[Shorewall-users] Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh - 212.247.15.77"?

Paul Gear paulgear@bigfoot.com
Thu, 31 Jan 2002 22:31:07 +1000


Jan Johansson wrote:

> Why do i get
>
> Processing /etc/shorewall/rules...
> ...
>    Rule "ACCEPT net fw tcp www,ftp,https" added.
> Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ssh
> - 212.247.15.77"
>    Rule "ACCEPT net fw tcp ssh - 212.247.15.77" added.
> Warning: ADDRESS (212.247.15.77) ignored in rule "ACCEPT net fw tcp ftp
> - 212.247.15.77"
>    Rule "ACCEPT net fw tcp ftp - 212.247.15.77" added.
> Warning: ADDRESS (212.138.140.191) ignored in rule "ACCEPT net fw tcp
> ssh - 212.138.140.191"
>    Rule "ACCEPT net fw tcp ssh - 212.138.140.191" added.
> Warning: ADDRESS (194.236.50.95) ignored in rule "ACCEPT net fw tcp ssh
> - 194.236.50.95"
>    Rule "ACCEPT net fw tcp ssh - 194.236.50.95" added.

This is because shorewall has already created the rule for the zone and
still found data on the line.  I think your syntax is wrong.  Which are you
trying to do - allow ssh from selected clients, or port forward ssh to
selected servers?

If you want to allow ssh from 212.247.15.77 to the firewall, you need to
say:
    ACCEPT    net:212.247.15.77    fw    tcp    ssh
or if you want to forward ssh connections from the 'Net to 212.247.15.77,
you need to say:
    ACCEPT    net    loc:212.247.15.77    tcp    ssh    -    all
as per the comments in the rules file.

Paul
http://paulgear.webhop.net