I want to be able to serve some mDNS information from our firewall to our
visitor network. I tried adding the following to our rules:
mDNS(ACCEPT) net:10.11.0.0/24 $FW
shorewall check errors with:
Checking /etc/shorewall/rules...
ERROR: Unknown destination zone (224.0.0.251)
/usr/share/shorewall/macro.mDNS (line 16)
from /etc/shorewall/rules (line 62)
Any idea what is up?
Tested with 4.5.15 and 4.5.21-Beta3
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 http://www.nwra.com
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
On 9/24/2013 2:34 PM, Orion Poplawski wrote:> I want to be able to serve some mDNS information from our firewall to our > visitor network. I tried adding the following to our rules: > > mDNS(ACCEPT) net:10.11.0.0/24 $FW > > shorewall check errors with: > > Checking /etc/shorewall/rules... > ERROR: Unknown destination zone (224.0.0.251) > /usr/share/shorewall/macro.mDNS (line 16) > from /etc/shorewall/rules (line 62) > > Any idea what is up?The way that the macro is written, you may not qualify the SOURCE. You need: mDNS(ACCEPT) NET $FW -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
On 09/25/2013 09:37 AM, Tom Eastep wrote:> On 9/24/2013 2:34 PM, Orion Poplawski wrote: >> I want to be able to serve some mDNS information from our firewall to our >> visitor network. I tried adding the following to our rules: >> >> mDNS(ACCEPT) net:10.11.0.0/24 $FW >> >> shorewall check errors with: >> >> Checking /etc/shorewall/rules... >> ERROR: Unknown destination zone (224.0.0.251) >> /usr/share/shorewall/macro.mDNS (line 16) >> from /etc/shorewall/rules (line 62) >> >> Any idea what is up? > > The way that the macro is written, you may not qualify the SOURCE. You need: > > mDNS(ACCEPT) NET $FWHi Orion, That macro is due for a rewrite; I''m happy to work with you on finding a patched version that works sensibly. Depending on how many people are using it, we may need to rename it to something else. Can I have a quick show of hands on how many people are using it? Thanks, Paul ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
On 10/2/2013 12:51 AM, Paul Gear wrote:> That macro is due for a rewrite; I''m happy to work with you on finding a > patched version that works sensibly. Depending on how many people are > using it, we may need to rename it to something else. Can I have a > quick show of hands on how many people are using it?I do, but I really don''t count :-) For 4.5.21, I have expanded the dynamic port range in both mDNS and mDNSbi to 1024:65535 from 32768:65535. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> That macro is due for a rewrite; I''m happy to work with you on finding a > patched version that works sensibly. Depending on how many people are > using it, we may need to rename it to something else. Can I have a > quick show of hands on how many people are using it?Not yet, but I''m planning to. ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk