Roberto C. Sánchez wrote:
On Thu, Oct 30, 2008 at 10:03:33AM -0500, Harry Coin wrote:
Though the maintainers thought the two shorewall-perl updates( to -3)
would fix the incompatibility with latest iptables, and the bugs marked
closed, nevertheless the exact problem remains uncorrected and
shorewall-perl crashes. Downgrading to iptables 1-3 works. The error
was on this .iptables-restore-input line:
-A zlcl12fw -p 6 --dport 3128 -m conntrack --ctorigdst ! 192.168.0.1 -j
ACCEPT ...
The log:
09:39:32 Running /sbin/iptables-restore...
iptables-restore v1.4.1.1: host/network `!' not found
What is the output of 'shorewall show capabilities' on the problem host?
Regards,
-Roberto
Debain testing/lenny defaults:
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
