On 12/29/10 3:45 PM, Steven Jan Springl wrote: > Tom > > In shorewall.conf BLACKLIST_DISPOSITION can be set to any value not just > DROP > or REJECT. If you set the value to name of any existing iptables chain then > Shorewall will start without error.
This patch catches it. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Config.pm
b/Shorewall/Perl/Shorewall/Config.pm
index fde1c65..0b7d93a 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -3284,6 +3284,10 @@ sub get_configuration( $ ) {
default 'BLACKLIST_DISPOSITION' , 'DROP';
+ unless ( $config{BLACKLIST_DISPOSITION} eq 'DROP' ||
$config{BLACKLIST_DISPOSITION} eq 'REJECT' ) {
+ fatal_error q(BLACKLIST_DISPOSITION must be 'DROP' or 'REJECT');
+ }
+
default_log_level 'BLACKLIST_LOGLEVEL', '';
default_log_level 'MACLIST_LOG_LEVEL', '';
default_log_level 'TCP_FLAGS_LOG_LEVEL', '';
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
