On 3/20/13 6:55 PM, "darx@sent.com" <darx@sent.com> wrote:
>i''m running SW v4.5.14
>
>i''ve created a basic /rules set, referencing a single action:
>
>cat /etc/shorewall/rules
> #########################################################################
>######################################################################
> #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
> RATE USER/ MARK CONNLIMIT TIME HEADERS
> SWITCH HELPER
> # PORT PORT(S) DEST
> LIMIT GROUP
>
> #SECTION ALL
> #SECTION ESTABLISHED
> #SECTION RELATED
> #SECTION INVALID
> #SECTION UNTRACKED
>
> SECTION NEW
>
> TESTACTION net any
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
>that action attempts to DROP for all members of an IPSET:
>
>cat /etc/shorewall/action.TESTACTION
> ?FORMAT 2
> ##############################################################
> #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
> # PORT(S) PORT(S) DEST
>
> DROP net:+TEST_IPSET[src,dst] $FW -
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
>but the shorewall `check` complains about an unknown *interface* ...
>
>shorewall check
> Checking...
> ...
> Checking /etc/shorewall/rules...
> Checking /etc/shorewall/action.TESTACTION for chain
> TESTACTION...
> ERROR: Unknown Interface (net)
> /etc/shorewall/action.TESTACTION (line 6)
> from /etc/shorewall/rules (line 13)
>
>I''m not sure why it''s seeing "net" as an
interface to begin with.
>
>Have I misconfigured here?
Action bodies may not refer to zones.
-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar