On 5/30/11 3:54 PM, Steven Jan Springl wrote: > Confirmed, that's fixed it. I'm not surprised it took a while to find. Every > time my "swiss army knife config." finds a bug like that I cringe. It can > take a considerable amount of time removing bits from it until I'm left with > something that I can send to you. On the other hand it finds a large number > of the bugs I report to you. So I am reluctant to get rid of it.
I agree that is a valuable tool. > > Using the same config. the following iptables-restore error is produced: > > iptables-restore v1.4.11: Bad action type value "blacklog" > Error occurred at line: 3137 > > Line 3137 is: > > -A ~excl0 -j AUDIT --type blacklog This seems to fix it. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 27a0990..6379ef1 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -203,8 +203,10 @@ sub setup_blacklist() {
my $chainref;
my $chainref1;
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL',
'BLACKLIST_DISPOSITION' };
- my $audit = $disposition =~ /^A_/;
- my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
+ my $audit = $disposition =~ /^A_/;
+ my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
+ my $orig_target = $target;
+
#
# We go ahead and generate the blacklist chains and jump to them, even if
they turn out to be empty. That is necessary
# for 'refresh' to work properly.
@@ -280,7 +282,9 @@ sub setup_blacklist() {
} else {
warning_message "Duplicate 'audit' option ignored" if
$auditone > 1;
- $tgt = verify_audit( 'A_' . $target );
+
+
+ $tgt = verify_audit( 'A_' . $target, $orig_target );
}
}
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index 8f9aaa7..5e2b0b0 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1632,12 +1632,12 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
#
# Confirm that we have AUDIT_TARGET capability and ensure the appropriate
AUDIT chain.
#
-sub verify_audit($) {
+sub verify_audit($;$) {
my ($target, $audit ) = @_;
require_capability 'AUDIT_TARGET', "$target rules", '';
- return ensure_audit_chain $target;
+ return ensure_audit_chain $target, $audit;
}
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
