On 2/9/13 5:59 PM, "Mr Dash Four" <[email protected]> wrote:
>
>> Thank you for testing,
>
>OK, I've tried to test-run this on another machine where I get this
>internal error:
>
>shorewall[824]: Compiling MAC Filtration -- Phase 2...
>shorewall[824]: Applying Policies...
>shorewall[824]: ERROR: Internal error in
>Shorewall::Rules::createactionchain at
>/usr/share/perl5/Shorewall/Rules.pm line 1246 at
>/usr/share/perl5/Shorewall/Config.pm line 1215
>shorewall[824]: #011Shorewall::Config::fatal_error('Internal error in
>Shorewall::Rules::createactionchain at /usr...') called at
>/usr/share/perl5/Shorewall/Config.pm line 1255
>shorewall[824]: #011Shorewall::Config::assert('') called at
>/usr/share/perl5/Shorewall/Rules.pm line 1246
>shorewall[824]:
>#011Shorewall::Rules::createactionchain('ELOG(-,1,2,-,Drop)') called at
>/usr/share/perl5/Shorewall/Rules.pm line 1267
>shorewall[824]: #011Shorewall::Rules::use_action('ELOG(-,1,2,-,Drop)')
>called at /usr/share/perl5/Shorewall/Rules.pm line 1764
>shorewall[824]:
>#011Shorewall::Rules::use_policy_action('ELOG(-,1,2,-,Drop)', 'fw2net')
>called at /usr/share/perl5/Shorewall/Rules.pm line 707
>shorewall[824]: #011Shorewall::Rules::policy_rules('HASH(0x8b770c8)',
>'DROP', '', 'ELOG(-,1,2,-,Drop)', '') called at
>/usr/share/perl5/Shorewall/Rules.pm line 736
>shorewall[824]: #011Shorewall::Rules::default_policy('HASH(0x8b770c8)',
>'fw', 'net') called at /usr/share/perl5/Shorewall/Rules.pm line 810
>shorewall[824]: #011Shorewall::Rules::apply_policy_rules() called at
>/usr/share/perl5/Shorewall/Compiler.pm line 839
>shorewall[824]: #011Shorewall::Compiler::compiler('script',
>'/var/lib/shorewall/.start', 'directory', '/etc/shorewall', 'verbosity',
>1, 'timestamp', 0, 'debug', ...) called at
>/usr/libexec/shorewall/compiler.pl line 142
>logger: ERROR:Shorewall start failed
I don't understand what is going on on your system.
If I recreate your test configuration and set a breakpoint at
Shorewall::Rules::use_policy_action, I see this stack trace:
DB<2> T
$ = Shorewall::Rules::use_policy_action('ELOG:none::-,1,2,-,Drop',
'fw2loc') called from file `/usr/share/shorewall/Shorewall/Rules.pm' line
707
. = Shorewall::Rules::policy_rules(ref(HASH), 'DROP', '',
'ELOG:none::-,1,2,-,Drop', '') called from file
`/usr/share/shorewall/Shorewall/Rules.pm' line 737
. = Shorewall::Rules::default_policy(ref(HASH), 'fw', 'net') called from
file `/usr/share/shorewall/Shorewall/Rules.pm' line 810
. = Shorewall::Rules::apply_policy_rules() called from file
`/usr/share/shorewall/Shorewall/Compiler.pm' line 839
. = Shorewall::Compiler::compiler('script', '', 'directory',
'/home/teastep/shorewall/regressionLibrary/4.5.13/defaultaction/',
'verbosity', 1, 'timestamp', 0, 'debug', 0, 'export', 0, 'chains',
':none:', 'log', '', 'log_verbosity', -1, 'test', 0, 'preview', 1,
'family', 4, 'confess', 0, 'update', 0, 'convert', 0, 'annotate', 0,
'directives', 0, 'config_path',
'/home/teastep/shorewall/regressionLibrary/4.5.13/defaultaction/:/u...
called from file `/usr/share/shorewall/compiler.pl' line 142
DB<2>
Note the difference in the first argument to use_policy_action. In your
case, it is the raw action specified in your policy file; in my case, it
has been normalized into <action>:<loglevel>:<tag>:<parameters>. The
latter is what use_policy_action is expecting. The normalization should
have occurred when the policy file was processed.
Are you specifying any options for ELOG in /etc/shorewall/actions?
-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
