On 5/29/11 7:33 AM, Tom Eastep wrote: > One of the Shorewall Beta testers just installed iptables 1.4.11 and is > seeing a couple of anomalies. Before I run off and change Shorewall, I > would like to confirm that these are intentional changes in iptables > behavior and not bugs: ... > > IPMARK(dst,-1,-64) $FW eth1 tcp 888 > > produces the following iptables rule: > > -A OUTPUT -p 6 --dport 888 -o eth1 -j IPMARK --addr > dst --and-mask -1 --or-mask -64 --shift 0 > > Which works. > After upgrading to iptables 1.4.11 the following iptables-restore error is > produced: > > iptables-restore v1.4.11: IPMARK: Bad value for "and-mask" option: "-1" I apologize for responding to my own post, but this one looks like inadequate edited by Shorewall. So this one is mine. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Attachment:
signature.asc
Description: OpenPGP digital signature
