Re: [Shorewall-devel] Shorewall 4.5.10 Beta 2

Sun, 25 Nov 2012 15:35:10 -0800 

On 11/25/2012 02:50 PM, Steven Jan Springl wrote:
> In the attached config. conntrack entries:
> 
> DROP  all  eth0         udp  1
> DROP  all  eth1  udp  1
> 
> produce the following error message:
> 
> /var/lib/shorewall/.start: 2242: Syntax error: "}" unexpected (expecting 
> "done")

I'm going to disallow a interface in the DEST column when the chain is
OUTPUT. That restriction also holds in the tcrules file.

Patch attached.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm 
b/Shorewall/Perl/Shorewall/Chains.pm
index 328012f..b7dd104 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6086,7 +6086,7 @@ sub verify_dest_interface( $$$$ ) {
            if ( $chainref->{accounting} ) {
                fatal_error "Destination Interface ($diface) not allowed in the 
$chainref->{name} chain";
            } else {
-               fatal_error "Destination Interface ($diface) not allowed in the 
mangle OUTPUT chain";
+               fatal_error "Destination Interface ($diface) not allowed in the 
$chainref->{table} OUTPUT chain";
            }
        }
 
diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index 31b6e6d..f5cb69b 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -55,7 +55,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
     my $restriction = PREROUTE_RESTRICT;
 
     if ( $chainref ) {
-       $restriction = OUTPUT_RESTRICT if $chainref->{name} eq 'OUTPUT';
+       $restriction = DESTIFACE_DISALLOW if $chainref->{name} eq 'OUTPUT';
     } else {
        #
        # Entry in the conntrack file

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to