Re: [Shorewall-users] Shorewall 4.4.22.2

Wed, 10 Aug 2011 07:47:51 -0700 

On Wed, 2011-08-10 at 15:22 +0100, Steven Jan Springl wrote:

> In the attached config. when MANGLE_FORWARD is not set in capabilities and 
> there is an entry in ecn the following message is generated:
> 
> Use of uninitialized value in hash element 
> at /usr/share/shorewall/Shorewall/Chains.pm line 1119.

Steven,

The attached patch replaces the Perl diagnostic with a WARNING message.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 6d9bb76..5405b77 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -152,7 +152,10 @@ sub setup_ecn()
 
     if ( my $fn = open_file 'ecn' ) {
 
-	first_entry "$doing $fn...";
+	first_entry( sub { progress_message2 "$doing $fn...";
+			   require_capability 'MANGLE_ENABLED', 'Entries in the ecn file', '';
+			   warning_message 'ECN will not be applied to forwarded packets' unless have_capability 'MANGLE_FORWARD';
+		       } );
 
 	while ( read_a_line ) {
 
@@ -178,7 +181,7 @@ sub setup_ecn()
 	    for my $interface ( @interfaces ) {
 		my $chainref = ensure_chain 'mangle', ecn_chain( $interface );
 
-		add_ijump $mangle_table->{POSTROUTING} , j => $chainref, p => 'tcp', imatch_dest_dev( $interface );
+		add_ijump $mangle_table->{POSTROUTING} , j => $chainref, p => 'tcp', imatch_dest_dev( $interface ) if have_capability 'MANGLE_FORWARD';
 		add_ijump $mangle_table->{OUTPUT},       j => $chainref, p => 'tcp', imatch_dest_dev( $interface );
 	    }

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model 
configuration take the hassle out of deploying and managing Subversion and 
the tools developers use with it. Learn more about uberSVN and get a free 
download at:  http://p.sf.net/sfu/wandisco-dev2dev

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to