Hi,Foreword: Thank you a million times for creating and maintaining this absolute gem that Shorewall is!
INFO: Currently happily running Shorewall 5.0.12 I'm testing Shorewall 5.2.0.2 and found some issues : 1/ Failed auto conversion of "masq" to "snat" =============================================Shorewall fails to perform the auto conversion. A strange error is displayed :
Shell# shorewall ck Checking using Shorewall 5.2.0.2... ERROR: Invalid column/value pair (IP_NET}) /etc/shorewall/masq (line 6)Notice the mangled "IP_NET}" part. IP_NET is a shell variable declared in "params" with the value of my public IP address :
(in "params") IP_NET="1.2.3.4"While testing, I've reduced the "masq" file to a single rule to see where Shorewall chokes, all other rules are commented.
Here is the line in question :
${IF_NET} { source=${SMTP_SRV} address=${IP_NET} proto=tcp port=smtp }
IF_NET, SMTP_SRV and IP_NET are all declared in "params"
The resulting "snat" file just contains the commented headers and a line
like :
# Rules generated from masq file /etc/shorewall/masq by Shorewall 5.2.0.2 - <here_is_the_current_timestamp>
Every time I run "shorewall ck", a new line like this get added to the "snat" file (which remains empty of any converted rules)
2/ AUTOMAKE internal default ============================My "shorewall.conf" file is minimalist only declares variables which differ from internal Shorewall defaults (wherever possible). This keeps it highly readable and easy to maintain.
Absence of "AUTOMAKE" declaration in "shorewall.conf" emits the following message :
Use of uninitialized value $val in pattern match (m//) at /usr/share/shorewall/Shorewall/Config.pm line 6602
3/ DYNAMIC_BLACKLIST declaration ================================Setting DYNAMIC_BLACKLIST="ipset,src-dst,disconnect::${LOG_LEVEL}:dBL" produces the following output :
Shell# shorewall ck Checking using Shorewall 5.2.0.2...Use of uninitialized value $to in split at /usr/share/shorewall/Shorewall/Chains.pm line 2769. Use of uninitialized value $target in hash element at /usr/share/shorewall/Shorewall/Chains.pm line 2770. Use of uninitialized value $target in hash element at /usr/share/shorewall/Shorewall/Chains.pm line 2771. Use of uninitialized value $to in concatenation (.) or string at /usr/share/shorewall/Shorewall/Chains.pm line 2771.
Am I doing something wrong? Replacing "${LOG_LEVEL}" with plain "info" does not change the resulting behavior.
This declaration seems to be valid according to the documentation and I just want to set a log level with a log tag but not rename the "setname" and keep it the default. Removing the log tag ":dBL" does not improve the situation.
-- ObNox ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
