Re: [Shorewall-users] Comment not binded to the right rule & accounting zone

Fri, 28 Mar 2014 12:11:35 -0700 

On 3/27/2014 8:20 AM, Hervé Werner wrote:
>         > Nevermind. The problem is that use invoked the Invalid action
>         from
>         > within the INVALID section. If you replace 'Invalid(DROP)' with 
> 'DROP'
>         > in that section, it works correctly.
>         Make that ...that *you* invoked the...".
>         
> 
> OK thank you for your time. Sorry for that mistake.
> 
> However I notice there is still an extra comment in the fw-net and net-fw 
> chains :
>         Chain fw-net (1 references)
>          pkts bytes target     prot opt in     out     source               
> destination         
>            12   624 _fw-net    all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0            ctstate INVALID /* Drop invalid packets generated by 
> weather applet */
>         
> Thus this comment is specified twice per direction : first in the fw-net and 
> then in _fw-net (right place).

Patch attached.

It will apply with an offset on your version.

Regards,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 7dd1ff6..96abf21 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1245,7 +1245,7 @@ sub push_rule( $$ ) {
     push @{$chainref->{rules}}, $ruleref;
     $chainref->{referenced} = 1;
     $chainref->{optflags} |= RETURNS_DONT_MOVE if ( $ruleref->{target} || '' ) eq 'RETURN';
-    trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
+    trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1] $ruleref->{comment}" ) if $debug;
 
     $chainref->{complete} = 1 if $complete;
 
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 3b26292..198ec2e 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2532,10 +2532,12 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 		my $auxref   = $filter_table->{$auxchain};
 
 		unless ( $auxref ) {
+		    my $save_comment = push_comment;
 		    $auxref = new_chain 'filter', $auxchain;
 		    $auxref->{blacklistsection} = 1 if $blacklist;
 
 		    add_ijump( $chainref, j => $auxref, state_imatch( $section_states{$section} ) );
+		    pop_comment( $save_comment );
 		}
 
 		$chain    = $auxchain;

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to