> Crap -- wonder how that made it out the door. > > Removing this line from the failing actions will correct that issue: > > use Shorewall::Rules qw( process_rule1 ); It does, though there is another issue:
rules ~~~~~ SECTION RELATED Related(ELOG(-,fw2NeT,2)) $FW net produces: -A +fw2net -m conntrack --ctstate RELATED -j ELOG "--cstate RELATED" match can be optimised away (it is not needed since the +fw2net chain has that match already). The "inline" equivalent of ELOG (IELOG) produces 2 additional RELATED matches (for each statement of that action) as well, but I suspect you already know that. I also suspect the situation will be the same if I use Established in the ESTABLISHED section, Untracked in the UNTRACKED section and Invalid in the INVALID section. > So you believe that the compiler should somehow ignore 'inline' and > treat the action as if it were not inlined? Yeah, getting ahead of myself. You are right there. > Again, optimization and detection of non-matching states will be left > for another release. Fair enough, as long as I am aware of these deficiencies it is all fine by me. > >> The second problem is this: >> >> rules >> ~~~~~ >> SECTION RELATED >> IELOG(-,fw2NeT,2) >> Invalid(IELOG(-,fw2NeT,2)) $FW net >> >> produces: >> >> -A +fw2net -m conntrack -j LOG --log-tcp-options --log-ip-options >> --log-macdecode --log-tcp-sequence --log-uid --log-level 6 --log-prefix >> "Shorewall:fw2NeT::" >> -A +fw2net -m conntrack -j NFLOG --nflog-group 2 --nflog-range 0 >> --nflog-threshold 1 --nflog-prefix "Shorewall:fw2NeT::" >> >> In other words, not even a hint of "--cstate INVALID" (it could have been >> "optimised away" by mistake). In general, if the action above Invalid seems >> to be inline, the whole "Invalid(...)" statement seems to be totally ignored. Anything on this? ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
