On 05/09/2018 06:31 PM, ObNox wrote:
> Hi,
>
> Foreword: Thank you a million times for creating and maintaining this
> absolute gem that Shorewall is!
>
>
> INFO: Currently happily running Shorewall 5.0.12
>
> I'm testing Shorewall 5.2.0.2 and found some issues :
>
> 1/ Failed auto conversion of "masq" to "snat"
> =============================================
>
> Shorewall fails to perform the auto conversion. A strange error is
> displayed :
>
> Shell# shorewall ck
> Checking using Shorewall 5.2.0.2...
> ERROR: Invalid column/value pair (IP_NET}) /etc/shorewall/masq (line 6)
>
> Notice the mangled "IP_NET}" part. IP_NET is a shell variable declared
> in "params" with the value of my public IP address :
>
> (in "params")
> IP_NET="1.2.3.4"
>
> While testing, I've reduced the "masq" file to a single rule to see
> where Shorewall chokes, all other rules are commented.
> Here is the line in question :
>
> ${IF_NET} { source=${SMTP_SRV} address=${IP_NET} proto=tcp port=smtp }
>
> IF_NET, SMTP_SRV and IP_NET are all declared in "params"
>
> The resulting "snat" file just contains the commented headers and a line
> like :
>
> # Rules generated from masq file /etc/shorewall/masq by Shorewall
> 5.2.0.2 - <here_is_the_current_timestamp>
>
> Every time I run "shorewall ck", a new line like this get added to the
> "snat" file (which remains empty of any converted rules)
Patch attached.
>
>
> 2/ AUTOMAKE internal default
> ============================
>
> My "shorewall.conf" file is minimalist only declares variables which
> differ from internal Shorewall defaults (wherever possible). This keeps
> it highly readable and easy to maintain.
>
> Absence of "AUTOMAKE" declaration in "shorewall.conf" emits the
> following message :
>
> Use of uninitialized value $val in pattern match (m//) at
> /usr/share/shorewall/Shorewall/Config.pm line 6602
>
Patch attached.
>
> 3/ DYNAMIC_BLACKLIST declaration
> ================================
>
> Setting DYNAMIC_BLACKLIST="ipset,src-dst,disconnect::${LOG_LEVEL}:dBL"
> produces the following output :
>
> Shell# shorewall ck
> Checking using Shorewall 5.2.0.2...
> Use of uninitialized value $to in split at
> /usr/share/shorewall/Shorewall/Chains.pm line 2769.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2770.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2771.
> Use of uninitialized value $to in concatenation (.) or string at
> /usr/share/shorewall/Shorewall/Chains.pm line 2771.
>
> Am I doing something wrong? Replacing "${LOG_LEVEL}" with plain "info"
> does not change the resulting behavior.
>
> This declaration seems to be valid according to the documentation and I
> just want to set a log level with a log tag but not rename the "setname"
> and keep it the default. Removing the log tag ":dBL" does not improve
> the situation.
>
I am unable to reproduce this problem. If you will tar up your config
(including a capabilities file) and send it to me privately, I'll be
happy to take a look.
Thanks,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index e814b23f5..38977b2fd 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -6603,7 +6603,7 @@ sub get_configuration( $$$ ) {
default_yes_no 'BALANCE_PROVIDERS' , $config{USE_DEFAULT_RT} ? 'Yes' : '';
default_yes_no 'USE_NFLOG_SIZE' , '';
- if ( ( $val = $config{AUTOMAKE} ) !~ /^[Rr]ecursive$/ ) {
+ if ( ( $val = ( $config{AUTOMAKE} || '' ) ) !~ /^[Rr]ecursive$/ ) {
default_yes_no( 'AUTOMAKE' , '' ) unless $val && $val =~ /^\d{1,2}$/;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
