On 12/21/10 2:53 PM, Steven Jan Springl wrote: > On Tuesday 21 December 2010 21:19:29 Tom Eastep wrote: >> On 12/21/10 12:37 PM, Steven Jan Springl wrote: >>> Tom >>> >>> In the attached minimal config, action F2 calls itself, which results in >>> the "Optimizing ruleset" phase going into an endless loop. >> >> This fixes it. >> >> Thanks Steven, >> -Tom > > Tom > > If action F2 contains an additional line eg: > > REDIRECT > F2 > > then the "Optimizing ruleset" phase goes into an endless loop again.
I suspect that is due to the bug I just found in the last fix. Please try this patch. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index 99095b3..9e2cd59 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -305,6 +305,8 @@ sub process_actions1() {
push_open( $actionfile );
+ my $actiontype = 0;
+
while ( read_a_line ) {
my ($wholetarget, @rest ) = split_line1 1, 13, 'action file' ,
$rule_commands;
@@ -313,28 +315,28 @@ sub process_actions1() {
# deals with the target and the parameter. We pass undef for
the rest so we'll
# know if we try to use one of them.
#
- process_rule_common( $action ,
- $wholetarget ,
- '' , # Current Param
- undef, # source
- undef, # dest
- undef, # proto
- undef, # ports
- undef, # sports
- undef, # origdest
- undef, # ratelimit
- undef, # user
- undef, # mark
- undef, # connlimit
- undef, # time
- undef, # headers
- undef # wildcard
- ) unless $wholetarget eq 'FORMAT' ||
$wholetarget eq 'COMMENT';
+ $actiontype |= process_rule_common( $action ,
+ $wholetarget ,
+ '' , # Current Param
+ undef, # source
+ undef, # dest
+ undef, # proto
+ undef, # ports
+ undef, # sports
+ undef, # origdest
+ undef, # ratelimit
+ undef, # user
+ undef, # mark
+ undef, # connlimit
+ undef, # time
+ undef, # headers
+ undef # wildcard
+ ) unless $wholetarget eq
'FORMAT' || $wholetarget eq 'COMMENT';
}
pop_open;
- $targets{$action} |= ACTION;
+ $targets{$action} = ACTION | $actiontype;
}
}
}
@@ -834,11 +836,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
#
# We need to transfer the NAT-oriented flags to the action itself
#
- $targets{$inaction1} |= ( $actiontype & ( NATRULE | NONAT | NATONLY ) );
- #
- # That's all for the first pass
- #
- return 1;
+ return ( $actiontype & ( NATRULE | NONAT | NATONLY ) );
}
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
