Re: [Shorewall-devel] Shorewall 4.5.16 Beta 6

Thu, 25 Apr 2013 15:57:25 -0700 


Dash Four wrote:

Please give the attached patch a try. It also corrects a problem where
not all nfacct objects were created by the generated script.

Thanks, Tom - will give it a go when I get home in a few hours.
All is in working order. There is a minor (cosmetic) change I did in Accounting.pm - see attached. 


One other issue I stumbled upon - normally, nfacct objects are 
persistent (i.e. they survive shorewall reload/restart etc), but if I 
would like to wipe out the entire accounting table (and make sure that 
nothing is left out!) I usually need to run "nfacct flush". I tried 
doing that in "init", but got an error from iptables that the 
"accounting object does not exist" - I am assuming that this is because 
"init" runs *after* the new accounting objects have already been added.



If that is indeed the case, is there a way I could instruct shorewall to 
wipe out the existing nfacct table at the precise moment where:


1. There are no iptables rules in existence; and

2. The *new* nfacct objects (the ones which will be used when shorewall 
starts) have not yet been created



--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -234,8 +234,7 @@
        } elsif ( $action =~ /^NFACCT\((.+)\)$/ ) {
            require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
            $target = '';
-           my @objects = split_nfacct_list $1;
-           for ( @objects ) {
+           for ( my @objects = split_nfacct_list $1 ) {
               if ( $_ =~ /^([\w%&@~]+)(!)?$/ ) {
                   if ( $2 ) {
                       $prerule .= "-m nfacct --nfacct-name $1 ";


------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel


























					Reply via email to