On 2/17/11 1:32 PM, Steven Jan Springl wrote: > Tom > > When the accounting file contains: > > excl0 > DONE - 1.1.1.0/24!1.1.1.1 > > The following error message is produced: > > ERROR: Internal error in Shorewall::Chains::new_chain > at /usr/share/shorewall/Shorewall/Chains.pm line > 1127 : /etc/shorewallA/accounting (line 14) >
Steven, Here is a rather ham-handed fix. Only the last hunk is relevant to your problem but the rest will keep our trees synced. Thanks! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index 0548825..6c4fd27 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -732,6 +732,24 @@ sub delete_chain( $ ) {
}
#
+# This variety first deletes all references to the chain before deleting it.
+#
+sub delete_chain_and_references( $ ) {
+ my $chainref = shift;
+ #
+ # We're going to delete this chain but first, we must delete all
references to it.
+ #
+ my $tableref = $chain_table{$chainref->{table}};
+ my $name1 = $chainref->{name};
+ for ( @{$chainref->{rules}} ) {
+ decrement_reference_count( $tableref->{$1}, $name1 ) if / -[jg]
([^\s]+)/;
+ }
+
+ delete_chain $chainref;
+}
+
+
+#
# Insert a tunnel rule into the passed chain. Tunnel rules are inserted
sequentially
# at the beginning of the 'NEW' section.
#
@@ -896,15 +914,7 @@ sub copy_rules( $$ ) {
unless ( --$chain1->{references}{$name2} ) {
delete $chain1->{references}{$name2};
- unless ( keys %{$chain1->{references}} ) {
- my $tableref = $chain_table{$chain1->{table}};
- my $name1 = $chain1->{name};
- for ( @{$chain1->{rules}} ) {
- decrement_reference_count( $tableref->{$1}, $name1 ) if / -[jg]
([^\s]+)/;
- }
-
- delete_chain $chain1;
- }
+ delete_chain_and_references( $chain1 ) unless keys
%{$chain1->{references}};
}
}
@@ -2095,7 +2105,7 @@ sub setup_zone_mss() {
sub newexclusionchain() {
my $seq = $chainseq++;
- "excl${seq}";
+ "~excl${seq}";
}
sub newlogchain() {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
