mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Add FAQ 61 about matchsize 116 != 308; fix reference in the packet marking article
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4623 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
6b8b90a984
commit
deadffcee3
22
docs/FAQ.xml
22
docs/FAQ.xml
@ -1631,6 +1631,28 @@ iptables: Invalid argument
|
||||
<filename>/etc/shorewall/modules </filename>and modify the copy to
|
||||
include only the modules that you need.</para>
|
||||
</section>
|
||||
|
||||
<section id="faq61">
|
||||
<title>(FAQ 61) I just installed the latest Debian kernel and now
|
||||
"shorewall start" fails with the message "ipt_policy: matchsize 116 !=
|
||||
308". What's wrong?</title>
|
||||
|
||||
<para>Answer: Your iptables is incompatible with your kernel. Either
|
||||
</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>rebuild iptables using the kernel headers that match your new
|
||||
kernel; or</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>if you don't need policy match support (you are not using the
|
||||
IPSEC implementation built into the 2.6 kernel) then you can rename
|
||||
<filename>/lib/iptables/libipt_policy.so</filename>.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
|
@ -339,7 +339,7 @@ SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 #R
|
||||
|
||||
<listitem>
|
||||
<para>Remember that even though 'ping' packets were marked in one of
|
||||
the first two rules, they are still passed on to rule 3 (note that
|
||||
the first two rules, they are still passed on to rule 5 (note that
|
||||
packets marked by rules 3 and 4 are not processed by this rule since
|
||||
it is in a different program). That rule moves the connection mark to
|
||||
the packet mark, <emphasis>if the packet mark is still zero</emphasis>
|
||||
|
Loading…
Reference in New Issue
Block a user