Niedermeier Günter wrote:
> Hi,
>
> enabling this line in hosts file
>
> "WAN
> eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
>
> routeback,blacklist,tcpflags"
>
> results in this error message
>
> --
> Preparing iptables-restore input...
> Running /usr/sbin/iptables-restore...
> iptables-restore v1.3.8: error creating chain 'ACCEPT':File exists
>
> Error occurred at line: 29
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
> ERROR: iptables-restore Failed. Input is in
> /var/lib/shorewall/.iptables-restore-input
> Processing /etc/shorewall/stop ...
> IPv4 Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /sbin/shorewall: line 742: 32734 Terminated
> $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
> --
>
> removing routeback,blacklist,tcpflags works fine.
Please see if the attached patch corrects the problem.
Thanks
Index: Shorewall/Chains.pm
===================================================================
--- Shorewall/Chains.pm (revision 9216)
+++ Shorewall/Chains.pm (working copy)
@@ -769,7 +769,7 @@
{
my ($table, $chain) = @_;
- fatal_error "Internal error in new_chain()" if $chain_table{$table}{$chain};
+ fatal_error "Internal error in new_chain()" if $chain_table{$table}{$chain} || ( ( $targets{$chain} || 0 ) & STANDARD );
$chain_table{$table}{$chain} = { name => $chain,
rules => [],
@@ -1139,11 +1139,22 @@
my ( $exclusions, $targetref ) = @_;
return $targetref unless @$exclusions;
-
- $targetref = ensure_filter_chain( $targetref, 0 ) unless reftype $targetref;
-
- my $chainref = new_chain( $targetref->{table}, newexclusionchain );
-
+
+ my $chainref;
+
+ unless ( reftype $targetref ) {
+ if ( ( $targets{$targetref} || 0 ) & STANDARD ) {
+ $chainref = new_chain( 'filter', newexclusionchain );
+ add_rule( $chainref, match_source_net( $_ ) . '-j RETURN' ) for @$exclusions;
+ add_jump( $chainref, $targetref, 1 );
+ return $targetref;
+ }
+
+ $targetref = ensure_filter_chain( $targetref, 0 );
+ }
+
+ $chainref = new_chain( $targetref->{table}, newexclusionchain );
+
add_rule( $chainref, match_source_net( $_ ) . '-j RETURN' ) for @$exclusions;
add_jump( $chainref, $targetref, 1 );
@@ -1155,10 +1166,21 @@
return $targetref unless @$exclusions;
- $targetref = ensure_filter_chain( $targetref, 0 ) unless reftype $targetref;
+ my $chainref;
+
+ unless ( reftype $targetref ) {
+ if ( ( $targets{$targetref} || 0 ) & STANDARD ) {
+ $chainref = new_chain( 'filter', newexclusionchain );
+ add_rule( $chainref, match_dest_net( $_ ) . '-j RETURN' ) for @$exclusions;
+ add_jump( $chainref, $targetref, 1 );
+ return $targetref;
+ }
+
+ $targetref = ensure_filter_chain( $targetref, 0 );
+ }
+
+ $chainref = new_chain( $targetref->{table}, newexclusionchain );
- my $chainref = new_chain( $targetref->{table}, newexclusionchain );
-
add_rule( $chainref, match_dest_net( $_ ) . '-j RETURN' ) for @$exclusions;
add_jump( $chainref, $targetref, 1 );
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
