On 12/1/12 4:53 PM, "Mr Dash Four" <[email protected]> wrote:
>> You are using ${0} -- if you use @{0} then it works (but you will need
>> to wait until RC 1; in Beta3, just use @).
>>
>> Within a SWITCH, @{0} (@ in Beta 3) expands to the name of the current
>> chain with non-alphanumeric characters except '_' and '-' suppressed.
>> ${0} always expands to the full name of the chain.
>Is this behaviour explained/documented anywhere, particularly the
>distinction between '@' and '$0'? Substituting $0 with @ does indeed work.
Not in Beta 3; remember that '@' isn't documented in Beta 3.
>
>>> 4. Further to the "forbidden or not" discussion earlier, I am not sure
>>> whether the above can be considered a bug, but, at the very least,
>>>there
>>> seems to be inconsistency in reporting of errors/allowing inlined
>>> actions. The following actions appear on the "forbidden" list, but are
>>> allowed in for invocation inline: Broadcast*, Invalid, RST and
>>>TCPFlags*
>>>
>>> In case where DropSmurfs is used inline, the error I am getting is
>>> "ERROR: Bareword "IPv6_MULTICAST" not allowed while "strict subs" in
>>>use
>>> at /usr/share/shorewall/action.DropSmurfs line 80" instead of the
>>> "ERROR: Invalid Action (XXX) in inline action"
>>>
>>> * - This invocation is translated to a straight jump (-j
>>><action_name>)
>>> - inline - instead of emitting an error message.
>>
>> This is a non-issue now that 'inline' is ignored for these actions.
>Please elaborate.
My post of this afternoon explained that in RC 1, the compile will ignore
(with a warning), 'inline' on one of these actions. So I don't believe
that there is any inconsistency once that release is available.
>
>>
>>> 5. Minor issue, which could be improved upon as far as optimisation of
>>> inline actions goes:
>>>
>>> rules
>>> ~~~~~
>>> circ1(dropBcast) $FW net
>>> dropBcast $FW net
>>>
>>> generates something like:
>>>
>>> :~comb2 [0:0]
>>> [...]
>>> -A fw2net -j ~comb2
>>> -A fw2net -j ~comb2
>>> [...]
>>> -A ~comb2 -m addrtype --dst-type BROADCAST -j DROP
>>> -A ~comb2 -d 224.0.0.0/4 -j DROP
>>>
>>> Both statements for "-A fw2net ..." above should have been combined
>>>into
>>> a single one.
>>
>> Doesn't setting OPTIMIZE=31 remove the duplicate rule?
>No.
Okay -- I'll look at that tomorrow.
Thanks for testing,
-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
DESIGN Expert tips on starting your parallel project right.
http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
