diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 0a56dd4f8..ce1674f70 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -197,7 +197,6 @@ use constant { STANDARD => 1, #defined by Netfilter # our %targets = ('ACCEPT' => STANDARD, 'ACCEPT+' => STANDARD + NONAT, - 'ACCEPT-' => STANDARD, 'ACCEPT!' => STANDARD, 'NONAT' => STANDARD + NONAT + NATONLY, 'DROP' => STANDARD, diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index c36536f1d..bceb318cd 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -711,7 +711,7 @@ sub determine_capabilities() { if ( mywhich 'ipset' ) { qt( "ipset -X fooX1234" ); - if ( qt( "ipset -N fooX1234" ) ) { + if ( qt( "ipset -N fooX1234 iphash" ) ) { if ( qt( "$iptables -A fooX1234 -m set --set fooX1234 src -j ACCEPT" ) ) { qt( "$iptables -D fooX1234 -m set --set fooX1234 src -j ACCEPT" ); $capabilities{IPSET_MATCH} = 1; diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml index f2dc116fb..e3520d7e9 100644 --- a/manpages/shorewall-rules.xml +++ b/manpages/shorewall-rules.xml @@ -309,16 +309,6 @@ - - ACCEPT- - - - like ACCEPT but exempts the rule from being suppressed - by OPTIMIZE=1 in shorewall.conf(5). - - - LOG