I've found a couple of more issues with 4.5.13 Beta 2. 1) An internal error can be raised while trying to complete a built-in chain like INPUT.
2) Audited RELATED_DISPOSITION (e.g., RELATED_DISPOSITION=A_ACCEPT) is effectively ignored. Patches attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
commit 4a354ba5a2a69925e907a6e0ee014c9d03cbd81b Author: Tom Eastep <[email protected]> Date: Mon Jan 21 08:02:50 2013 -0800 Avoid internal error during standard chain completion Signed-off-by: Tom Eastep <[email protected]> diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index d82fe2f..c86cc2c 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -765,7 +765,11 @@ sub complete_standard_chain ( $$$$ ) { $policychainref = $filter_table->{$ruleschainref->{policychain}} if $ruleschainref; - ( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' } if $policychainref; + if ( $policychainref ) { + ( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' } + } elsif ( $defaultaction !~ /:/ ) { + $defaultaction = join(":", $defaultaction, 'none', '', '' ); + } policy_rules $stdchainref , $policy , $loglevel, $defaultaction, 0; }
commit c820c54f41523d07f51b12f748b855b13a3ca0b5 Author: Tom Eastep <[email protected]> Date: Mon Jan 21 09:03:27 2013 -0800 Correctly handle audited RELATED_DISPOSITION Signed-off-by: Tom Eastep <[email protected]> diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index c86cc2c..c8d00e7 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -881,6 +881,9 @@ sub finish_chain_section ($$$) { $relatedref, $config{RELATED_DISPOSITION}, '' ); + + $related_target = ensure_audit_chain( $related_target ) if $targets{$related_target} & AUDIT; + add_ijump( $relatedref, g => $related_target ); $related_target = $relatedref->{name} unless $relatedchain;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
