On 10/14/12 10:25 AM, Costantino wrote: > Hi all, > > I need to add the following IPTABLES command > > iptables -A INPUT -p udp -m udp --dport 5060 -m string --string > "Cirpack KeepAlive Packet" --algo bm -j DROP > > into the /etc/Shorewall/start file.
That won't work, even if you do add the command. At the very least, you want to use -I INPUT rather than -A INPUT. > > Although I’ve tried with various combinations of single and double > quotes around the < Cirpack KeepAlive Packet > string, I don’t seem > to be able to find the right combination that Shorewall would > accept, assuming that that’s where it fails. The current run_iptables() doesn't handle quotes in the passed command. The attached patch will allow you to do this: run_iptables "-A INPUT -p udp --dport 5060 \ -m string --string \"Cirpack KeepAlive Packet\" --algo bm -j DROP" -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/lib.core b/Shorewall/Perl/lib.core
index 68effbd..d03628e 100644
--- a/Shorewall/Perl/lib.core
+++ b/Shorewall/Perl/lib.core
@@ -430,7 +430,7 @@ run_iptables()
local status
while [ 1 ]; do
- $g_tool $@
+ eval $g_tool $@
status=$?
[ $status -ne 4 ] && break
done
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
