On Monday 24 Sep 2012 22:24:47 Tom Eastep wrote: > On 09/24/2012 01:58 PM, Steven Jan Springl wrote: > > On Monday 24 Sep 2012 01:23:59 Tom Eastep wrote: > >> On 9/23/12 3:05 PM, "Steven Jan Springl" <[email protected]> wrote: > >>> When the following entry is placed in the tcrules file: > >>> > >>> TTL(+0):P ppp0 eth0 > >>> > >>> the following iptables rule is generated: > >>> > >>> -A tcpre -d 192.168.0.0/24 -i ppp0 -j TTL --ttl-inc 0 > >>> > >>> which produces the following error message: > >>> > >>> iptables v1.4.15: TTL: bad value for option "--ttl-inc", or out of > >>> range (1-255). > >>> > >>> Note the same error occurs if 'TTL(-0):P' is specified. > >> > >> Steven, > >> > >> This patch correct the problem and a similar problem with HL() in > >> Shorewall6. > >> > >> Thanks, > >> -Tom > >> You do not need a parachute to skydive. You only need a parachute to > >> skydive twice. > > > > Tom > > > > I can confirm the patch does correct the issue, however the following > > tcrules file entries produce the same error: > > > > TTL(+00):P ppp0 eth0 > > TTL(-00):P ppp0 eth0 > > > > Additionally the following tcrules file entry is rejected by Shorewall: > > > > TTL(0):P ppp0 eth0 > > > > But the following entry is allowed by Shorewall and does not produce an > > iptables-restore error: > > > > TTL(00):P ppp0 eth0 > > Steven, > > This patch seems to do the right thing in all cases. > > Thanks, > -Tom
Tom Confirmed, the patch fixes all the issues. However the follow tcrules entry: TTL():P ppp0 eth0 produces the following messages: Use of uninitialized value $1 in string eq at /usr/share/shorewall/Shorewall/Tc.pm line 401, <$currentfile> line 16. Use of uninitialized value $2 in string eq at /usr/share/shorewall/Shorewall/Tc.pm line 401, <$currentfile> line 16. Use of uninitialized value $param in abs at /usr/share/shorewall/Shorewall/Tc.pm line 401, <$currentfile> line 16. Use of uninitialized value $1 in pattern match (m//) at /usr/share/shorewall/Shorewall/Tc.pm line 403, <$currentfile> line 16. Use of uninitialized value $1 in pattern match (m//) at /usr/share/shorewall/Shorewall/Tc.pm line 405, <$currentfile> line 16. Steven. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
