On 01/07/2013 05:00 PM, Steven Jan Springl wrote:
> Tom
>
> Arprules entry:
>
> SMATX:11:22:33:44:55:66 eth0:1.1.1.1 - 1
>
> Produces the following error messages:
>
> Use of uninitialized value in subroutine entry at
> /usr/share/shorewall/Shorewall/ARP.pm line 172, <$currentfile> line 18.
>
> Can't use string ("") as a subroutine ref while "strict refs" in use at
> /usr/share/shorewall/Shorewall/ARP.pm line 172, <$currentfile> line 18.Patch ARPRULES1.patch corrects this issue. > > ------------------------------------------------------------------------------------------ > > Arprules entry: > > DMATC:11:22:33:44:55:66 eth0:1.1.1.1 - 1 > > Produces the following error message: > > ERROR: The DMATC ACTION does not allow a new address > /etc/shorewall2A11/arprules (line 20) Patch ARPRULES2.patch corrects this problem. > > ------------------------------------------------------------------------------------------ > > Arprules entry: > > DMATC eth0:1.1.1.1 - 1 > > Produces the following error message: > > ERROR: Invalid ACTION (DMATC) /etc/shorewall2A11/arprules (line 21) Patch ARPRULES2.patch also corrects this problem. > > ------------------------------------------------------------------------------------------ > > The arprules man page refers to action DNAC, should that not be DNATC? Yes. Thanks. > > ------------------------------------------------------------------------------------------ > > Note: arptables-save seems to convert any IP addresses that it can to DNS > entries. Yep -- doesn't seem to support a -n option. Thanks Steven, -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/ARP.pm b/Shorewall/Perl/Shorewall/ARP.pm
index 69f13bf..37198ce 100644
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -123,9 +123,12 @@ sub process_arprule() {
fatal_error "The $action ACTION does not allow a new address" unless
$action =~ /^SNAT|DNAT|SMAT|DMAT$/;
} else {
fatal_error "The $action ACTION requires a new address" if $action =~
/^SNAT|DNAT|SMAT|DMAT$/;
- fatal_error "Invalid ACTION ($action)" unless $action =~
/^DROP|ACCEPT$/;
}
+ my $function = $functions{$action};
+
+ fatal_error "Unknown ACTION ($action)" unless $function;
+
if ( $source ne '-' ) {
( $iiface, $saddr, $smac ) = split /:/, $source, 3;
@@ -169,7 +172,7 @@ sub process_arprule() {
$rule .= $arptablesjf ? " --arpop ${invert}$map[$opcode] " : "--opcode
${invert}$opcode ";
}
- $functions{$action} ->();
+ $function ->();
fatal_error "Either SOURCE or DEST must be specified" unless $chainref;
diff --git a/Shorewall/Perl/Shorewall/ARP.pm b/Shorewall/Perl/Shorewall/ARP.pm
index 37198ce..b8f4411 100644
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -120,7 +120,7 @@ sub process_arprule() {
);
if ( supplied $newaddr ) {
- fatal_error "The $action ACTION does not allow a new address" unless
$action =~ /^SNAT|DNAT|SMAT|DMAT$/;
+ fatal_error "The $action ACTION does not allow a new address" unless
$action =~ /^(?:SNAT|DNAT|SMAT|DMAT)C?$/;
} else {
fatal_error "The $action ACTION requires a new address" if $action =~
/^SNAT|DNAT|SMAT|DMAT$/;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
