[Shorewall-users] shorewall 5.0.14: ERROR: USER/GROUP may only be specified in the OUTPUT section /etc/shorewall/accounting

Thu, 27 Jul 2017 00:55:49 -0700 

Hi,

Using the following Centos7 packages from EPEL;

shorewall-core-5.0.14.1-2.el7.noarch
shorewall-5.0.14.1-2.el7.noarch
I get the error "ERROR: USER/GROUP may only be specified in the OUTPUT section /etc/shorewall/accounting" 

Any idea what is going wrong?

Got the following in /etc/shorewall/accounting

#
## Shorewall version 4 - Accounting File
##
## For information about entries in this file, type "man shorewall-accounting" 
##
## Please see http://shorewall.net/Accounting.html for examples and
## additional information about how to use this file.
##
##################################################################################################################
##ACTION CHAIN SOURCE DESTINATION PROTO DEST SOURCE USER/ MARK IPSEC 
##
?SECTION INPUT
?SECTION OUTPUT
sync:COUNT       -        -    -    -     - -       sync


a trace shows:

Compiling /etc/shorewall/accounting...
IN===> sync:COUNT       -        -    -    -     - -       sync
SYS----> /sbin/iptables -w -F fooX24596
SYS----> /sbin/iptables -w -X fooX24596
SYS----> /sbin/iptables -w -F foo1X24596
SYS----> /sbin/iptables -w -X foo1X24596
SYS----> /sbin/iptables -w -t mangle -F fooX24596
SYS----> /sbin/iptables -w -t mangle -X fooX24596
SYS----> /sbin/iptables -w -t raw -F fooX24596
SYS----> /sbin/iptables -w -t raw -X fooX24596
ERROR: USER/GROUP may only be specified in the OUTPUT section /etc/shorewall/accounting (line 14) at /usr/share/perl5/vendor_perl/Shorewall/Config.pm line 1466. Shorewall::Config::fatal_error('USER/GROUP may only be specified in the OUTPUT section') called at /usr/share/perl5/vendor_perl/Shorewall/Accounting.pm line 198 Shorewall::Accounting::process_accounting_rule1('sync:COUNT', '-', '-', '-', '-', '-', '-', 'sync', '-', ...) called at /usr/share/perl5/vendor_perl/Shorewall/Accounting.pm line 440 Shorewall::Accounting::process_accounting_rule() called at /usr/share/perl5/vendor_perl/Shorewall/Accounting.pm line 458 Shorewall::Accounting::setup_accounting() called at /usr/share/perl5/vendor_perl/Shorewall/Compiler.pm line 861 Shorewall::Compiler::compiler('script', '/var/lib/shorewall/.start', 'directory', '', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at /usr/libexec/shorewall/compiler.pl line 142 
eval() called 2 times


Gr, J

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to