On 4/11/13 5:45 PM, "Mr Dash Four" <mr.dash.f...@googlemail.com> wrote: >> Patch attached. >> >Works as expected.
Thanks. > >> This is going to be surprisingly difficult. I'll need some time to >> determine what (if anything) is possible. >> >If you can't find an easy solution to this, not to worry - I could >always include the entire rule after ";" and leave the bare minimum >(<src> and <dst>) on the left side of ";". I am not sure how this would >impact the optimiser though. The only possible issue will be multiple instances of the same match. > >> I think that I'll leave this as it is. Shorewall understands --dport >>which >> is why this works the way it does. >> >Yep, that's good. Thanks. >In the meantime I found a few more: > >5. >rules >~~~~~ >INLINE:info $FW net ; -m mouse --name test2 > >produces > >"ERROR: Invalid column/value pair (-m)" Steven already reported that. I provided a fix in the form of an updated Rules.pm file. > >6. >rules >~~~~~ >INLINE $FW:10.1.1.1 net:+mickey-mouse ; ! -m mickey-mouse --name test2 > >produces > >-A fw2net -s 10.1.1.1 -m mickey-mouse ! --name test2 -m set --match-set >mickey-mouse dst > >I presume the "!" will mess things up if I try other such combinations, >so I am not fully testing this for the time being. The compiler actually did the 'right' thing there, even though what you entered was not valid iptables syntax. > > >One query: are parameters accepted in the bit after ";"? Something like >"INLINE $FW net ; ! -m my-owner --owner $MY_UID -j DROP"? Yes. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
