On Mon, Jun 24, 2013, at 10:20, Tom Eastep wrote:
> > We can also determine where the problem is coming from using the
> > Perl debugger with "LOAD_HELPERS_ONLY=No".
> >
> > Run 'shorewall check -d'.
> >
> > [......]
>
> And if, as I suspect, the error message appears after executing
> this code:
>
> $capabilities{OWNER_NAME_MATCH}
> = detect_capability( 'OWNER_NAME_MATCH' );
>
> then apply the attached patch.
Tom, thanks for the investigation and clear instructions for testing. As
you predicted, the error appears *after* the above line of code:
Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4294):
4294: $capabilities{OWNER_NAME_MATCH}
4295: = detect_capability(
'OWNER_NAME_MATCH' );
DB<2>
iptables: No chain/target/match by that name.
Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4296):
4296: $capabilities{CONNMARK_MATCH} = detect_capability(
'CONNMARK_MATCH' );
DB<2>
You may have known this already by reproducing it :-) You did say you
thought this wasn't a problem that would lead to vulnerability, and it
looks that way to me, too, so I won't bother with the patch, but rather
just wait for the next version :-)
Dave
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
