[Shorewall-users] multiple Rules consolidated in my user-Action report ERROR on compile

Thu, 17 Jul 2014 13:32:38 -0700 

I've setup my Shorewall to handle my VoIP -- access to/from an adapter on my 
LAN, plus additional signalling.

These /rules

        /action.VoIP
                #ACTION       SOURCE       DEST    PROTO     DEST     SOURCE    
  ORIGINAL
                #                                            PORT     PORT(S)   
  DEST
                ?FORMAT 2
                DNAT          net:$V1      lan:$V2 udp       
5036,5038,5060:5082,10010:10020
                DNAT          net:$V1      lan:$V2 tcp       
5060:5082,10010:10020
                DNAT          net:$V1      lan:$V2 tcp       -        
5060:5082,10010:10020
                ACCEPT        lan:$V2      net:$V1 udp       
5036,5038,5060:5082,10010:10020
                ACCEPT        lan:$V2      net:$V1 tcp       
5060:5082,10010:10020
                ACCEPT        lan:$V2      net:$V1 tcp       -        
5060:5082,10010:10020

work perfectly.

I'd like to consolidate these rules, ideally in their own chain,

After reading at wiki, iiuc, an 'Action' seemes better for this that a 'Macro'. 
I defined


        /actions
                #ACTION    OPTIONS              COMMENT
                ?FORMAT 2
                VoIP        # multiple VoIP actions

        /action.VoIP
                #ACTION       SOURCE       DEST    PROTO     DEST     SOURCE    
  ORIGINAL
                #                                            PORT     PORT(S)   
  DEST
                ?FORMAT 2
                DNAT          net:$1       lan:$2  udp       
5036,5038,5060:5082,10010:10020
                DNAT          net:$1       lan:$2  tcp       
5060:5082,10010:10020
                DNAT          net:$1       lan:$2  tcp       -        
5060:5082,10010:10020
                ACCEPT        lan:$2       net:$1  udp       
5036,5038,5060:5082,10010:10020
                ACCEPT        lan:$2       net:$1  tcp       
5060:5082,10010:10020
                ACCEPT        lan:$2       net:$1  tcp       -        
5060:5082,10010:10020

        /rules
                #ACTION       SOURCE       DEST    PROTO     DEST     SOURCE    
  ORIGINAL
                #                                            PORT     PORT(S)   
  DEST
                ...
36              VoIP($V1,$V2)  -  -
                ...

When I compile that, I get an ERROR

        Compiling /usr/local/etc/shorewall/rules...
           ERROR: Missing source zone /usr/local/etc/shorewall/rules (line 36)

If I change

        /rules
                ...
--              VoIP($V1,$V2)  -   -
++              VoIP($V1,$V2)  all all
                ...

and recompile, I get a different ERROR

        Compiling /usr/local/etc/shorewall/action.VoIP for chain VoIP...
           ERROR: Invalid/Unknown udp port/service (192.168.0.100) 
/usr/local/etc/shorewall/action.VoIP (line 4)
              from /usr/local/etc/shorewall/rules (line 36)

My Action, as written, doesn't actually need the SOURCE/DEST passed to it, just 
the $1 & $2 params.

IS an Action the right way to consolidate these multiple-Action/Proto/Port 
rules? or a Macro?

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to