Today I discovered that if you aren''t paying attention, and use a zone name in the SOURCE column in the masq file, shorewall attempts to interpret it as an interface name and complains about being unable to determine the routes, which is somewhat mystifying (at least until you read the firewall script and see what it''s doing). It would be far clearer if it checked to see whether an interface of the given name exists at all, and complained about that instead. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Andrew Suffield wrote:> Today I discovered that if you aren''t paying attention, and use a zone > name in the SOURCE column in the masq file, shorewall attempts to > interpret it as an interface name and complains about being unable to > determine the routes, which is somewhat mystifying (at least until you > read the firewall script and see what it''s doing). > > It would be far clearer if it checked to see whether an interface of > the given name exists at all, and complained about that > instead.Using Shorewall Perl: gateway:~ # shorewall check Checking... ERROR: Unknown Interface (foo) : /etc/shorewall/masq ( line 21 ) gateway:~ # -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sat, Jun 16, 2007 at 12:27:01PM -0700, Tom Eastep wrote:> Andrew Suffield wrote: > > Today I discovered that if you aren''t paying attention, and use a zone > > name in the SOURCE column in the masq file, shorewall attempts to > > interpret it as an interface name and complains about being unable to > > determine the routes, which is somewhat mystifying (at least until you > > read the firewall script and see what it''s doing). > > > > It would be far clearer if it checked to see whether an interface of > > the given name exists at all, and complained about that > > instead. > > Using Shorewall Perl: > > gateway:~ # shorewall check > Checking... > ERROR: Unknown Interface (foo) : /etc/shorewall/masq ( line 21 ) > gateway:~ #Heh, guess you''re one step ahead of me. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/