Steven Jan Springl wrote: > On Wednesday 09 May 2007 19:23, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> On Wednesday 09 May 2007 18:15, Tom Eastep wrote: >>>> Tom Eastep wrote: >>>>> Steven Jan Springl wrote: >>>>>> Tom >>>>>> >>>>>> macro.sjs: >>>>>> >>>>>> Limit:warn:test,2,8 lan lan >>>>>> >>>>>> Rule: >>>>>> >>>>>> sjs/ 192.168.0.3 10.1.1.1 tcp 23 >>>>>> >>>>>> works when compiled with shorewall-shell, >>>>>> but produces the following message when compiled with shorewall-perl: >>>>>> >>>>>> ERROR Unknown action (HASH(0x83451a4)) : /etc/shorewall/macro.sjs >>>>> Thanks, Steven >>>>> >>>>> Problem is corrected in revision 6288. >>>> Hello Steven, >>>> >>>> I've just fixed a problem having to do with COMMENT and/or LOG rules in >>>> conjunction with detecting addresses/routes at run-time. You may wish to >>>> upgrade to revision 6303. >>>> >>>> Thanks, >>>> -Tom >>> Tom >>> >>> I have been following your changes. This test is based upon revision >>> 6304. >>> >>> The following rules: >>> >>> COMMENT Rule Modification " --sport 22 " >>> ACCEPT lan fw tcp 22 >>> >>> generates iptables rule: >>> >>> -A lan2fw -p 6 --dport 22 -j ACCEPT -m comment --comment "Rule >>> Modification " --sport 22 "" >>> >>> This is accepted by iptables-restore. When an iptables-save is issued, >>> the rule is listed as: >>> >>> -A lan2fw -p tcp -m tcp --sport 22 --dport 22 -m comment --comment "Rule >>> Modification " -j ACCEPT >> Hmmmm -- looks like I need to disallow double quotes in COMMENT lines. >> >> Change is in revision 6305 (Shorewall-perl only) >> >> Thanks, Steven. >> >> -Tom > > Tom > > If a comment line ends with a \ followed by a white space, e.g. > > COMMENT hello \ > ACCEPT lan fw tcp 22 > > Then the following iptables rule is generated: > > -A lan2fw -p 6 --dport 22 -j ACCEPT -m comment --comment "hello \" > > which produces the following error: > > iptables-restore V1.3.6: Unknown arg '--comment' > > Note: > If the \ is not followed by a white space then following line in the > rules > file is appended and error doesn't occur. > If the \ is followed by a character other than a white space the problem > doesn't occur either. >
Steven, Revision 6308 makes such comments an error. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
