On 2/12/2014 2:40 PM, Tom Eastep wrote:
> On 2/12/2014 11:54 AM, Farkas Levente wrote:
>> hi,
>> more warnings which can be fixed in the default shorewall.conf which
>> comes from the the default config file. imho all of these should have be
>> fixed:
>> --------------------------------
>> WARNING: Unknown configuration option (REJECT_ACTION) ignored
>> shorewall.conf (line 197) at /usr/share/perl5/Shorewall/Config.pm line 4596
>> Shorewall::Config::process_shorewall_conf(0, 0) called at
>> /usr/share/perl5/Shorewall/Config.pm line 5012
>> Shorewall::Config::get_configuration(1, 0, 0, 0) called at
>> /usr/share/perl5/Shorewall/Compiler.pm line 652
>> Shorewall::Compiler::compiler('script', './firewall', 'directory', .,
>> 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
>> /usr/lib/shorewall/compiler.pl line 145
>> WARNING: Unknown configuration option (TRACK_RULES) ignored
>> shorewall.conf (line 221) at /usr/share/perl5/Shorewall/Config.pm line 4596
>> Shorewall::Config::process_shorewall_conf(0, 0) called at
>> /usr/share/perl5/Shorewall/Config.pm line 5012
>> Shorewall::Config::get_configuration(1, 0, 0, 0) called at
>> /usr/share/perl5/Shorewall/Compiler.pm line 652
>> Shorewall::Compiler::compiler('script', './firewall', 'directory', .,
>> 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
>> /usr/lib/shorewall/compiler.pl line 145
>> WARNING: Unknown capability (REAP_OPTION) ignored capabilities (line
>> 76) at /usr/share/perl5/Shorewall/Config.pm line 4639
>> Shorewall::Config::read_capabilities() called at
>> /usr/share/perl5/Shorewall/Config.pm line 4715
>> Shorewall::Config::get_capabilities(1) called at
>> /usr/share/perl5/Shorewall/Config.pm line 5027
>> Shorewall::Config::get_configuration(1, 0, 0, 0) called at
>> /usr/share/perl5/Shorewall/Compiler.pm line 652
>> Shorewall::Compiler::compiler('script', './firewall', 'directory', .,
>> 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
>> /usr/lib/shorewall/compiler.pl line 145
>> --------------------------------
>>
>> another warning which is really strange too since loc and vpn are both 3
>> letters zone so imho it can't be too shorter so why the prefix still too
>> long? if it's still to long than the default prefix generation should
>> have to be changed:
>> --------------------------------
>> WARNING: Log Prefix shortened to "Shorewall:loc2vpn:DROP:Attac "
>> rules (line 48) at /usr/share/perl5/Shorewall/Chains.pm line 6003
>> Shorewall::Chains::log_rule_limit('ULOG', 'HASH(0x1d7d888)', 'loc2vpn',
>> 'DROP', '', 'Attack', 'add', '') called at
>> /usr/share/perl5/Shorewall/Chains.pm line 4059
>> Shorewall::Chains::logchain('HASH(0x1d01060)', 'ULOG', 'Attack', '',
>> 'DROP', 'DROP') called at /usr/share/perl5/Shorewall/Chains.pm line 7234
>> Shorewall::Chains::expand_rule('HASH(0x1d01060)', 0, '', '',
>> '!10.10.10.0/24', '0.0.0.0/0', '', 'DROP', 'ULOG:Attack', ...) called at
>> /usr/share/perl5/Shorewall/Rules.pm line 2671
>> Shorewall::Rules::process_rule(undef, '', 'DROP:ULOG:Attack', '',
>> 'loc:!10.10.10.0/24', 'vpn', '-', '-', '-', ...) called at
>> /usr/share/perl5/Shorewall/Rules.pm line 3063
>> Shorewall::Rules::process_raw_rule() called at
>> /usr/share/perl5/Shorewall/Rules.pm line 3236
>> Shorewall::Rules::process_rules(0) called at
>> /usr/share/perl5/Shorewall/Compiler.pm line 821
>> Shorewall::Compiler::compiler('script', './firewall', 'directory', .,
>> 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
>> /usr/lib/shorewall/compiler.pl line 145
>> --------------------------------
>> regards.
>>
>
> This looks like you are trying to compile set of config files with an
> outdated compiler.
>
> I just:
>
> a) copies all of the default release files to a directory.
> b) Edited shorewall.conf to remove /etc/shorewall from the CONFIG_PATH
> c) added a 'net ipv4' zone.
> d) added a 'net eth0' interface
> e) Compiled for export (shorewall compile -e . firewall)
> I'll take that back -- I saw no errors or warnings. When I compiled using 4.6.0-Beta3, I git the SECTION warning. With 4.5.21.6, I got no warnings at all (once I re-generated the capabilities file). Looking at the stack traces above, that doesn't look like a 4.5.21.6 compiler; the line numbers in the Config.pm file don't match 4.5.21.6. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
