On Tue, 2011-10-04 at 12:11 +0100, Ed W wrote: > On 04/10/2011 00:33, Tom Eastep wrote: > > On Oct 3, 2011, at 3:26 PM, Richard B. Pyne wrote: > > > >> I have been using shorewall, including iprange, for many years and never > >> had a problem until recently. It would really be nice if new > >> dependencies were noted. > > > > That dependency has existed since Shorewall 4.2.something. > > > > I presume bc is only used here because some shells are not correctly > handling 32bit unsigned correctly?
Yes.
> Or is it an ipv6 thing?
I've never had the urge to try to implement the 'ip...' commands in
Shorewall6.
> Could something like the following be used to avoid needing bc in the
> case that the shell works somewhat as expected?
>
>
> addr_comp() {
> if [ 1 -lt 2147483648 -a 1 -lt 4294697295 ]; then
> [ $1 -gt $2 ]
> else
> test $(bc <<EOF
> $1 > $2
> EOF
> ) -eq 1
> fi
> }
>
>
> I tested this under recent busybox and it seems ok. Not sure what
> failure modes I should be testing for though? Not sure if this even
> fails sanely for users without supported shells..?
I don't remember now what the failure mode(s) was (were).
Brian: I believe that you were the one that originally ran into this and
proposed the use of 'bc'; do you remember how the shell that you were
running failed?
>
> Perhaps you could consider this modification in next shorewall if it
> eliminates the requirement for bc for a large lump of users? (I don't
> think I have bc installed on any of my systems?)
>
I think that I would rather first be certain of what the issue is, to be
certain that the test that you propose identifies the failing shells and
that your patch doesn't break them again.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
