[Firehol-support] text "ERROR" shown by "fireqos status" for first class in class group

Phil Whineray phil at sanewall.org
Sat Apr 25 09:13:20 BST 2015


On Fri, Apr 24, 2015 at 02:06:29PM +0200, Phineas Gage wrote:
> Hi Phil, I tried the build and saw the fireqos status ERROR fix I made in there, and it passes the smoke test (we still have Internet), but I still get warnings in the syslog about xt_physdev:
> Apr 24 13:46:46 FireHOL[6628]: Activating new firewall from /etc/firehol/firehol.conf (translated to 349 iptables rules).
> Apr 24 13:46:55 kernel: [551947.644654] xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
>  non-bridged traffic is not supported anymore.
> [repeated 1004 times]
> The only two places I use physin and physout are in my router46 commands, like this:
> router46 lan2int inface br0 outface br0 physin eth0 physout eth1
>     route dhcp accept
>     route6 "ipv6neigh ipv6router ipv6error" accept
>     route all accept
> router46 int2lan inface br0 outface br0 physin eth1 physout eth0
>     route dhcp accept
>     route6 "ipv6neigh ipv6router ipv6error" accept
>     route6 ping accept
>     route4 all accept src ${schooling_net} dst ${laserjet_ip}
> Just a shot in the dark, but does it have anything to do with using router46 instead of router?

No, it's because I wasn't clear - I haven't applied that patch yet, just
the fireqos one!

I want to run a few tests and make sure that the new flag doesn't
change the behaviour of physin/physout too radically before applying it.

For what it's worth, if the two routers above are the only time you
use the phys* parameters, your situation is the simple one where both
will work as expected (but you already know that, I guess).


More information about the Firehol-support mailing list