On 09/24/2012 01:58 PM, Steven Jan Springl wrote:
On Monday 24 Sep 2012 01:23:59 Tom Eastep wrote:
On 9/23/12 3:05 PM, "Steven Jan Springl" <[email protected]> wrote:
When the following entry is placed in the tcrules file:
TTL(+0):P ppp0 eth0
the following iptables rule is generated:
-A tcpre -d 192.168.0.0/24 -i ppp0 -j TTL --ttl-inc 0
which produces the following error message:
iptables v1.4.15: TTL: bad value for option "--ttl-inc", or out of range
(1-255).
Note the same error occurs if 'TTL(-0):P' is specified.
Steven,
This patch correct the problem and a similar problem with HL() in
Shorewall6.
Thanks,
-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.
Tom
I can confirm the patch does correct the issue, however the following tcrules
file entries produce the same error:
TTL(+00):P ppp0 eth0
TTL(-00):P ppp0 eth0
Additionally the following tcrules file entry is rejected by Shorewall:
TTL(0):P ppp0 eth0
But the following entry is allowed by Shorewall and does not produce an
iptables-restore error:
TTL(00):P ppp0 eth0
Steven,
This patch seems to do the right thing in all cases.
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 53877f4..a0b8de4 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -402,7 +402,7 @@ sub process_tc_rule( ) {
my $param = $1;
- fatal_error "Invalid TTL specification( $cmd )" unless $2 && ( $param = abs $param ) < 256;
+ fatal_error "Invalid TTL specification( $cmd )" unless ( $1 eq $2 || $2 != 0 ) && ( $param = abs $param ) < 256;
if ( $1 =~ /^\+/ ) {
$target .= " --ttl-inc $param";
@@ -430,7 +430,7 @@ sub process_tc_rule( ) {
my $param = $1;
- fatal_error "Invalid HL specification( $cmd )" unless $2 && ( $param = abs $param ) < 256;
+ fatal_error "Invalid HL specification( $cmd )" unless ( $1 eq $2 || $2 != 0 ) && ( $param = abs $param ) < 256;
if ( $1 =~ /^\+/ ) {
$target .= " --hl-inc $param";
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
