> I'll be able to do a bit of testing after Tuesday. This is what I was able to find out so far:
1. action.my_log ~~~~~~~~~~~~~ $1 rules ~~~~~ my_log(LOG:info(uid,tcp_options,ip_options,macdecode,tcp_sequence)):debug(uid,tcp_options,ip_options,macdecode,tcp_sequence) $FW net gets me "ERROR: Invalid ACTION (LOG:info(uid)" 2. action.my_log78901234567890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ $1 3. action.C_ACTION (inline) ~~~~~~~~~~~~~~~~~~~~~~~~ $1 rules ~~~~~ C_ACTION(dropBcast) $FW net dropBcast $FW net generates: [...] -A fw2net -j dropBcast -m comment --comment "C_ACTION" -A fw2net -j dropBcast [...] Two issues here: 1. the above 2 statements are essentially the same, bar the (auto-generated) comment (OPTIMIZE is set at 31); and 2. It would be nice if I could disable the auto-generated comment by shorewall (new option in "actions"?) and verify that OPTIMIZE works to remove the duplicate statements in inline actions (that optimisation seems to work for normal actions). 4. rules ~~~~~ my_log78901234567890(LOG:debug):info $FW net gets me (note the extra space after "678") WARNING: Log Prefix shortened to "Shorewall:my_log789012345678 " and then generates a rule containing (again, note the extra space) ... --log-prefix "Shorewall:my_log789012345678 " 5. rules ~~~~~ circ1(NonSyn) $FW net gets me "ERROR: Invalid Action (NonSyn) in inline action" (circ1 is indeed inlined) - isn't that supposed to be (silently) ignored? rules ~~~~~ circ1(RST) $FW net gives no error, but the following rule is produced: -A fw2net -p 6 --tcp-flags RST RST, -j DROP -m comment --comment "circ1" Is the comma after the second "RST" supposed to be there? ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
