Dash Four wrote:
>
> Tom Eastep wrote:
>> On Jun 1, 2013, at 9:05 AM, Tom Eastep <[email protected]> wrote:
>>
>>
>>> On Jun 1, 2013, at 9:00 AM, Dash Four <[email protected]>
>>> wrote:
>>>
>>>
>>>> Tom Eastep wrote:
>>>>
>>>>> On 06/01/2013 08:37 AM, Tom Eastep wrote:
>>>>>
>>>>>
>>>>> I *can* reproduce it if I modify action.IFLOG as follows:
>>>>>
>>>>>
>>>>> ?IF $5
>>>>> $5
>>>>> ?ENDIF
>>>>> ?IF $1
>>>>> NFLOG($1,0,1)
>>>>> ?ENDIF
>>>>> ?IF $2
>>>>> ?SET @chain $3 ? $3 : " "
>>>>> ?SET @disposition $4 ? $4 : " "
>>>>> LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
>>>>> ?ENDIF
>>>>>
>>>>>
>>>> You are (partially) right. I do have an extra check for the 5th
>>>> parameter at the very beginning and issue a "Drop" (not DROP!):
>>>>
>>>> ?IF $5 eq 'Drop'
>>>> $5
>>>> ?ENDIF
>>>>
>>>> The above statement is conditional upon $5 being equal to "Drop"
>>>> and when I call this action with "IFLOG(-,log1,-,drop,DROP) all
>>>> all" that surely won't satisfy the "if" above as "DROP" ain't
>>>> "Drop", unless shorewall makes case insensitive comparisons (if so,
>>>> that certainly wasn't the case before).
>>>>
>>> The warning is new in 4.5.17 -- the logic surrounding ?IF has not
>>> changed.
>>>
>>> So please send the real action.IFLOG contents and the actual rule in
>>> the RELATED section.
>>>
>>
>> Also, if you have defined your own action.Drop, then I would need to
>> see it too. Because if it terminates with an unconditional DROP and
>> has no CONTINUE rules, then the jump to 'Drop' will terminate the
>> current chain and any additional rules in that chain are unreachable.
>>
> action.IFLOG
> ~~~~~~~~~~~~
> [...]
>
> rules
> ~~~~~
> [line 106]
> IFLOG(-,log1,-,drop,DROP) all all
I think I finally got the bastard!
Now, if I have the above statement in rules and have *no* other
statements present, I am *not* getting these warnings. However, if I add
the following:
rules
~~~~~
SECTION RELATED
IFLOG(-,log1,-,accept,ACCEPT) $FW local
IFLOG(-,log1,-,accept,ACCEPT) local $FW
IFLOG(-,log1,-,drop,DROP) all all
Then I get the warnings - all 4 of them, directing me at the last
statement line ("all all"). Now, if I comment out either of the "$FW
local" or "local $FW" statements, then I get only 2 warnings instead. If
I comment out the last statement, then I don't get any warnings at all.
So, what I think is happening is this:
1. The 3 statements above do something in combination that shorewall
doesn't like very much and issues these warnings.
2. shorewall is telling me porkies about the erroneous line in my
"rules" statement file (that the problem is with my last statement),
confusing the hell out of me.
Over to you Tom...
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
