.4, does it work again? > > PaulYes, it work fine if downgrade into into 3.2.4 version> > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------ Wratmoko Hadi HSW GSM : +62.8157115488 CDMA : +62.22.91175530 E-Mail : wra_eng@bdg.pacific.net.id System & Network Dev Pacific Telematika Indonesia Phone : +62.22.7308600 Fax : +62.22.7308601 Bandung - Indonesia http://www.bdg.pacific.net.id ------------------------------------------------------ Mon Nov 13 13:46:31 WIT 2006 Linux 2.6.17-1.2142_FC4 GNU/Linux Linux Counter #361972 KPLI #022-200011-495 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Wratmoko Hadi HSW wrote:> Dear all, > > After update from 3.2.4 to 3.2.5 version > my maclist seem not working > stop with this error : > > Setting up MAC Filtration -- Phase 1... > iptables v1.3.6: policy match: invalid policy `--dir'' > Try `iptables -h'' or ''iptables --help'' for more information. > ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state > --state NEW -m policy --pol --dir in -j eth1_mac" FailedHave you also upgraded your kernel and/or iptables? If you downgrade your shorewall package to 3.2.4, does it work again? Paul ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Wratmoko Hadi HSW wrote:> On Mon, 2006-11-13 at 16:52 +1000, Paul Gear wrote: >> Wratmoko Hadi HSW wrote: >>> Dear all, >>> >>> After update from 3.2.4 to 3.2.5 version >>> my maclist seem not working >>> stop with this error : >>> >>> Setting up MAC Filtration -- Phase 1... >>> iptables v1.3.6: policy match: invalid policy `--dir'' >>> Try `iptables -h'' or ''iptables --help'' for more information. >>> ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state >>> --state NEW -m policy --pol --dir in -j eth1_mac" Failed >> Have you also upgraded your kernel and/or iptables? If you downgrade >> your shorewall package to 3.2.4, does it work again? >> >> Paul > > Yes, it work fine if downgrade into into 3.2.4 versionPlease try the attached patch against the 3.2.5 ''compiler'' file (/usr/share/shorewall/complier). Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Mon, 2006-11-13 at 07:39 -0800, Tom Eastep wrote:> Wratmoko Hadi HSW wrote: > > On Mon, 2006-11-13 at 16:52 +1000, Paul Gear wrote: > >> Wratmoko Hadi HSW wrote: > >>> Dear all, > >>> > >>> After update from 3.2.4 to 3.2.5 version > >>> my maclist seem not working > >>> stop with this error : > >>> > >>> Setting up MAC Filtration -- Phase 1... > >>> iptables v1.3.6: policy match: invalid policy `--dir'' > >>> Try `iptables -h'' or ''iptables --help'' for more information. > >>> ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state > >>> --state NEW -m policy --pol --dir in -j eth1_mac" Failed > >> Have you also upgraded your kernel and/or iptables? If you downgrade > >> your shorewall package to 3.2.4, does it work again? > >> > >> Paul > > > > Yes, it work fine if downgrade into into 3.2.4 version > > Please try the attached patch against the 3.2.5 ''compiler'' file > (/usr/share/shorewall/complier). > > Thanks, > -TomI ready patch compiler file, maclist verification seem works again IP Forwarding Enabled Setting up SYN Flood Protection... Setting up IPSEC management... Setting up MAC Filtration -- Phase 1... Setting up Rules... Setting up Tunnels... Setting up Actions... Creating action chain Drop Creating action chain Reject Creating action chain dropBcast Creating action chain dropInvalid Creating action chain dropNotSyn Setting up MAC Filtration -- Phase 2... Applying Policies... Setting up Masquerading/SNAT... Setting up TOS... Setting up ECN... Setting up TC Rules... Activating Rules... Processing /etc/shorewall/start ... Processing /etc/shorewall/started ... here some log Nov 14 10:19:15 pantheon kernel: Shorewall:eth1_mac:REJECT:IN=eth1 OUTMAC=ff:ff:ff:ff:ff:ff:00:02:b9:8a:48:c0:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=59529 PROTO=UDP SPT=68 DPT=67 LEN=308 thanks for advanced ------------------------------------------------------ Wratmoko Hadi HSW GSM : +62.8157115488 CDMA : +62.22.91175530 E-Mail : wra_eng@bdg.pacific.net.id System & Network Dev Pacific Telematika Indonesia Phone : +62.22.7308600 Fax : +62.22.7308601 Bandung - Indonesia http://www.bdg.pacific.net.id ------------------------------------------------------ Tue Nov 14 09:32:16 WIT 2006 Linux 2.6.17-1.2142_FC4 GNU/Linux Linux Counter #361972 KPLI #022-200011-495 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Wratmoko Hadi HSW wrote:> On Mon, 2006-11-13 at 07:39 -0800, Tom Eastep wrote:>> Please try the attached patch against the 3.2.5 ''compiler'' file> maclist verification seem works againThanks for testing the fix. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642