thr3ads.net - Shorewall users - mac address separator [Oct 2013]

If this information is useful, please help other people find it:
Share via:

matt darfeuille

2013-Oct-09 18:03 UTC

mac address separator

Hi,

while trying to use multiple mac addresses in the source column of 
/etc/shorewall/rules the use of the suggested separator (-) triggers 
an error when compiling:

root@old:~# shorewall check
...
Checking /etc/shorewall/rules...
   ERROR: Invalid MAC address (30:46:9A:FC:06:2D:~00:22:FA:D8:B2:64) 
/etc/shorewall/rules (line 32)

If instead the (,) separator is used shorewall will compile fine!

root@old:~# shorewall check
Checking...
...
Checking /etc/shorewall/rules...
...
Shorewall configuration verified

matt

P.S. Thank you Tom for implementing the insserv changes in the 
install.sh scripts, they are now working like a charm in 
shorewall.4.5.21.1!!!:)

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

Tom Eastep

2013-Oct-10 01:04 UTC

head link

Re: mac address separator

On 10/9/2013 11:03 AM, matt darfeuille wrote:> Hi,
> 
> while trying to use multiple mac addresses in the source column of 
> /etc/shorewall/rules the use of the suggested separator (-) triggers 
> an error when compiling:
> 
> root@old:~# shorewall check
> ...
> Checking /etc/shorewall/rules...
>    ERROR: Invalid MAC address (30:46:9A:FC:06:2D:~00:22:FA:D8:B2:64) 
> /etc/shorewall/rules (line 32)
> 
> If instead the (,) separator is used shorewall will compile fine!
> 
I have no idea what problem you are reporting.

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

matt darfeuille

2013-Oct-10 13:12 UTC

head link

Re: mac address separator

Hi tom, thank you for your answer which cleared everything up!

I guess I was misinterpreting the following lines!
...
Except when all[+][-] or any[+][-] is specified, clients may be 
further restricted to a list of networks and/or hosts by appending 
":" and a comma-separated list of network and/or host addresses. 
Hosts may be specified by IP or MAC address; mac addresses must begin 
with "~" and must use "-" as a separator.
...

If I may suggest one little change on 
http://www.shorewall.net/manpages/shorewall-rules.html that will 
avoyed e-mail like this in the future!:

Changing the mac example from:
loc:~00-A0-C9-15-39-78
Host in the local zone with MAC address 00:A0:C9:15:39:78.
to:
loc:~00-A0-C9-15-39-78,~00-4F-12-C2-24-F8
Hosts in the local zone with MAC addresses 00:A0:C9:15:39:78 and 
00:4F:12:C2:24:F8

matt

On 9 Oct 2013 at 18:04, Tom Eastep wrote:

Date sent:	Wed, 09 Oct 2013 18:04:53 -0700
From:	Tom Eastep <teastep@shorewall.net>
To:	shorewall-users@lists.sourceforge.net
Subject:	Re: [Shorewall-users] mac address separator
Send reply to:	Shorewall Users <shorewall-users@lists.sourceforge.net>
	<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
	<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
> On 10/9/2013 11:03 AM, matt darfeuille wrote:
> > Hi,
> > 
> > while trying to use multiple mac addresses in the source column of
> > /etc/shorewall/rules the use of the suggested separator (-) triggers
> > an error when compiling:
> > 
> > root@old:~# shorewall check
> > ...
> > Checking /etc/shorewall/rules...
> >    ERROR: Invalid MAC address (30:46:9A:FC:06:2D:~00:22:FA:D8:B2:64)
> >    
> > /etc/shorewall/rules (line 32)
> > 
> > If instead the (,) separator is used shorewall will compile fine!
> > 
> 
> I have no idea what problem you are reporting.
> 
> -Tom
> 
> -- 
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> 
> 


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

Shorewall users - Oct 2013 - mac address separator

mac address separator

Re: mac address separator

Re: mac address separator