Re: [Shorewall-devel] Shorewall 4.5.13 RC 3

Sat, 09 Feb 2013 18:00:36 -0800 

> Thank you for testing,

OK, I've tried to test-run this on another machine where I get this internal 
error:

shorewall[824]: Compiling MAC Filtration -- Phase 2...
shorewall[824]: Applying Policies...
shorewall[824]:    ERROR: Internal error in Shorewall::Rules::createactionchain 
at /usr/share/perl5/Shorewall/Rules.pm line 1246 at 
/usr/share/perl5/Shorewall/Config.pm line 1215
shorewall[824]: #011Shorewall::Config::fatal_error('Internal error in 
Shorewall::Rules::createactionchain at /usr...') called at 
/usr/share/perl5/Shorewall/Config.pm line 1255
shorewall[824]: #011Shorewall::Config::assert('') called at 
/usr/share/perl5/Shorewall/Rules.pm line 1246
shorewall[824]: #011Shorewall::Rules::createactionchain('ELOG(-,1,2,-,Drop)') 
called at /usr/share/perl5/Shorewall/Rules.pm line 1267
shorewall[824]: #011Shorewall::Rules::use_action('ELOG(-,1,2,-,Drop)') called 
at /usr/share/perl5/Shorewall/Rules.pm line 1764
shorewall[824]: #011Shorewall::Rules::use_policy_action('ELOG(-,1,2,-,Drop)', 
'fw2net') called at /usr/share/perl5/Shorewall/Rules.pm line 707
shorewall[824]: #011Shorewall::Rules::policy_rules('HASH(0x8b770c8)', 'DROP', 
'', 'ELOG(-,1,2,-,Drop)', '') called at /usr/share/perl5/Shorewall/Rules.pm 
line 736
shorewall[824]: #011Shorewall::Rules::default_policy('HASH(0x8b770c8)', 'fw', 
'net') called at /usr/share/perl5/Shorewall/Rules.pm line 810
shorewall[824]: #011Shorewall::Rules::apply_policy_rules() called at 
/usr/share/perl5/Shorewall/Compiler.pm line 839
shorewall[824]: #011Shorewall::Compiler::compiler('script', 
'/var/lib/shorewall/.start', 'directory', '/etc/shorewall', 'verbosity', 1, 
'timestamp', 0, 'debug', ...) called at /usr/libexec/shorewall/compiler.pl line 
142
logger: ERROR:Shorewall start failed


params
~~~~~~
NF_A=1
NF_V=2
NF_ALL="NFLOG(5,0,1)"

policy
~~~~~~
$FW net DROP:ELOG(-,$NF_A,$NF_V,-,Drop)
[...]
all all DROP:ELOG(-,$NF_A,$NF_V,-,Drop)

action.ELOG
~~~~~~~~~~~
?IF $1
  ?SET p1 $1
?ELSE
  ?SET p1 "-"
?ENDIF
?IF $2
  ?SET p2 $2
?ELSE
  ?SET p2 "-"
?ENDIF
?IF $3
  ?SET p3 $3
?ELSE
  ?SET p3 "-"
?ENDIF
?IF $4
  ?SET p4 $4
?ELSE
  ?SET p4 "-"
?ENDIF
?IF $5
  ?SET p5 $5
?ELSE
  ?SET p5 "-"
?ENDIF
?IF $6
  ?SET p6 $6
?ELSE
  ?SET p6 "-"
?ENDIF
ALOG($p1,$p2,$p3,$p4,$p5,$p6)
?IF $5 && (! ($5 eq 'Drop'))
  $5
?ENDIF

action.ALOG
~~~~~~~~~~~
?IF $5
  ?SET @disposition $5
?ENDIF
?IF $6
  ?SET @chain $6
?ENDIF
?IF $1
  $NF_ALL
?ENDIF
?IF $2
  NFLOG($2,0,1)
?ENDIF
?IF $3
  NFLOG($3,0,1)
?ENDIF
?IF $4
  AUDIT($4)
?ENDIF


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to