On 1/31/11 12:40 PM, Steven Jan Springl wrote: >> The following accounting rule: >> >> ACCOUNT() - eth0 br0 >> >> produces the following error message from the "Optimizing Ruleset" phase: >> >> ERROR: Internal error in Shorewall::Chains::delete_jumps >> at /usr/share/shorewall/Shorewall/Chains.pm line 1169 >> >> Steven. > > Tom > > In addition to the above. > > Accounting rule: > > ACCOUNT( - eth0 br0 > > produces the following error message from the "Optimizing Ruleset" phase: > > Unmatched ( in regex; marked by <-- HERE in m/ -[gj] ACCOUNT( <-- HERE (\s+-m > comment .*)?\s*$/ at /usr/share/shorewall/Shorewall/Chains.pm line 1161. >
Both issues are corrected by the attached patch. In addition, I'm adding additional constraints on the names of accounting chains to avoid similar errors. That change won't apply to Beta 3 since it is based on some additional constraints that I've already added for the next Beta/RC. Thanks again, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Accounting.pm
b/Shorewall/Perl/Shorewall/Accounting.pm
index 32efb16..718a091 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -102,17 +102,21 @@ sub process_accounting_rule( ) {
unless ( $action eq 'COUNT' ) {
if ( $action eq 'DONE' ) {
$target = 'RETURN';
- } elsif ( $action =~ /^ACCOUNT\((.+)\)$/ ) {
- require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
- my ( $table, $net, $rest ) = split/,/, $1;
- fatal_error "Invalid Network Address (${net}${rest})" if defined
$rest;
- fatal_error "Missing Table Name" unless defined $table
&& $table ne '';;
- fatal_error "Invalid Table Name ($table)" unless $table =~
/^([-\w.]+)$/;
- fatal_error "Missing Network Address" unless defined $net;
- fatal_error "Invalid Network Address ($net)" unless defined $net
&& $net =~ '/(\d+)$';
- fatal_error "Netmask ($1) out of range" unless $1 >= 8;
- validate_net $net, 0;
- $target = "ACCOUNT --addr $net --tname $table";
+ } elsif ( $action =~ /^ACCOUNT\(/ ) {
+ if ( $action =~ /^ACCOUNT\((.+)\)$/ ) {
+ require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
+ my ( $table, $net, $rest ) = split/,/, $1;
+ fatal_error "Invalid Network Address (${net},${rest})" if
defined $rest;
+ fatal_error "Missing Table Name" unless defined
$table && $table ne '';;
+ fatal_error "Invalid Table Name ($table)" unless $table =~
/^([-\w.]+)$/;
+ fatal_error "Missing Network Address" unless defined
$net;
+ fatal_error "Invalid Network Address ($net)" unless defined
$net && $net =~ '/(\d+)$';
+ fatal_error "Netmask ($1) out of range" unless $1 >= 8;
+ validate_net $net, 0;
+ $target = "ACCOUNT --addr $net --tname $table";
+ } else {
+ fatal_error "Invalid ACCOUNT Action";
+ }
} else {
( $action, my $cmd ) = split /:/, $action;
if ( $cmd ) {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
