Re: [Shorewall-devel] Shorewall 4.4.16 Beta 7

Mon, 27 Dec 2010 08:44:21 -0800 

On 12/27/10 8:04 AM, Steven Jan Springl wrote:

> 
> I can confirm the patch works. Thanks.

Thanks, Steven

The second hunk of the attached patch is required to make logging in an
action that does NAT work correctly.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Rules.pm 
b/Shorewall/Perl/Shorewall/Rules.pm
index 27ea41e..bef5995 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -837,8 +837,22 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
        unless (  $inaction3 ) {
            fatal_error "An action may not invoke itself" if $basictarget eq 
$inaction1;
            if ( my $ref = use_action( $normalized_target ) ) {
-               process_action2( $normalized_target ) unless $actiontype & 
BUILTIN;
-               ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = 
$targets{$basictarget} ) & NATRULE;
+               #
+               # First reference to this tupple
+               #
+               unless ( $actiontype & BUILTIN ) {
+                   #
+                   # Not a built-in - do preprocessing
+                   #
+                   process_action2( $normalized_target );
+                   #
+                   # Preprocessing may determine that the chain or one of it's 
dependents does NAT. If so:
+                   #
+                   #    - Refresh $actiontype
+                   #    - Create the associate nat table chain if appropriate.
+                   #
+                   ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = 
$targets{$basictarget} ) & NATRULE;
+               }
            }
        }
 
@@ -1105,7 +1119,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
                }
            }
        } elsif ( $actiontype & ACTION ) {
-           $target = $action;
+           $target = $usedactions{$normalized_target}->{name};
        } else {
            if ( $server eq '' ) {
                fatal_error "A server and/or port must be specified in the DEST 
column in $action rules" unless $serverport;

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to