On 2/2/13 10:08 AM, "Tom Eastep" <[email protected]> wrote:
>On 02/02/2013 07:41 AM, Tom Eastep wrote: >> On 02/01/2013 08:01 PM, Mr Dash Four wrote: > >>> actions >>> ~~~~~~~ >>> IELOG inline >>> ELOG >>> >>> Please note that I have action.ELOG symlinked to action.IELOG. In >>>other words, these are exactly the same, only the definition in >>>"actions" is different. >>> >>> rules >>> ~~~~~ >>> SECTION NEW >>> ELOG(-,fw2NeT,2) $FW net >>> [...] >>> >>> produces: >>> >>> -A fw2net -m conntrack --ctstate ESTABLISHED -j ACCEPT >>> -A fw2net -m conntrack --ctstate RELATED -j +fw2net >>> -A fw2net >>> [...] >>> >>> Note the last statement above - that won't even compile! The same >>>nonsensical statement is produced when I have the above ELOG statement >>>placed in SECTION ALL. >>> >>> If I place ELOG in RELATED, that is completely ignored (as if it isn't >>>there). Same goes for: >>> - SECTION ESTABLISHED (the rule produced is "-A fw2net -m conntrack >>>--ctstate ESTABLISHED"); >>> - SECTION UNTRACKED (the rule produced is "-A fw2net -m conntrack >>>--ctstate UNTRACKED -j ~comb0" where "~comb0" consists of a single "-j >>>DROP" statement); and >>> - SECTION INVALID (the rule produced is similar: "-A fw2net -m >>>conntrack --ctstate INVALID -j ~comb0"). >> >> Please post the action.IELOG file so I don't have to guess what it does. > >Never mind -- I've been able to reproduce this; it is a consequence of >setting @chain. Now to understand why.... Here's a patch. Thanks, -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice.
MODIFYCHAIN.patch
Description: Binary data
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
