On 12/22/10 4:49 PM, Steven Jan Springl wrote: > In the attached config, action F2 contains a "DNAT-" rule that produces the > following messages: > > Use of uninitialized value $destzone in string eq > at /usr/share/shorewall/Shorewall/Rules.pm line 910, <$currentfile> line 201. > > ERROR: Internal error in Shorewall::Chains::find_chain > at /usr/share/shorewall/Shorewall/Chains.pm line > 1084 : /etc/shorewall3/action.F2 (line 201)
Steven, Please try this rather voluminous patch. It expands a lot of code so I could set breakpoints conveniently. If it works, I'll create a more compact patch. Thanks! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index c2d6c9e..19496ad 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -597,7 +597,12 @@ sub process_actions3 () {
if ( $targets{$action} & BUILTIN ) {
$level = '' if $level =~ /none!?/;
- $builtinops{$action}->($chainref, $level, $tag, $param );
+ my $function = $builtinops{$action};
+ if ( $function ) {
+ $function->($chainref, $level, $tag, $param );
+ } else {
+ assert 0;
+ }
} else {
process_action3 $chainref, $wholeaction, $action, $level, $tag,
$param;
}
@@ -833,7 +838,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
add_requiredby( $normalized_target , $inaction1 );
} else {
if ( my $ref = use_action( $normalized_target ) ) {
- new_nat_chain $ref->{name} if $actiontype & ( NATRULE | NONAT );
+ new_nat_chain $ref->{name} if $actiontype & ( NATRULE | NONAT |
NATONLY );
}
}
}
@@ -842,8 +847,13 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
# Return the NAT-oriented flags to the caller who will eventually add them
# to $targets{$inaction1}
#
- return ( $actiontype & ( NATRULE | NONAT | NATONLY ) ) if $inaction1;
-
+ if ( $inaction1 ) {
+ if ( $actiontype & ( NATRULE | NONAT | NATONLY ) ) {
+ return NATRULE;
+ } else {
+ return 0;
+ }
+ }
#
# Take care of irregular syntax and targets
#
@@ -878,8 +888,8 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
#
# Isolate and validate source and destination zones
#
- my $sourcezone;
- my $destzone;
+ my $sourcezone = '-';
+ my $destzone = '-';
my $sourceref;
my $destref;
my $origdstports;
@@ -950,7 +960,11 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
# Take care of chain
#
- unless ( $actiontype & NATONLY ) {
+ if ( $actiontype & NATONLY ) {
+ if ( $inaction3 ) {
+ $chain = $chainref->{name};
+ }
+ } else {
if ( $inaction3 ) {
$chain = $chainref->{name};
} else {
@@ -1140,7 +1154,19 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
#
# And generate the nat table rule(s)
#
- expand_rule ( ensure_chain ('nat' , $inaction3 ? $chain :
$sourceref->{type} == FIREWALL ? 'OUTPUT' : dnat_chain $sourcezone ),
+ my $natchain;
+
+ if ( $inaction3 ) {
+ if ( $chain ) {
+ $natchain = ensure_chain( 'nat' , $chain );
+ } else {
+ assert 0;
+ }
+ } else {
+ $natchain = ensure_chain( 'nat', $sourceref->{type} == FIREWALL ?
'OUTPUT' : dnat_chain $sourcezone );
+ }
+
+ expand_rule ( $natchain ,
PREROUTE_RESTRICT ,
$rule ,
$source ,
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
