Package: shorewall
Version: 4.5.16.1-1
Severity: normal
Dear Maintainer,
My shorewall stopped working after an upgrade, refusing to start. A
quick check shows that it considers using the "|" prefix on marks in
the tcrules to be invalid;
$ sudo shorewall check
Checking...
Processing /etc/shorewall/params ...
[...]
Checking /etc/shorewall/tcrules...
ERROR: Invalid Mark or Mask value (|0x10) /etc/shorewall/tcrules (line 19)
The line it is complaining about in my tcrules file is;
|0x10:T 192.168.0.0/24 0.0.0.0/0 all - - - !0
Using this feature is documented in the shorewall-tcrules man page,
though it is not mentioned in other online shorewall documentation.
The man page says;
If preceded by a vertical bar ("|"), the mark value will be
logically ORed with the current mark value to produce a new mark
value.
Interestingly the similar "&" prefix still works fine, as confirmed by
changing all the "|" prefixes to "&" prefixes and re-running "shorewall
check" (but gives me incorrect tc marks).
This makes shorewall unusable for me, since I rely on this "|" prefix
feature for correctly setting my tc marks.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.10-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages shorewall depends on:
ii bc 1.06.95-8
ii debconf [debconf-2.0] 1.5.51
ii iproute 1:3.11.0-1
ii iptables 1.4.20-2
ii perl-modules 5.18.1-4
ii shorewall-core 4.5.16.1-1
shorewall recommends no packages.
Versions of packages shorewall suggests:
ii linux-image-3.10-3-amd64 [linux-image] 3.10.11-1
ii make 3.81-8.2
ii shorewall-doc 4.5.16-1
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
