On 05/17/2013 04:28 PM, Dash Four wrote: > >> accounting >> ~~~~~~~~~~ >> NFACCT(acc1,acc2) net2fw +test1 !+test2[src] >> >> produces >> >> -A net2fw -m set --match-set test1 src -m nfacct --nfacct-name acc1 -m >> nfacct --nfacct-name acc2 -m set ! --match-set test2 src >> >> which is wrong. > The alternative syntax of "NFACCT(acc1,acc2) net2fw +[test1,!test2]", > which should be the same as the above statement, works and produces what > is expected.
Patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6e626d7..7d16c7a 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -7115,7 +7115,7 @@ sub expand_rule( $$$$$$$$$$$;$ )
unless ( $inets || $iexcl =~ /^\+\[/ || ( $iiface && $restriction & POSTROUTE_RESTRICT ) ) {
my @iexcl = split_host_list( $iexcl, $deferdns, 1 );
if ( @iexcl == 1 ) {
- $rule .= match_source_net "!$iexcl" , $restriction;
+ $prerule .= match_source_net "!$iexcl" , $restriction;
$iexcl = '';
$trivialiexcl = 1;
}
@@ -7130,7 +7130,7 @@ sub expand_rule( $$$$$$$$$$$;$ )
unless ( $dnets || $dexcl =~ /^\+\[/ ) {
my @dexcl = split_host_list( $dexcl, $deferdns, 1 );
if ( @dexcl == 1 ) {
- $rule .= match_dest_net "!$dexcl", $restriction;
+ $prerule .= match_dest_net "!$dexcl", $restriction;
$dexcl = '';
$trivialdexcl = 1;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
