On 10/05/2018 20:17, Tom Eastep wrote:
Sorry for the huge delay replying your message :-(
1/ Failed auto conversion of "masq" to "snat"
=============================================
[...]
Patch attached.
2/ AUTOMAKE internal default
============================
[...]
Patch attached.
These two issues were addressed in the 5.2.0.3 release and are fixed AFAIC.
Please note that your message only contained the "AUTOMAKEEMPTY1.patch"
but not the other mentioned patch. Non important though as the issues
are no longer present.
3/ DYNAMIC_BLACKLIST declaration
================================
Setting DYNAMIC_BLACKLIST="ipset,src-dst,disconnect::${LOG_LEVEL}:dBL"
produces the following output :
Shell# shorewall ck
Checking using Shorewall 5.2.0.2...
Use of uninitialized value $to in split at
/usr/share/shorewall/Shorewall/Chains.pm line 2769.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2770.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2771.
Use of uninitialized value $to in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Chains.pm line 2771.
Am I doing something wrong? Replacing "${LOG_LEVEL}" with plain "info"
does not change the resulting behavior.
This declaration seems to be valid according to the documentation and I
just want to set a log level with a log tag but not rename the "setname"
and keep it the default. Removing the log tag ":dBL" does not improve
the situation.
I am unable to reproduce this problem. If you will tar up your config
(including a capabilities file) and send it to me privately, I'll be
happy to take a look.
This one is still present though but I found what triggers it! I
followed a hunch after you mentioned that you couldn't reproduce the
issue. It could only be something in my configuration that deviates from
the standard one, obviously.
To trigger these Perl warnings, just add "dbl=src-dst" in one of the
interfaces definition in the "interfaces" file. For example, mine pretty
much looks like this :
net { interface=${IF_NET} \
options="nets=(!${LAN_NET),nosmurfs,rpfilter,dhcp,dbl=src-dst" }
Removing the "dbl=src-dst" part (introduced in 5.0.10) prevents the
warnings from triggering.
NOTE: Prior to testing 5.2.0.x I was happily using 5.0.12, hence the
presence of "dbl".
--
ObNox
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
