Re: [Shorewall-devel] Shorewall 4.4.13 Beta 4

Sat, 11 Sep 2010 13:40:54 -0700 

On 9/11/10 1:15 PM, Tom Eastep wrote:
> On 9/11/10 1:12 PM, Tom Eastep wrote:
>>
>>> tcrules entry:
>>>
>>> SAME  eth0  eth0
>>>
>>> produces the following message from "shorewall start"
>>>
>>> Bad argument 'echo'
>>>
>>>
>>> and produces the following messages from "shorewall debug start":
>>>
>>> /var/lib/shorewall/.start: line 838: 3: Bad file descriptor
>>>
>>>    ERROR: Command "/usr/local/sbin/iptables -A setsticky echo "-i eth0 -d  
>>> -m 
>>> mark --mark 0x1/0xff -m recent --name sticky002 --set" >&3" Failed
>>
>> Steven,
>>
>> Please verify that the attached patch corrects the problem.
> 
> Please disregard that patch -- it is insufficient.

This one "fixes" it. Specifying an OUTPUT interface in a SAME rule is
silly anyway.

-Tom

PS -- reverse echo.patch if you've applied it.
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm 
b/Shorewall/Perl/Shorewall/Chains.pm
index c5886b8..620d53d 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3344,6 +3344,7 @@ sub expand_rule( $$$$$$$$$$;$ )
        fatal_error "Unknown Interface ($diface)" unless known_interface 
$diface;
 
        if ( $restriction & PREROUTE_RESTRICT ) {
+           fatal_error "A DEST interface is not permitted in the PREROUTING 
chain" if $chainref->{table} eq 'mangle';
            #
            # Dest interface -- must use routing table
            #
diff --git a/Shorewall/Perl/Shorewall/Providers.pm 
b/Shorewall/Perl/Shorewall/Providers.pm
index 1298544..1c4ad26 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1004,12 +1004,11 @@ sub handle_stickiness( $ ) {
                        $rule1 =~ s/-j sticky/-m mark --mark $mark\/$mask -m 
recent --name $list --set/;
                    }
 
-                   $rule1 =~ s/-A //;
-
+                   assert ( $rule1 =~ s/^-A // );
                    add_rule $chainref, $rule1;
 
                    if ( $rule2 ) {
-                       $rule2 =~ s/-A //;
+                       assert ( $rule2 =~ s/^-A // );
                        add_rule $chainref, $rule2;
                    }
                }

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to