On Thu, Oct 03, 2013 at 09:24:34AM +0200, Jiri Popelka wrote: > On 09/30/2013 05:42 PM, Jiri Popelka wrote: > ><direct> > > [ <rule ipv="ipv4" table="filter" chain="FORWARD_direct" > >priority="0"> -m mark ! --mark 1/1 -j NFQUEUE </rule> ] > > Without the [ and ] (no idea how it got there). > > So once again: > > <?xml version="1.0" encoding="utf-8"?> > <direct> > <rule ipv="ipv4" table="filter" chain="FORWARD_direct" > priority="0"> -m mark ! --mark 1/1 -j NFQUEUE </rule> > <rule ipv="ipv4" table="nat" chain="PREROUTING_direct" > priority="0"> -p tcp --dport 80 -j DNAT --to 192.168.1.2:3129 > </rule> > <rule ipv="ipv4" table="nat" chain="OUTPUT_direct" > priority="0"> -p tcp --dport 80 -m owner --gid-owner squid -j > ACCEPT </rule> > <rule ipv="ipv4" table="nat" chain="OUTPUT_direct" > priority="1"> -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT > </rule> > <rule ipv="ipv4" table="nat" chain="OUTPUT_direct" > priority="2"> -p tcp --dport 3129 -m owner --uid-owner squid -j > ACCEPT </rule> > <rule ipv="ipv4" table="nat" chain="OUTPUT_direct" > priority="3"> -p tcp --dport 80 -j REDIRECT --to-ports 3129 </rule> > </direct> > > -- > Jiri > > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security Sorry, top posted. Has firewall.state been shipped yet? Lance -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
