Package: ferm
Version: 2.0.6-1
Severity: wishlist
Hi,
I have the following function:
@def &logreject($logprefix) = @subchain "$logprefix" {
LOG log-prefix $logprefix;
REJECT reject-with admin-prohib;
}
This works fine if called from complex rules like
chain INPUT saddr (10.0.0.0/8 172.16.0.0/12 192.168.0.0/16)
&logreject("silo-src-addr");
but not as a catchall
chain OUTPUT &logreject("catchall");
resulting in "no rule specified before @subchain". I have to
complicate the rule as
chain OUTPUT protocol 0 &logreject("catchall");
for it to work. I do sincerely hope that the protocol catch-all is the
fastest match ;)
It would be nice if this construct would also be possible without
having to add a always-matching rule.
Greetings
Marc
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
