Keith Edmunds wrote:> Shorewall 4.0.15 (Debian Lenny)
>
> I''m trying to drop all packets from any IP address not listed in a
specific
> ipset. http://oss.org.cn/man/network/shorewall-docs-html-3.0.8/ipsets.html
> says, "To generate a negative match, prefix the "+" with
"!" as in
> "!+Mirrors"."
>
> My rule:
>
> DROP net:!+kaelist $FW tcp 222
>
> When restarting Shorewall, I get:
>
> ERROR: Unknown interface !+kaelist in rule: "DROP net:!+kaelist fw tcp
> 222 "
>
> Is what I''m doing possible and, if so, what''s the syntax
needed?
It doesn''t work in 4.0.15. There is a Lenny repository for Shorewall
4.4; check the Shorewall Download page
(http://www.shorewall.net/download.htm). Also be sure to check
http://www.shorewall.net/LennyToSqueeze.html for 4.0->4.4 upgrade advice.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev