Re: [Shorewall-devel] Shorewall 4.5.2 RC 2 (Correction)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 4/9/12 6:06 PM, "Tom Eastep" <te...@sh...> wrote:

>On 4/9/12 5:03 PM, "Tom Eastep" <te...@sh...> wrote:
>
>>On 4/9/12 4:32 PM, "Tom Eastep" <te...@sh...> wrote:
>>
>>>On 4/9/12 3:14 PM, "Steven Jan Springl" <st...@sp...>
>>>wrote:
>>>
>>>>Tom
>>>>
>>>>In the attached config. accounting entry:
>>>>
>>>>RPFILTER:COUNT  -  -  eth0
>>>>
>>>>generates the following iptables rule:
>>>>
>>>>-A INPUT -o eth0 -j RPFILTER
>>>>
>>>>which produces the following error message:
>>>>
>>>>iptables-restore v1.4.13: Can't use -o with INPUT
>>>>
>>>>Additionally accounting entry:
>>>>
>>>>RPFILTER:COUNT  -  eth0  -
>>>>
>>>>generates the following iptables rule:
>>>>
>>>>-A OUTPUT -i eth0 -j RPFILTER
>>>>
>>>>which produces the following error message:
>>>>
>>>>ptables-restore v1.4.13: Can't use -i with OUTPUT
>>>>
>>>>Note, neither of these errors occur if OPTIMIZE=0 is specified.
>>>
>>>Steven,
>>>
>>>If we make any change here, it will be in the documentation. The entire
>>>reason for adding sections to the accounting file was to be able to
>>>detect
>>>this particular issue.
>>
>>I realized that this may be something that was broken in this release.
>>Please verify with the attached patch.
>
>Steven,
>
>Please try this patch instead.

Patch attached this time.

-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.