On 6/30/12 1:33 PM, Steven Jan Springl wrote: > Rule: > > ACCEPT fw dmz tcp 22 - - - -20 > > produces the following error message: > > iptables-restore v1.4.14: owner: Bad value for "--uid-owner" option: "-20"
This patch seems to eliminate the problem. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index 24c5b6c..1a61a74 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4189,7 +4189,7 @@ sub resolve_id( $$ ) {
require_capability 'OWNER_NAME_MATCH', "Specifying a $type name", 's';
} else {
my $num = $type eq 'user' ? getpwnam( $id ) : getgrnam( $id );
- fatal_error "Unknown $type ($id)" unless supplied $num;
+ fatal_error "Unknown $type ($id)" unless supplied $num && $num >= 0;
$id = $num;
}
@@ -4214,7 +4214,7 @@ sub do_user( $ ) {
if ( supplied $2 ) {
$user = $2;
- if ( $user =~ /(\d+)(-(\d+))?$/ ) {
+ if ( $user =~ /^(\d+)(-(\d+))?$/ ) {
if ( supplied $2 ) {
fatal_error "Invalid User Range ($user)" unless $3 >= $1;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
