Re: [Shorewall-devel] Shorewall 4.4.18 Beta 1

Sat, 19 Feb 2011 07:58:56 -0800 

On 2/19/11 5:37 AM, Steven Jan Springl wrote:

> 
> The patch fixes the MAC address issue.
> 
> The patch fixes the above 'owner' issue. However, if the SECTION INPUT line 
> is 
> removed the error still occurs.
> 

Interesting -- Netfilter must be enforcing the restriction on -m owner
more tightly since I have several test cases from you in the regression
library that use owner match in the accounting file.

This patch prevents it from being used anywhere except in the OUTPUT
section.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Accounting.pm 
b/Shorewall/Perl/Shorewall/Accounting.pm
index f1e2f02..2ed5d83 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -159,9 +159,7 @@ sub process_accounting_rule( ) {
     $ports  = ''    if $ports  eq 'any' || $ports  eq 'all';
     $sports = ''    if $sports eq 'any' || $sports eq 'all';
 
-    if ( $asection ) {
-       fatal_error "USER/GROUP may only be specified in the OUTPUT section" 
unless $user eq '-' || $asection == OUTPUT; 
-    }
+    fatal_error "USER/GROUP may only be specified in the OUTPUT section" 
unless $user eq '-' || $asection == OUTPUT; 
 
     my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . 
do_test ( $mark, $globals{TC_MASK} ) . do_headers( $headers );
     my $rule2 = 0;

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to