On 01/02/2018 10:25 AM, Brian J. Murrell wrote: > When I try to load a ruleset to a remote shorewall[-lite] instance with > > DYNAMIC_BLACKLIST=ipset,disconnect > > I get an error: > > ERROR: The 'disconnect' option requires that the conntrack utility be > installed > > This error would make sense in the non-remote-reload situation but > doesn't in the remote-reload situation. At least where it is checking > the local machine for conntrack.
Will be fixed in 5.1.11 (or 5.1.10.3 if we need to release before 5.1.11). > > As an aside, what is Shorewall's behaviour when it is configured with > "DYNAMIC_BLACKLIST=ipset" and one does "shorewall[-lite] blacklist $IP" > while shorewall[-lite] is not (yet) running? > If the blacklist ipset exists, the command succeeds. Currently, 'allow' fails in that case, but I can also change that behavior for 5.1.11. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
