If I create the extension script /etc/shorewall/extension/ict2fw (ict is
my local zone) with this:
#
#
run_iptables -I eth1_in -s 172.16.243.0/24 -p udp --dport 123 -j DROP
shorewall-perl gives the following error:
Applying Policies...
Unquoted string "udp" may clash with future reserved word at (eval 6)
line
6.
Bareword found where operator expected at (eval 6) line 6, near
"--dport"
(Missing operator before dport?)
Number found where operator expected at (eval 6) line 6, near "dport
123"
(Do you need to predeclare dport?)
ERROR: Couldn''t parse /etc/shorewall/ict2fw: syntax error at (eval
6)
line 6, near "24 -p "
shorewall-shell doesn''t complain but does not seems to execute the
extension script.
--
Eduardo Ferreira
Icatu Holding S.A.
(21) 3804-8606
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> > If I create the extension script /etc/shorewall/extension/ict2fw (ict is > my local zone) with this: > > # > # > run_iptables -I eth1_in -s 172.16.243.0/24 -p udp --dport 123 -j DROP > > shorewall-perl gives the following error: > Applying Policies... > Unquoted string "udp" may clash with future reserved word at (eval 6) > line 6. > Bareword found where operator expected at (eval 6) line 6, near "--dport" > (Missing operator before dport?) > Number found where operator expected at (eval 6) line 6, near "dport 123" > (Do you need to predeclare dport?) > ERROR: Couldn''t parse /etc/shorewall/ict2fw: syntax error at (eval 6) > line 6, near "24 -p " > > shorewall-shell doesn''t complain but does not seems to execute the > extension script.Eduardo, Please read the release notes. All compile-time extension scripts must be recoded to work with Shorewall-perl -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> > If I create the extension script /etc/shorewall/extension/ict2fw (ict is > my local zone) with this: > > # > # > run_iptables -I eth1_in -s 172.16.243.0/24 -p udp --dport 123 -j DROP >Out of curiosity, why do you need to insert this rule rather than just doing the same thing in the rules file? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote on 18/05/2007 11:22:02:> Eduardo Ferreira wrote: > >[...]> > Eduardo, > > Please read the release notes. All compile-time extension scripts mustbe> recoded to work with Shorewall-perl > > -TomTom, I''ve changed my extension script to: # regras para bloquear solicitações NTP das máquinas conectadas à conspira add_rule $chainref, ''-s 172.16.243.0/24 -p udp --dport 123 -j DROP''; 1; Now I''m getting this error: Processing /etc/shorewall/extensions/ict2fw... Useless use of a constant in void context at (eval 6) line 2. ERROR: Couldn''t parse /etc/shorewall/extensions/ict2fw: Can''t call method "add_rule" on unblessed reference at (eval 6) line 2. Did I miss something here? tia, -- Eduardo Ferreira Icatu Holding S.A. (21) 3804-8606 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote on 18/05/2007 11:44:41:> Eduardo Ferreira wrote: > > > > If I create the extension script /etc/shorewall/extension/ict2fw (ictis> > my local zone) with this: > > > > # > > # > > run_iptables -I eth1_in -s 172.16.243.0/24 -p udp --dport 123 -j DROP > > > > Out of curiosity, why do you need to insert this rule rather than justdoing> the same thing in the rules file? >I really was trying to remember why ~/. IIRC, I had some problems in an earlier version of shorewall (1.x?) years ago when I tried to insert the rule - the IP range is not part of the source zone, It is used only when a client connects via PPTP to a partner company and receives an IP in this range. Shorewall complained in some bizarre way and I used an extension to do the trick. cheers, -- Eduardo Ferreira Icatu Holding S.A. (21) 3804-8606 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> > Tom Eastep wrote on 18/05/2007 11:22:02: >> Eduardo Ferreira wrote: >> > > [...] >> >> Eduardo, >> >> Please read the release notes. All compile-time extension scripts must be >> recoded to work with Shorewall-perl >> >> -Tom > > Tom, > > I''ve changed my extension script to: > # regras para bloquear solicitações NTP das máquinas conectadas à conspira > add_rule $chainref, ''-s 172.16.243.0/24 -p udp --dport 123 -j DROP''; > 1; > > Now I''m getting this error: > Processing /etc/shorewall/extensions/ict2fw... > Useless use of a constant in void context at (eval 6) line 2. > ERROR: Couldn''t parse /etc/shorewall/extensions/ict2fw: Can''t call > method "add_rule" on unblessed reference at (eval 6) line 2. > > Did I miss something here?No, I did. Your extension scripts need to ''use'' any modules that you reference within your script. In particular, your script needs to begin with: use Shorewall::Chains; -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Eduardo Ferreira wrote: > >> Did I miss something here? > > No, I did. > > Your extension scripts need to ''use'' any modules that you reference within > your script. In particular, your script needs to begin with: > > use Shorewall::Chains; >I''ve attached an updated copy of the release notes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote on 18/05/2007 12:44:02:> Tom Eastep wrote: > > Eduardo Ferreira wrote: > > > >> Did I miss something here? > > > > No, I did. > > > > Your extension scripts need to ''use'' any modules that you referencewithin> > your script. In particular, your script needs to begin with: > > > > use Shorewall::Chains; > >ok, it works now. another question: with this new way of extending chains rules, shorewall-perl and shorewall-shell are no longer compatibles, is that so? Thanks, -- Eduardo Ferreira Icatu Holding S.A. (21) 3804-8606 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> > Tom Eastep wrote on 18/05/2007 12:44:02: > >> Tom Eastep wrote: >> > Eduardo Ferreira wrote: >> > >> >> Did I miss something here? >> > >> > No, I did. >> > >> > Your extension scripts need to ''use'' any modules that you reference > within >> > your script. In particular, your script needs to begin with: >> > >> > use Shorewall::Chains; >> > > > ok, it works now. > > another question: with this new way of extending chains rules, > shorewall-perl and shorewall-shell are no longer compatibles, is that so? >That''s correct. But they aren''t intended to be -- that''s why we''re keeping Shorewall-shell and providing Shorewall-perl as an option. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/