On 2/17/11 3:58 PM, Steven Jan Springl wrote: > If you code the name of a file from the shorewall directory in the ACTION > column of the accounting file eg: > > interfaces > > Numerous messages are produced.
Steven, The attached typing test makes it an error to use these names as an accounting chain. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index 6c4fd27..8af76f2 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1344,7 +1344,7 @@ sub ensure_accounting_chain( $$$ )
$chainref->{restriction} |= $restriction;
} else {
fatal_error "Chain name ($chain) too long" if length $chain > 29;
- fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/
&& ! $builtin_target{$chain};
+ fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/
&& ! ( $builtin_target{$chain} || $config_files{$chain} );
$chainref = new_chain 'filter' , $chain;
$chainref->{accounting} = 1;
$chainref->{referenced} = 1;
@@ -1435,7 +1435,7 @@ sub new_nat_chain($) {
sub new_manual_chain($) {
my $chain = $_[0];
fatal_error "Chain name ($chain) too long" if length $chain > 29;
- fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && !
$builtin_target{$chain};
+ fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w]+$/ && !
( $builtin_target{$chain} || $config_files{$chain} );
fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} ||
$filter_table->{$chain};
$targets{$chain} = CHAIN;
( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;
@@ -2110,7 +2110,7 @@ sub newexclusionchain() {
sub newlogchain() {
my $seq = $chainseq++;
- "log${seq}";
+ "~log${seq}";
}
#
diff --git a/Shorewall/Perl/Shorewall/Config.pm
b/Shorewall/Perl/Shorewall/Config.pm
index b2283e7..6983854 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -126,6 +126,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
$debug
%config
%globals
+ %config_files
F_IPV4
F_IPV6
@@ -262,6 +263,50 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
CAPVERSION => 'Capability Version',
KERNELVERSION => 'Kernel Version',
);
+
+our %config_files = ( accounting => 1,
+ actions => 1,
+ blacklist => 1,
+ clear => 1,
+ ecn => 1,
+ findgw => 1,
+ hosts => 1,
+ init => 1,
+ initdone => 1,
+ interfaces => 1,
+ isusable => 1,
+ maclist => 1,
+ masq => 1,
+ nat => 1,
+ netmap => 1,
+ notrack => 1,
+ params => 1,
+ policy => 1,
+ providers => 1,
+ proxyarp => 1,
+ refresh => 1,
+ refreshed => 1,
+ restored => 1,
+ route_rules => 1,
+ routes => 1,
+ routestopped => 1,
+ rules => 1,
+ scfilter => 1,
+ secmarks => 1,
+ start => 1,
+ started => 1,
+ stop => 1,
+ stopped => 1,
+ tcclasses => 1,
+ tcclear => 1,
+ tcdevices => 1,
+ tcfilters => 1,
+ tcinterfaces => 1,
+ tcpri => 1,
+ tcrules => 1,
+ tos => 1,
+ tunnels => 1,
+ zones => 1 );
#
# Directories to search for configuration files
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
