On 06/01/2013 07:22 AM, Dash Four wrote: > IFLOG is the "inline" equivalent of FLOG, which I have posted before: > > action.FLOG > ~~~~~~~~~~~ > ?IF $1 > NFLOG($1,0,1) > ?ENDIF > ?IF $2 > ?SET @chain $3 ? $3 : " " > ?SET @disposition $4 ? $4 : " " > LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid) > ?END IF > ?IF $5 > $5 > ?END IF >
The above doesn't compile -- ?END IF should be ?ENDIF at the very least. I have taken the standard two-interface example and modified it as follows: actions ------- #ACTION OPTIONS COMMENT (place '# ' below the 'C' in # v a comment describing the IFLOG inline action.IFLOG ------------ ?IF $1 NFLOG($1,0,1) ?ENDIF ?IF $2 ?SET @chain $3 ? $3 : " " ?SET @disposition $4 ? $4 : " " LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid) ?ENDIF ?IF $5 $5 ?ENDIF rules: ------ #SECTION ALL #SECTION ESTABLISHED SECTION RELATED IFLOG(-,log1,-,drop,DROP) all all #SECTION INVALID #SECTION UNTRACKED SECTION NEW The resulting configuration compiles with no warnings whatsoever. teastep@mint14 ~/shorewall/trunk/Shorewall/Perl $ shorewall check -r . Checking... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Checking /etc/shorewall/zones... Checking /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Action Files... Checking /usr/share/shorewall/action.Drop for chain Drop... Checking /usr/share/shorewall/action.Broadcast for chain Broadcast... Checking /usr/share/shorewall/action.Invalid for chain Invalid... Checking /usr/share/shorewall/action.NotSyn for chain NotSyn... Checking /usr/share/shorewall/action.Reject for chain Reject... Checking /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Checking TCP Flags filtering... Checking UPnP Checking Kernel Route Filtering... Checking Martian Logging... Checking Accept Source Routing... Checking /etc/shorewall/providers... Checking /etc/shorewall/masq... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall/rules... Checking /etc/shorewall/tunnels... Checking MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Optimizing Ruleset... What am I missing? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
