Tom Eastep wrote:
> On 01/06/2013 10:39 AM, Mr Dash Four wrote:
>>>> 1. ADD(setname:flags) (same with DEL) does not work with sets
>>>> containing the "-" character (such sets are accepted by shorewall
>>>> anywhere else):
>>>>
>>>> rules
>>>> ~~~~~
>>>> ADD(+mickey-mouse:dst,dst) $FW net
>>>>
>>>> Gives me "ERROR: Expected ipset name (mickey-mouse)".
>>>>
>>> Hmmm - That rule compiles error-free for me; git shows that bug was
>>> corrected in a commit on October 2 of last year.
>>>
>> The patch I am attaching is how I fixed this particular issue when
>> compiling shorewall.
>>
>>> Agreed. Change will be in Beta 4.
>>>
>> Thanks.
>
> My patch is backward-compatible so existing rules that include '+' will
> not be rejected.
As I indicated in my previous response to you, the reason for attaching the
patch was to show you how I fixed that particular bug, which, lets not forget
"was corrected in a commit on October 2 of last year", despite that rule
compiling "error-free", apparently.
>>>> The above, though, gives me " ERROR: TARGET must be specified".
>>>> "Joining" the lines in IELOG using "\" did not have any effect (still
>>>> gives me an error).
>>>>
>>> If you code action.IELOG as follows, it works:
>>>
>> Damn, I tried every other conceivable (random) combination. Will test
>> this later tonight. Out of interest though, if I use the alternative
>> syntax in its entirety (with curly braces) would that still work?
>
> It should, yes.
Nada. This is what I've tried:
action.IELOG
~~~~~~~~~~~~
?IF $1
AUDIT($1) \
?IF $5
; switch:@chain_$5
?ELSE
?ENDIF
?ENDIF
?IF $2
LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
?ENDIF
?IF $3
NFLOG(1,0,1)
?ENDIF
?IF $4
NFLOG($4,0,1)
?ENDIF
?IF $6
$6
?ENDIF
rules
~~~~~
IELOG(accept,yep,yep,2,mamas,DROP) $FW net
as a result, I get "ERROR: Invalid column/value pair (switch:)". In addition, I
found yet another bug:
action.IELOG
~~~~~~~~~~~~
#{ \
?IF $1
AUDIT($1) \
?IF $5
; switch:@chain_$5
?ELSE
?ENDIF
?ENDIF
#}
?IF $2
LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
?ENDIF
?IF $3
NFLOG(1,0,1)
?ENDIF
?IF $4
NFLOG($4,0,1)
?ENDIF
?IF $6
$6
?ENDIF
Passes without an error and closer inspection reveals that the AUDIT ?IF/?ENDIF
block has been completely ignored, which, I assume, is as a result of shorewall
taking into account the slash (\) in the comment line above. I can't get the
alternative syntax to get it to work either.
------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
