| Main Archive Page > Month Archives > shorewall-devel archives |
Re: [Shorewall-devel] Shorewall 4.4.24 Beta 1
From: Tom Eastep <teastep_at_nospam>Date: Mon Sep 19 2011 - 20:25:20 GMT
To: shorewall-devel@lists.sourceforge.net
On Sep 19, 2011, at 1:01 PM, Steven Jan Springl wrote:
> Shorewall netmap entry:
>
> DNAT:P 192.168.168.0/24 eth0 10.199.0.0/16 - icmp 8,3
>
> Generates the following rule:
>
> -A PREROUTING -p 1 --icmp-type 8,3 -d 192.168.168.0/24 -i eth0 -j
> RAWDNAT --to-dest 10.199.0.0/16
>
> Which produces the following error message:
>
> iptables-restore v1.4.12.1: Invalid ICMP type `8,3'
>
> -------------------------------------------------------------------------------------------------------------------
>
> Specifying a similar format shorewall6 netmap entry:
>
> DNAT:P 2001:4d48:ad51:24::/64 eth0 fd58:b443:dd9e:1::/64 - icmp 129,128
>
> Produces the following error message:
>
> Undefined subroutine &Shorewall::Chains::list_split called
> at /usr/share/shorewall/Shorewall/Chains.pm line 3258, <$currentfile> line
> 11.
Steven,
Both issues should be eliminated by the attached patch. I had not intended to allow icmp-type lists in that file but an existing bug prevented that restriction.
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel