On 03/07/2013 05:03 PM, Tom Eastep wrote: > On 3/7/13 4:26 PM, "Mr Dash Four" <[email protected]> wrote: > >> >>> The first bug fix below should receive wider testing. So I have uploaded >>> 4.5.14 RC 2. I went ahead and included a simple new feature (see below), >>> but I neglected to include the change that allows generating '-m >>> multiport --ports <port list>' by placing '=' SOURCE PORT(S) columns. >>> >> I am not sure I understand this - care to elaborate? > > Here's an example from the accounting file: > > #ACTION CHAIN SOURCE DEST PROTO DEST SOURCE > # PORT(S) PORT(S) > COUNT - br0 - tcp 80 = > > This rule matches all TCP packets entering through br0 where either > the source port or the destination port is 80. > > > >> Good on all counts as far as I can see. > > Good - thanks. > >> >> The fictitious interface name in "providers" is fixed as well, though >> when I add "lo" (loopback) (loopback is in a state of "ignore" in my >> "interfaces" - just FYI) I get a few funnies generated which should not >> be there, like: >> >> run_ip route replace <default gateway address> src $SW_LO_ADDRESS dev lo >> run_ip route replace <default gateway address> src $SW_LO_ADDRESS dev lo >> table XX >> run_ip route add default via <default gateway address> src >> $SW_LO_ADDRESS dev lo table XX > > Where else to you mention 'lo' in your configuration. I have an entry like > yours in my interfaces file and I don't have that issue. >> >> Would there be a way for me to manipulate the blackhole routes in my >> main table or is this for another day? > > It is going to have to wait until Beta 1. There are some issues to resolve.
I woke up this morning with an easy solution to those issues. Patch is attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index f19f609..45e72d2 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1120,18 +1120,18 @@ sub add_a_route( ) {
if ( $gateway ne '-' ) {
if ( $device ne '-' ) {
push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number);
- emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+ push @$routes, q(echo "qt $IP ) . qq(-$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
} elsif ( $gateway eq 'blackhole' ) {
push @$routes, qq(run_ip route add blackhole $dest table $number);
- emit qq(echo "\$IP -$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+ push @$routes, q(echo "qt $IP ) . qq(-$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
} else {
push @$routes, qq(run_ip route add $dest via $gateway table $number);
- emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+ push @$routes, q(echo "qt $IP ) . qq(-$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
}
} else {
fatal_error "You must specify a device for this route" unless $physical;
push @$routes, qq(run_ip route add $dest dev $physical table $number);
- emit qq(echo "\$IP -$family route del $dest dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+ push @$routes, q(echo qt $IP ) . qq(-$family route del $dest dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
}
progress_message " Route \"$currentline\" $done";
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
