Re: [Shorewall-devel] Shorewall 3.9.6

Wed, 09 May 2007 12:24:21 -0700 

On Wednesday 09 May 2007 19:23, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > On Wednesday 09 May 2007 18:15, Tom Eastep wrote:
> >> Tom Eastep wrote:
> >>> Steven Jan Springl wrote:
> >>>> Tom
> >>>>
> >>>> macro.sjs:
> >>>>
> >>>>  Limit:warn:test,2,8  lan  lan
> >>>>
> >>>> Rule:
> >>>>
> >>>>  sjs/  192.168.0.3  10.1.1.1  tcp  23
> >>>>
> >>>> works when compiled with shorewall-shell,
> >>>> but produces the following message when compiled with shorewall-perl:
> >>>>
> >>>> ERROR Unknown action (HASH(0x83451a4)) : /etc/shorewall/macro.sjs
> >>>
> >>> Thanks, Steven
> >>>
> >>> Problem is corrected in  revision 6288.
> >>
> >> Hello Steven,
> >>
> >> I've just fixed a problem having to do with COMMENT and/or LOG rules in
> >> conjunction with detecting addresses/routes at run-time. You may wish to
> >> upgrade to revision 6303.
> >>
> >> Thanks,
> >> -Tom
> >
> > Tom
> >
> > I have been following your changes. This test is based upon revision
> > 6304.
> >
> > The following rules:
> >
> > COMMENT Rule Modification " --sport  22 "
> > ACCEPT  lan  fw  tcp 22
> >
> > generates iptables rule:
> >
> > -A lan2fw -p 6 --dport 22 -j ACCEPT  -m comment --comment "Rule
> > Modification " --sport 22 ""
> >
> > This is accepted by iptables-restore. When an iptables-save is issued,
> > the rule is listed as:
> >
> > -A lan2fw -p tcp -m tcp --sport 22 --dport 22 -m comment --comment "Rule
> > Modification " -j ACCEPT
>
> Hmmmm -- looks like I need to disallow double quotes in COMMENT lines.
>
> Change is in revision 6305 (Shorewall-perl only)
>
> Thanks, Steven.
>
> -Tom

Tom

If a comment line ends with a \ followed by a white space, e.g.

COMMENT hello \ 
ACCEPT  lan  fw  tcp 22

Then the following iptables rule is generated:

-A lan2fw -p 6 --dport 22 -j ACCEPT  -m comment --comment "hello \"

which produces the following error:

iptables-restore V1.3.6: Unknown arg '--comment'

Note:
        If the \ is not followed by a white space then following line in the 
rules
        file is appended and error doesn't occur.
        If the \ is followed by a character other than a white space the problem
        doesn't occur either.

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to