On 06/04/2011 07:25 AM, Steven Jan Springl wrote: > Specifying BLACKLIST_DISPOSITION=A_DROP generates the following iptables > rule: > > -A blacklog -j AUDIT -type a_drop > > Which produces the following iptables-restore error: > > iptables-restore v1.4.11: Bad action type value "a_drop"
The attached patch seems to correct the problem. It only occured when BLACKLIST_LOG_LEVEL was set to a logging value. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 6379ef1..8a48a7b 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -203,7 +203,7 @@ sub setup_blacklist() {
my $chainref;
my $chainref1;
my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
- my $audit = $disposition =~ /^A_/;
+ my $audit = $disposition =~ s/^A_//;
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
my $orig_target = $target;
@@ -233,7 +233,7 @@ sub setup_blacklist() {
$target = 'blacklog';
} elsif ( $audit ) {
require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
- $target = verify_audit( $disposition );
+ $target = verify_audit( $config{BLACKLIST_DISPOSITION} );
}
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
