Re: [Shorewall-devel] Shorewall 4.1.0

Tue, 20 Nov 2007 07:53:16 -0800 

Steven Jan Springl wrote:
> Tom
> 
> The following rule:
> 
> ACCEPT:NFLOG(1,2,3)  lan  brd  tcp  22
> 
> produces the following messages:
> 
> iptables v1.4.0rc1: Unknown arg `--nflog-threshhold'
> 
>    ERROR: Command "/usr/local/sbin/iptables -A lan2brd -p 6 --dport 22 -j 
> NFLOG --nflog-group 1 --nflog-range 2 --nflog-threshhold 
> 3 --nflog-prefix "Shorewall:lan2brd:ACCEPT:"" Failed
> 


Hello Steven,

The first attached patch corrects this problem. The second corrects a
problem where NFQUEUE(<queue-number>) is specified in the LEVEL column of
/etc/shorewall/policy.

Thanks for testing,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Index: Shorewall/Config.pm
===================================================================
--- Shorewall/Config.pm	(revision 7696)
+++ Shorewall/Config.pm	(working copy)
@@ -1162,7 +1162,8 @@
 		    ULOG    => 'ULOG',
 		    NFLOG   => 'NFLOG');
 
-my @suffixes = qw(group range threshhold);
+my @nflog_suffixes = qw(group   range   threshold);
+my @ulog_suffixes  = qw(nlgroup cprange qthreshold);
 
 #
 # Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
@@ -1185,13 +1186,14 @@
 	    my @options = split /,/, $2;
 	    my $prefix  = lc $olevel;
 	    my $index   = 0;
+	    my $suffixes = $prefix eq 'ulog' ? [EMAIL PROTECTED] : [EMAIL PROTECTED];
 
 	    level_error( $level ) if @options > 3;
 
 	    for ( @options ) {
 		if ( defined $_ and $_ ne '' ) {
 		    level_error( $level ) unless /^\d+/;
-		    $olevel .= " --${prefix}-$suffixes[$index] $_";
+		    $olevel .= " --${prefix}-$suffixes->[$index] $_";
 		}
 
 		$index++;

Index: Shorewall/Policy.pm
===================================================================
--- Shorewall/Policy.pm	(revision 7695)
+++ Shorewall/Policy.pm	(working copy)
@@ -228,7 +228,7 @@
 
 	fatal_error "Invalid default action ($default:$remainder)" if defined $remainder;
 
-	( $policy , my $queue ) = split( '/' , $policy );
+	( $policy , my $queue ) = get_target_param $policy;
 
 	if ( $default ) {
 	    if ( "\L$default" eq 'none' ) {

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to