On 2/19/11 2:51 PM, Steven Jan Springl wrote: > Tom > > In the attached config. action.Drop contains: > > REJECT:nflog(1,2,3) > > This results in the following error message: > > ERROR: Internal error in Shorewall::Chains::new_chain > at /usr/share/shorewall/Shorewall/Chains.pm line 1144 > > If the :nflog(1,2,3) is removed or REJECT is changed to DROP then the error > does not occur. > > The error also occurs if action.Drop is renamed to action.Reject.
Seems to be corrected by the attached patch. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm
b/Shorewall/Perl/Shorewall/Compiler.pm
index be0dbe8..29634f6 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -645,10 +645,6 @@ sub compiler {
#
validate_policy;
#
- # Process policy actions
- #
- process_actions2;
- #
# N O T R A C K
# (Produces no output to the compiled script)
#
@@ -678,6 +674,10 @@ sub compiler {
#
add_common_rules;
#
+ # Process policy actions
+ #
+ process_actions2;
+ #
# More /proc
#
if ( $family == F_IPV4 ) {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
