Re: [Shorewall-devel] Shorewall 4.4.18 Beta 1

[Tom Eastep]

On 2/13/11 6:34 AM, Steven Jan Springl wrote:

> When the accounting file contains:
> 
> SECTION FORWARD
> ACCOUNT(net2lan,192.168.0.0/24)  -  -  eth1
> 
> The following error messages are produced:
> 
> iptables v1.4.10: Can't use -o with INPUT
> 
> ERROR: Command "/usr/local/sbin/iptables -A INPUT -o eth1 -j ACCOUNT --addr 
> 192.168.0.0/24 --tname new2lan" Failed
> 

The attached patch should fix you up.

Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Accounting.pm 
b/Shorewall/Perl/Shorewall/Accounting.pm
index be7ec07..a7c8a2b 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -355,8 +355,12 @@ sub setup_accounting() {
 
                if ( $filter_table->{accounting} ) {
                    optimize_okay( 'accounting' ) if $section;
-                   for my $chain ( qw/INPUT FORWARD/ ) {
-                       add_jump( $filter_table->{$chain}, 'accounting', 0, '', 
0, 0 );
+                   if ( $asection ) {
+                       add_jump( $filter_table->{FORWARD}, 'accounting', 0, 
'', 0, 0 );
+                   } else {
+                       for my $chain ( qw/INPUT FORWARD/ ) {
+                           add_jump( $filter_table->{$chain}, 'accounting', 0, 
'', 0, 0 );
+                       }
                    }
                }
 
@@ -364,8 +368,12 @@ sub setup_accounting() {
                    add_jump( $filter_table->{OUTPUT}, 'accountout', 0, '', 0, 
0 );
                }
            } elsif ( $filter_table->{accounting} ) {
-               for my $chain ( qw/INPUT FORWARD OUTPUT/ ) {
-                   add_jump( $filter_table->{$chain}, 'accounting', 0, '', 0, 
0 );
+               if ( $asection ) {
+                   add_jump( $filter_table->{FORWARD}, 'accounting', 0, '', 0, 
0 );
+               } else {
+                   for my $chain ( qw/INPUT FORWARD OUTPUT/ ) {
+                       add_jump( $filter_table->{$chain}, 'accounting', 0, '', 
0, 0 );
+                   }
                }
            }
 

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel