Package: ferm Version: 2.0.3-1 Severity: normal Tags: patch The uid-owner match (from mod owner) is supposed to accept negations, but ferm is unaware of them, resulting in a 'negation is not allowed here' error message.
The attached patch at least partially corrects this problem. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: i386 (i586) Kernel: Linux 2.6.30-2-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ferm depends on: ii debconf 1.5.24 Debian configuration management sy ii iptables 1.4.2-6 administration tools for packet fi ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction ferm recommends no packages. ferm suggests no packages. -- debconf information excluded
--- /usr/sbin/ferm 2008-09-30 10:56:51.000000000 -0700 +++ /usr/local/sbin/ferm 2009-10-30 18:15:38.000000000 -0700 @@ -258,7 +258,7 @@ add_match_def 'multiport', qw(source-ports!&multiport_params), qw(destination-ports!&multiport_params ports!&multiport_params); add_match_def 'nth', qw(every counter start packet); -add_match_def 'owner', qw(uid-owner gid-owner pid-owner sid-owner cmd-owner); +add_match_def 'owner', qw(!uid-owner !gid-owner pid-owner sid-owner cmd-owner); add_match_def 'physdev', qw(physdev-in! physdev-out!), qw(!physdev-is-in*0 !physdev-is-out*0 !physdev-is-bridged*0); add_match_def 'pkttype', qw(pkt-type),