On 2/3/2014 4:49 PM, Steven Jan Springl wrote: > On Monday 03 Feb 2014 22:55:48 Tom Eastep wrote: >> On 2/3/2014 12:58 PM, Steven Jan Springl wrote: >>> On Monday 03 Feb 2014 20:00:22 Tom Eastep wrote: >>>> On 2/3/2014 10:44 AM, Steven Jan Springl wrote: >>>>> Tom >>>>> >>>>> Output from command "shorewall show -f capabilities" does not include >>>>> BASIC_EMATCH. >>>> >>>> Oops -- patch attached. >>>> >>>> Thanks Steven, >>>> -Tom >>> >>> Tom >>> >>> Confirmed, the patch fixes the problem. >>> >>> When BASIC_EMATCH=Yes the following tcfilters entry >>> >>> eth1:33 1.1.1.0/24 2.2.0.0/16 icmp 8 >>> >>> produces the following error message: >>> >>> ERROR: Invalid ICMP Type (REF(0xa85fc90)) /etc/shorewall2/tcfilters (line >>> 15) >> >> The attached patch should correct this and a couple of other issues. >> >> Thanks Steven, >> -Tom > > Tom > > Confirmed, the patch fixes the issue. > > In the attached config. tcfilters entry: > > eth0:33 1.1.1.0/24 2.2.0.0/16 icmp echo-request,13 > > produces the following error message: > > /var/lib/shorewall/.start: 1929: Syntax error: ")" unexpected (expecting "fi")
The attached patch seems to correct the problem. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index d5d7240..66f948c 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -2358,14 +2358,16 @@ sub process_tc_filter2( $$$$$$$$$ ) {
$rule .= "\\\n \\(" if @typelist > 1;
+ my $types = 0;
+
for my $type ( @typelist ) {
my ( $icmptype , $icmpcode ) = split '/', validate_icmp( $type );
+ $rule .= ' or' if $types++;
$rule .= "\\\n cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | ( $icmpcode || 0 ) ) . ' \\)';
- $rule .= ' or' if @typelist > 1;
}
- $rule .= "\\\n)" if @typelist > 1;
+ $rule .= "\\\n \\)" if @typelist > 1;
} elsif ( $protonumber == IPv6_ICMP ) {
fatal_error "IPv6 ICMP not allowed with IPv4" unless $family == F_IPV4;
@@ -2375,15 +2377,17 @@ sub process_tc_filter2( $$$$$$$$$ ) {
$rule .= "\\\n \\(" if @typelist > 1;
+ my $types = 0;
+
for my $type ( @typelist ) {
my ( $icmptype , $icmpcode ) = split '/', validate_icmp6( $type );
+ $rule .= ' or' if $types++;
$rule .= "\\\n cmp\\( u16 at 0 layer 2 mask 0xffff eq " . in_hex4( ( $icmptype << 8 ) | ( $icmpcode || 0 ) ) . ' \\)';
- $rule .= ' or' if @typelist > 1;
}
- $rule .= "\\\n)" if @typelist > 1;
+ $rule .= "\\\n \\)" if @typelist > 1;
} else {
my @portlist;
my $multiple;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
