On 01/05/2013 07:48 AM, Steven Jan Springl wrote: > Arprules entry: > > DROP eth0:!1.1.1.1 - 1 > > Produces the following error: > > ERROR: Invalid IP Address (!1.1.1.1) /etc/shorewall2A11/arprules (line 10)
Attached ARP3.patch corrects this problem. > > ------------------------------------------------------------------------------------------------ > > Arprules entry: > > DROP eth0 - !1 > > Generates the following arptables rule: > > -A INPUT -i eth0 --opcode 1 -j DROP > > Which seems to ignore the '!' in the ARP OPCODE column. > This problem was unique to 'arptables' it worked correctly with 'arptables_jf'. ARP4.patch attached Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/ARP.pm b/Shorewall/Perl/Shorewall/ARP.pm
index a5eb7eb..a2cf274 100644
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -56,12 +56,9 @@ sub match_arp_net( $$$ ) {
my $return = '';
if ( supplied $net ) {
- my ( $addr , $mask ) = split( $net , '/', 2 );
-
- my $invert = ( $addr =~ s/^!// ) ? '! ' : '';
-
+ my $invert = ( $net =~ s/^!// ) ? '! ' : '';
validate_net $net, 0;
- $return = $source ? "-s $net " : "-d $net ";
+ $return = $source ? "-s ${invert}$net " : "-d ${invert}$net ";
}
if ( supplied $mac ) {
diff --git a/Shorewall/Perl/Shorewall/ARP.pm b/Shorewall/Perl/Shorewall/ARP.pm
index a2cf274..38c4edc 100644
--- a/Shorewall/Perl/Shorewall/ARP.pm
+++ b/Shorewall/Perl/Shorewall/ARP.pm
@@ -165,7 +165,7 @@ sub process_arprule() {
if ( $opcode ne '-' ) {
my $invert = ( $opcode =~ s/^!// ) ? '! ' : '';
fatal_error "Invalid ARP OPCODE ($opcode)" unless $opcode =~ /^\d$/ && $opcode;
- $rule .= $arptablesjf ? " --arpop ${invert}$map[$opcode] " : "--opcode $opcode ";
+ $rule .= $arptablesjf ? " --arpop ${invert}$map[$opcode] " : "--opcode ${invert}$opcode ";
}
$functions{$action} ->();
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
