Re: [Shorewall-devel] Shorewall 4.5.13 Beta 4

Sat, 02 Feb 2013 10:09:44 -0800 

On 02/02/2013 07:41 AM, Tom Eastep wrote:
> On 02/01/2013 08:01 PM, Mr Dash Four wrote:

>> actions
>> ~~~~~~~
>> IELOG inline
>> ELOG
>>
>> Please note that I have action.ELOG symlinked to action.IELOG. In other 
>> words, these are exactly the same, only the definition in "actions" is 
>> different.
>>
>> rules
>> ~~~~~
>> SECTION NEW
>> ELOG(-,fw2NeT,2) $FW net
>> [...]
>>
>> produces:
>>
>> -A fw2net -m conntrack --ctstate ESTABLISHED -j ACCEPT
>> -A fw2net -m conntrack --ctstate RELATED -j +fw2net
>> -A fw2net
>> [...]
>>
>> Note the last statement above - that won't even compile! The same 
>> nonsensical statement is produced when I have the above ELOG statement 
>> placed in SECTION ALL.
>>
>> If I place ELOG in RELATED, that is completely ignored (as if it isn't 
>> there). Same goes for:
>> - SECTION ESTABLISHED (the rule produced is "-A fw2net -m conntrack 
>> --ctstate ESTABLISHED");
>> - SECTION UNTRACKED (the rule produced is "-A fw2net -m conntrack --ctstate 
>> UNTRACKED -j ~comb0" where "~comb0" consists of a single "-j DROP" 
>> statement); and 
>> - SECTION INVALID (the rule produced is similar: "-A fw2net -m conntrack 
>> --ctstate INVALID -j ~comb0").
> 
> Please post the action.IELOG file so I don't have to guess what it does.

Never mind -- I've been able to reproduce this; it is a consequence of
setting @chain. Now to understand why....

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to