Re: [Shorewall-devel] Shorewall 5.0.8 Beta 2

[Tom Eastep]

On 04/01/2016 02:05 PM, Steven Jan Springl wrote:
> On Fri, 1 Apr 2016 13:06:06 -0700
> Tom Eastep <teas...@shorewall.net> wrote:
> 
>>
>>
>> 1)  If a physical interface name was used in the INTERFACE column of
>> an entry in /etc/shorewall/masq, then previously a Perl diagnostic was
>>     issued as the masq rule was being processed and the iptables rule
>>     and its containing chain were dropped by the optimizer. That has
>>     been corrected so that physical interface names are handled
>>     correctly.
>>
>>     Similar issues with physical names in the INTERFACE column of the
>>     nat and netmap files have also been resolved.
> 
> A similar problem occurs if you specify a physical interface in the ecn
> file.
> 

The attached patch seems to resolve the issue.

Thanks Steven,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index d0c49bb..92d7869 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -89,6 +89,7 @@ sub setup_ecn()
 {
     my %interfaces;
     my @hosts;
+    my $interfaceref;
 
     if ( my $fn = open_file 'ecn' ) {
 
@@ -105,7 +106,13 @@ sub setup_ecn()
 						    2 );
 
 	    fatal_error 'INTERFACE must be specified' if $interface eq '-';
-	    fatal_error "Unknown interface ($interface)" unless known_interface $interface;
+	    fatal_error "Unknown interface ($interface)" unless $interfaceref = known_interface( $interface );
+
+	    if ( $interfaceref->{root} ) {
+		$interface = $interfaceref->{name} if $interface eq $interfaceref->{physical};
+	    } else {
+		$interface = $interfaceref->{name};
+	    }
 
 	    my $lineinfo = shortlineinfo( '' );
 

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel