On Sunday 10 Feb 2013 16:26:38 Tom Eastep wrote: > On 2/9/13 5:59 PM, "Mr Dash Four" <[email protected]> wrote: > >> Thank you for testing, > > > >OK, I've tried to test-run this on another machine where I get this > >internal error: > > > >shorewall[824]: Compiling MAC Filtration -- Phase 2... > >shorewall[824]: Applying Policies... > >shorewall[824]: ERROR: Internal error in > >Shorewall::Rules::createactionchain at > >/usr/share/perl5/Shorewall/Rules.pm line 1246 at > >/usr/share/perl5/Shorewall/Config.pm line 1215 > >shorewall[824]: #011Shorewall::Config::fatal_error('Internal error in > >Shorewall::Rules::createactionchain at /usr...') called at > >/usr/share/perl5/Shorewall/Config.pm line 1255 > >shorewall[824]: #011Shorewall::Config::assert('') called at > >/usr/share/perl5/Shorewall/Rules.pm line 1246 > >shorewall[824]: > >#011Shorewall::Rules::createactionchain('ELOG(-,1,2,-,Drop)') called at > >/usr/share/perl5/Shorewall/Rules.pm line 1267 > >shorewall[824]: #011Shorewall::Rules::use_action('ELOG(-,1,2,-,Drop)') > >called at /usr/share/perl5/Shorewall/Rules.pm line 1764 > >shorewall[824]: > >#011Shorewall::Rules::use_policy_action('ELOG(-,1,2,-,Drop)', 'fw2net') > >called at /usr/share/perl5/Shorewall/Rules.pm line 707 > >shorewall[824]: #011Shorewall::Rules::policy_rules('HASH(0x8b770c8)', > >'DROP', '', 'ELOG(-,1,2,-,Drop)', '') called at > >/usr/share/perl5/Shorewall/Rules.pm line 736 > >shorewall[824]: #011Shorewall::Rules::default_policy('HASH(0x8b770c8)', > >'fw', 'net') called at /usr/share/perl5/Shorewall/Rules.pm line 810 > >shorewall[824]: #011Shorewall::Rules::apply_policy_rules() called at > >/usr/share/perl5/Shorewall/Compiler.pm line 839 > >shorewall[824]: #011Shorewall::Compiler::compiler('script', > >'/var/lib/shorewall/.start', 'directory', '/etc/shorewall', 'verbosity', > >1, 'timestamp', 0, 'debug', ...) called at > >/usr/libexec/shorewall/compiler.pl line 142 > >logger: ERROR:Shorewall start failed > > I don't understand what is going on on your system. > > If I recreate your test configuration and set a breakpoint at > Shorewall::Rules::use_policy_action, I see this stack trace: > > DB<2> T > $ = Shorewall::Rules::use_policy_action('ELOG:none::-,1,2,-,Drop', > 'fw2loc') called from file `/usr/share/shorewall/Shorewall/Rules.pm' line > 707 > . = Shorewall::Rules::policy_rules(ref(HASH), 'DROP', '', > 'ELOG:none::-,1,2,-,Drop', '') called from file > `/usr/share/shorewall/Shorewall/Rules.pm' line 737 > . = Shorewall::Rules::default_policy(ref(HASH), 'fw', 'net') called from > file `/usr/share/shorewall/Shorewall/Rules.pm' line 810 > . = Shorewall::Rules::apply_policy_rules() called from file > `/usr/share/shorewall/Shorewall/Compiler.pm' line 839 > . = Shorewall::Compiler::compiler('script', '', 'directory', > '/home/teastep/shorewall/regressionLibrary/4.5.13/defaultaction/', > 'verbosity', 1, 'timestamp', 0, 'debug', 0, 'export', 0, 'chains', > ':none:', 'log', '', 'log_verbosity', -1, 'test', 0, 'preview', 1, > 'family', 4, 'confess', 0, 'update', 0, 'convert', 0, 'annotate', 0, > 'directives', 0, 'config_path', > '/home/teastep/shorewall/regressionLibrary/4.5.13/defaultaction/:/u... > called from file `/usr/share/shorewall/compiler.pl' line 142 > DB<2> > > Note the difference in the first argument to use_policy_action. In your > case, it is the raw action specified in your policy file; in my case, it > has been normalized into <action>:<loglevel>:<tag>:<parameters>. The > latter is what use_policy_action is expecting. The normalization should > have occurred when the policy file was processed. > > > Are you specifying any options for ELOG in /etc/shorewall/actions? >
Tom I have recreated the problem in the attached config: Steven.
shorewall2A22.tar.gz
Description: application/compressed-tar
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
