Re: [Shorewall-devel] various bugs and suggestions (4.5.11+)

Tue, 08 Jan 2013 19:34:10 -0800 

>> In addition, I don't see any sense whatsoever in restricting "setname" 
>> to start with the plus sign (+) - in other places, like "rules", 
>> "blrules" etc, set names must be distinguished from, say, zones, 
>> therefore adding "+" makes perfect sense there, but in the ADD/DEL 
>> commands/actions the "setname" can only be .... erm, a set name, so I 
>> don't see why the "+" is needed there - set names should be specified as 
>> a string of characters, without the requirement of prepending them with 
>> a "+". In other words "ADD(mickey-mouse:dst,dst)" should be allowed.
> 
> Agreed. Change will be in Beta 4.
That now works as expected.

>> 3. "SECTION RELATED" ("rules") problems:
>>[...]
> Yep. General problem of inline actions invoked in sections other than
> NEW. Patch RELATED.patch attached.
Assuming all these patches were included in Beta4, it still doesn't seem to 
work:

rules
~~~~~
SECTION RELATED
IELOG(accept,yep,yep,2,mamas,DROP) $FW net
SECTION NEW
[...]

produces:

-A +fw2net -j AUDIT --type accept
-A +fw2net -j LOG --log-tcp-options --log-ip-options --log-macdecode 
--log-tcp-sequence --log-uid --log-level 6 --log-prefix "Shorewall:+fw2net:LOG:"
-A +fw2net -j NFLOG --nflog-group 1 --nflog-range 0 --nflog-threshold 1 
--nflog-prefix "Shorewall:+fw2net:LOG:"
-A +fw2net -j NFLOG --nflog-group 2 --nflog-range 0 --nflog-threshold 1 
--nflog-prefix "Shorewall:+fw2net:LOG:"
-A +fw2net -j DROP
-A +fw2net -j ACCEPT

Where did the last ACCEPT jump come from?

I'll respond to the other issues in the coming days when I have more time to 
test the rest (I am including Beta4 in that).

------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to