Am 22.12.2017 um 19:38 schrieb Tom Eastep: > On 12/22/2017 08:47 AM, Tom Eastep wrote: >> On 12/22/2017 08:47 AM, Oliver Freyermuth wrote: >>> Am 22.12.2017 um 17:33 schrieb Tom Eastep: >>>> On 12/22/2017 08:09 AM, Oliver Freyermuth via Shorewall-users wrote: >>>>> Dear Shorewallers, >>>>> >>>>> since the problem is rather pinned down already and easy to reproduce, >>>>> let me try with a minimal bugreport - if more info is really needed, just >>>>> let me know. >>>>> >>>>> I am using shorewall 6, version 5.1.9. >>>>> >>>>> If I specify in "interfaces": >>>>> net + dhcp,routeback,optional >>>>> then the ACCEPT rules for 546:547 (DHCPv6) are not created(!). >>>>> >>>>> If I specify: >>>>> net eth0 dhcp,routeback,optional >>>>> it works fine, and I observe the 546:547 udp rules being created. >>>>> >>>>> So the problem only exists if the interface is a "+" matching string >>>>> (also e.g. "e+" fails). >>>>> I'm right now helping myself with a macro.DHCPv6 opening 546:547 udp, >>>>> which I just ACCEPT from net. >>>>> >>>> >>>> You can also work around the problem by changing your interfaces entry to: >>>> >>>> net all dhcp,routeback,optional,physical=+ >>> Many thanks, this is indeed a significantly cleaner workaround! >>> I can confirm it works just as well. >>> >>> Still: Is this a bug / inconvenience to be fixed in a later version, or >>> rather a "gotcha" to go in the FAQ? >>> >> >> I'm looking at it now. Hopefully I can fix it. >> > > For 5.1.10, I have added a warning message when an option is ignored > because INTERFACE=+. I will revisit this for 5.1.11. > That's very reasonable. Many thanks, and merry christmas holidays!
Oliver > -Tom > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
