On 01/17/2013 02:25 PM, Steven Jan Springl wrote: > In the attached config. > > When the accounting file contains: > > COUNT eth0:1.1.1.1!2.2.2.2 eth1 tcp http > > and DEFER_DNS_RESOLUTION=Yes the following valid iptables rules are generated: > > -A accounting -p 6 --dport 80 -s 1.1.1.1 -i eth0 -o eth1 -j ~excl0 > -A ~excl0 -s 2.2.2.2 -j RETURN > -A ~excl0 > > With DEFER_DNS_RESOLUTION=No the following error message is produced: > > ERROR: Unknown Host (1.1.1.1!2.2.2.2) /etc/shorewall2A15/accounting (line 13)
The attached patch corrects the problem. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6a3ecc6..c14328c 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3716,6 +3716,8 @@ sub source_exclusion( $$ ) {
reftype $target ? $chainref : $chainref->{name};
}
+sub split_host_list( $;$ );
+
sub source_iexclusion( $$$$$;@ ) {
my $chainref = shift;
my $jump = shift;
@@ -5009,8 +5011,6 @@ sub load_isocodes() {
$isocodes{substr(basename($_),0,2)} = 1 for @codes;
}
-sub split_host_list( $;$ );
-
#
# Match a Source.
#
@@ -5607,19 +5607,30 @@ sub split_host_list( $;$ ) {
unless ( $config{DEFER_DNS_RESOLUTION} ) {
my @result1;
- for ( @result ) {
- if ( m|[-\+\[~/^&]| ) {
- push @result1, $_;
- } elsif ( /^.+\..+\./ ) {
- /^(!)?(.*)$/;
- if ( valid_address( $2 ) ) {
- push @result1, $_;
+ for my $element ( @result ) {
+ my @list = split '!', $element, 3;
+
+ fatal_error "Invalid host list ($input)" if @list > 2;
+
+ my @pair;
+
+ for ( @list ) {
+ unless ( supplied $_ ) {
+ push @pair, '';
+ } elsif ( m|[-\+\[~/^&]| ) {
+ push @pair, $_;
+ } elsif ( /^.+\..+\./ ) {
+ if ( valid_address( $_ ) ) {
+ push @pair, $_
+ } else {
+ push @pair, resolve_dnsname( $2 );
+ }
} else {
- push @result1, resolve_dnsname( $_ );
+ push @pair, $_;
}
- } else {
- push @result1, $_;
}
+
+ push @result1 , supplied $pair[1] ? join( '!', @pair ) : $pair[0] ;
}
return @result1;
diff --git a/docs/IPv6Support.xml b/docs/IPv6Support.xml
index 54cffc8..f26f9c7 100644
--- a/docs/IPv6Support.xml
+++ b/docs/IPv6Support.xml
@@ -467,11 +467,14 @@ ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22<
<listitem>
<para>The Linux IPv6 stack does not support balancing (multi-hop)
- routes. Hence, neither the <option>balance</option> option in <ulink
+ routes. Thehe <option>balance</option> and <option>fallback</option>
+ options in <ulink
url="manpages6/shorewall6-providers.html">shorewall6-providers</ulink>(5)
- nor USE_DEFAULT_RT=Yes in <ulink
- url="manpages6/shorewall.conf.html">shorewall6.conf</ulink>(5) is
- supported.</para>
+ and USE_DEFAULT_RT=Yes in <ulink
+ url="manpages6/shorewall.conf.html">shorewall6.conf</ulink>(5) are
+ supported, but at most one provider can have the
+ <option>balance</option> option and at most one provider can have
+ the <option>fallback</option> option.</para>
</listitem>
</varlistentry>
@@ -499,7 +502,7 @@ ACCEPT net:wlan0:[2002:ce7c:92b4::3] tcp 22<
</listitem>
</itemizedlist>
- <para/>
+ <para></para>
</listitem>
</varlistentry>
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
