Re: [Shorewall-devel] various bugs and suggestions (4.5.11+)

Tue, 08 Jan 2013 21:31:41 -0800 

On 1/8/13 7:32 PM, "Mr Dash Four" <[email protected]> wrote:

>>> In addition, I don't see any sense whatsoever in restricting "setname"
>>> to start with the plus sign (+) - in other places, like "rules",
>>> "blrules" etc, set names must be distinguished from, say, zones,
>>> therefore adding "+" makes perfect sense there, but in the ADD/DEL
>>> commands/actions the "setname" can only be .... erm, a set name, so I
>>> don't see why the "+" is needed there - set names should be specified
>>>as 
>>> a string of characters, without the requirement of prepending them
>>>with 
>>> a "+". In other words "ADD(mickey-mouse:dst,dst)" should be allowed.
>> 
>> Agreed. Change will be in Beta 4.
>That now works as expected.
>
>>> 3. "SECTION RELATED" ("rules") problems:
>>>[...]
>> Yep. General problem of inline actions invoked in sections other than
>> NEW. Patch RELATED.patch attached.
>Assuming all these patches were included in Beta4, it still doesn't seem
>to work:
>
>rules
>~~~~~
>SECTION RELATED
>IELOG(accept,yep,yep,2,mamas,DROP) $FW net
>SECTION NEW
>[...]
>
>produces:
>
>-A +fw2net -j AUDIT --type accept
>-A +fw2net -j LOG --log-tcp-options --log-ip-options --log-macdecode
>--log-tcp-sequence --log-uid --log-level 6 --log-prefix
>"Shorewall:+fw2net:LOG:"
>-A +fw2net -j NFLOG --nflog-group 1 --nflog-range 0 --nflog-threshold 1
>--nflog-prefix "Shorewall:+fw2net:LOG:"
>-A +fw2net -j NFLOG --nflog-group 2 --nflog-range 0 --nflog-threshold 1
>--nflog-prefix "Shorewall:+fw2net:LOG:"
>-A +fw2net -j DROP
>-A +fw2net -j ACCEPT
>
>Where did the last ACCEPT jump come from?

I assume that it is your configured RELATED_DISPOSITION. And I've already
told you twice that the optimizer isn't smart enough to omit that rule
(although the current git contents have that intelligence).

-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.





------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to