Tom Eastep wrote: > Tom Eastep wrote: >> Matt LaPlante wrote: >>> Based on my reading of the DEST section of the rules man page >>> [http://www.shorewall.net/manpages/shorewall-rules.html], "Beginning >>> with Shorewall 4.1.4, the zone should be omitted in DNAT-, REDIRECT- >>> and NONAT rules." This seems to jive with a warning thrown by >>> shorewall-perl 4.2.6 when a zone is left in: >>> >>> Example: >>> DNAT- loc net:1.2.3.4:2525 tcp 25 >>> >>> Produces: >>> "WARNING: Destination zone (net) ignored : /etc/shorewall/rules" >>> >>> Ok, makes sense. But then, when the zone is actually omitted, things >>> go horribly wrong: >>> >>> Example: >>> DNAT- loc 1.2.3.4:2525 tcp 25 >>> >>> Produces: >>> "WARNING: Destination zone (1.2.3.4) ignored : /etc/shorewall/rules (line >>> 459) >>> Can't call method "inet_htoa" without a package or object reference at >>> /usr/share/shorewall-perl/Shorewall/IPAddrs.pm line 150, >>> <$currentfile> line 459." >>> >>> Is this a bug or a misinterpretation of the docs? >> It is a case of Shorewall-perl neglecting to generate a fatal error for >> an absurd rule. > > I offer my humblest apology. I read 'DNAT-' and thought 'NONAT'. This is > definitely a bug and I'll prepare a fix for it today. >
The problem has been corrected in Shorewall-perl 4.2.6.2. A patch is also attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Index: Shorewall/IPAddrs.pm
===================================================================
--- Shorewall/IPAddrs.pm (revision 9564)
+++ Shorewall/IPAddrs.pm (working copy)
@@ -27,6 +27,7 @@
package Shorewall::IPAddrs;
require Exporter;
use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 F_IPV4 F_IPV6 );
+use Socket;
use strict;
@@ -142,13 +143,10 @@
unless ( valid_4address $addr ) {
fatal_error "Invalid IP Address ($addr)" unless $allow_name;
- fatal_error "Unknown Host ($addr)" unless (@addrs = gethostbyname $addr);
+ fatal_error "Unknown Host ($addr)" unless (defined ( $addr = gethostbyname $addr) );
if ( defined wantarray ) {
- shift @addrs for (1..4);
- for ( @addrs ) {
- $_ = inet_htoa $_;
- }
+ @addrs = ( inet_ntoa( $addr ) );
}
}
Index: Shorewall/Rules.pm
===================================================================
--- Shorewall/Rules.pm (revision 9564)
+++ Shorewall/Rules.pm (working copy)
@@ -1137,7 +1137,16 @@
fatal_error "Unknown source zone ($sourcezone)" unless $sourceref = defined_zone( $sourcezone );
if ( $actiontype & NATONLY ) {
- warning_message "Destination zone ($destzone) ignored" unless $destzone eq '-' || $destzone eq '';
+ unless ( $destzone eq '-' || $destzone eq '' ) {
+ $destref = defined_zone( $destzone );
+
+ if ( $destref ) {
+ warning_message "Destination zone ($destzone) ignored";
+ } else {
+ $dest = join ':', $destzone, $dest;
+ $destzone = '';
+ }
+ }
} else {
fatal_error "Missing destination zone" if $destzone eq '-' || $destzone eq '';
fatal_error "Unknown destination zone ($destzone)" unless $destref = defined_zone( $destzone );
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
