On Sunday 23 March 2003 23:22, Tom Eastep wrote:> On Sun, 23 Mar 2003, Steven Jan Springl wrote:
> > Tom;
> > After upgrading from Shorewall 1.4.0 to 1.4.1, I receive the
> > following messages during a "shorewall check"
> >
> > Validating rules file...
> > /usr/share/shorewall/firewall: line 2174: [: =: unary operator
expected
> > Rule "ACCEPT fw wan tcp 21,53,80" checked.
> >
> > The error message is issued for every rule in the rules file.
> >
> > I have not tried it with a Shorewall start or restart.
> > If you need any further information, please let me know.
>
> Please send a trace...
>
> -Tom
Tom :
Please find trace attached.
Steven.
-------------- next part --------------
+ shift
+ nolock+ ''['' 1 -gt 1 '']''
+ trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9
+ command=check
+ ''['' 1 -ne 1 '']''
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version+ FW+ SUBSYSLOCK+ STATEDIR+ ALLOWRELATED=Yes
+ LOGRATE+ LOGBURST+ LOGPARMS+ NAT_ENABLED+ MANGLE_ENABLED+ ADD_IP_ALIASES+
ADD_SNAT_ALIASES+ TC_ENABLED+ LOGUNCLEAN+ BLACKLIST_DISPOSITION+
BLACKLIST_LOGLEVEL+ CLAMPMSS+ ROUTE_FILTER+ NAT_BEFORE_RULES+ MULTIPORT+
DETECT_DNAT_IPADDRS+ MUTEX_TIMEOUT+ NEWNOTSYN+ LOGNEWNOTSYN+ FORWARDPING+
MACLIST_DISPOSITION+ MACLIST_LOG_LEVEL+ TCP_FLAGS_DISPOSITION+
TCP_FLAGS_LOG_LEVEL+ RFC1918_LOG_LEVEL+ MARK_IN_FORWARD_CHAIN+
SHARED_DIR=/usr/share/shorewall
+ FUNCTIONS+ VERSION_FILE+ stopping+ have_mutex+ masq_seq=1
+ nonat_seq=1
+ aliases_to_add+ TMP_DIR=/tmp/shorewall-4655
+ rm -rf /tmp/shorewall-4655
+ mkdir -p /tmp/shorewall-4655
+ chmod 700 /tmp/shorewall-4655
+ trap ''rm -rf /tmp/shorewall-4655; my_mutex_off; exit 2'' 1 2
3 4 5 6 9
+ FUNCTIONS=/usr/share/shorewall/functions
+ ''['' -f /usr/share/shorewall/functions '']''
+ . /usr/share/shorewall/functions
+ VERSION_FILE=/usr/share/shorewall/version
+ ''['' -f /usr/share/shorewall/version '']''
++ cat /usr/share/shorewall/version
+ version=1.4.1
+ run_user_exit params
++ find_file params
++ ''['' -n '''' -a -f /params
'']''
++ echo /etc/shorewall/params
+ local user_exit=/etc/shorewall/params
+ ''['' -f /etc/shorewall/params '']''
+ echo ''Processing /etc/shorewall/params ...''
+ . /etc/shorewall/params
++ find_file shorewall.conf
++ ''['' -n '''' -a -f /shorewall.conf
'']''
++ echo /etc/shorewall/shorewall.conf
+ config=/etc/shorewall/shorewall.conf
+ ''['' -f /etc/shorewall/shorewall.conf '']''
+ echo ''Processing /etc/shorewall/shorewall.conf...''
+ . /etc/shorewall/shorewall.conf
++ LOGFILE=/var/log/messages
++ LOGRATE++ LOGBURST++ LOGUNCLEAN=warn
++ BLACKLIST_LOGLEVEL=warn
++ LOGNEWNOTSYN=info
++ MACLIST_LOG_LEVEL=warn
++ TCP_FLAGS_LOG_LEVEL=warn
++ RFC1918_LOG_LEVEL=warn
++ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
++ SUBSYSLOCK=/var/lock/subsys/shorewall
++ STATEDIR=/var/lib/shorewall
++ MODULESDIR++ FW=fw
++ NAT_ENABLED=Yes
++ MANGLE_ENABLED=Yes
++ IP_FORWARDING=On
++ ADD_IP_ALIASES=Yes
++ ADD_SNAT_ALIASES=No
++ TC_ENABLED=No
++ CLEAR_TC=Yes
++ MARK_IN_FORWARD_CHAIN=No
++ CLAMPMSS=Yes
++ ROUTE_FILTER=No
++ NAT_BEFORE_RULES=Yes
++ MULTIPORT=Yes
++ DETECT_DNAT_IPADDRS=No
++ MUTEX_TIMEOUT=60
++ NEWNOTSYN=No
++ BLACKLIST_DISPOSITION=DROP
++ MACLIST_DISPOSITION=REJECT
++ TCP_FLAGS_DISPOSITION=DROP
+ ''['' -z /var/lib/shorewall '']''
+ ''['' -d /var/lib/shorewall '']''
+ ''['' -z fw '']''
++ added_param_value_yes ALLOWRELATED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ ALLOWRELATED=Yes
+ ''['' -n Yes '']''
++ added_param_value_yes NAT_ENABLED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ NAT_ENABLED=Yes
++ added_param_value_yes MANGLE_ENABLED Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ MANGLE_ENABLED=Yes
++ added_param_value_yes ADD_IP_ALIASES Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ ADD_IP_ALIASES=Yes
++ added_param_value_yes TC_ENABLED No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ TC_ENABLED+ ''['' -n ''''
'']''
+ ''['' -n On '']''
+ ''['' -n '''' -a -z Yes '']''
+ ''['' -z DROP '']''
++ added_param_value_no CLAMPMSS Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ CLAMPMSS=Yes
++ added_param_value_no ADD_SNAT_ALIASES No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ ADD_SNAT_ALIASES++ added_param_value_no ROUTE_FILTER No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ ROUTE_FILTER++ added_param_value_yes NAT_BEFORE_RULES Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ NAT_BEFORE_RULES=Yes
++ added_param_value_no MULTIPORT Yes
++ local val=Yes
++ ''['' -z Yes '']''
++ echo Yes
+ MULTIPORT=Yes
++ added_param_value_no DETECT_DNAT_IPADDRS No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ DETECT_DNAT_IPADDRS++ added_param_value_no FORWARDPING
++ local val++ ''['' -z ''''
'']''
++ echo ''''
+ FORWARDPING+ ''['' -n ''''
'']''
++ added_param_value_yes NEWNOTSYN No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ NEWNOTSYN+ maclist_target=reject
+ ''['' -n REJECT '']''
+ ''['' -n DROP '']''
+ ''['' -z warn '']''
++ added_param_value_no MARK_IN_FORWARD_CHAIN No
++ local val=No
++ ''['' -z No '']''
++ echo ''''
+ MARK_IN_FORWARD_CHAIN+ ''['' -n ''''
'']''
+ marking_chain=tcpre
+ ''['' -n '''' '']''
+ CLEAR_TC+ strip_file interfaces
+ local fname
+ ''['' 1 = 1 '']''
++ find_file interfaces
++ ''['' -n '''' -a -f /interfaces
'']''
++ echo /etc/shorewall/interfaces
+ fname=/etc/shorewall/interfaces
+ ''['' -f /etc/shorewall/interfaces '']''
+ cut -d# -f1 /etc/shorewall/interfaces
+ grep -v ''^[[:space:]]*$''
+ strip_file hosts
+ local fname
+ ''['' 1 = 1 '']''
++ find_file hosts
++ ''['' -n '''' -a -f /hosts
'']''
++ echo /etc/shorewall/hosts
+ fname=/etc/shorewall/hosts
+ ''['' -f /etc/shorewall/hosts '']''
+ cut -d# -f1 /etc/shorewall/hosts
+ grep -v ''^[[:space:]]*$''
+ check_config
+ disclaimer
+ echo
+ echo ''WARNING: THE
''\''''check''\'''' COMMAND IS
TOTALLY UNSUPPORTED AND PROBLEM''
+ echo '' REPORTS COMPLAINING ABOUT ERRORS THAT IT
DIDN''\''''T CATCH''
+ echo '' WILL NOT BE ACCEPTED''
+ echo
+ echo ''Verifying Configuration...''
+ verify_os_version
++ uname -r
+ osversion=2.4.19-4GB
++ lsmod
++ grep ''^ipchains''
+ ''['' check = start -a -n ''''
'']''
+ load_kernel_modules
+ ''['' -z '''' '']''
+ MODULESDIR=/lib/modules/2.4.19-4GB/kernel/net/ipv4/netfilter
++ find_file modules
++ ''['' -n '''' -a -f /modules
'']''
++ echo /etc/shorewall/modules
+ modules=/etc/shorewall/modules
+ ''['' -f /etc/shorewall/modules -a -d
/lib/modules/2.4.19-4GB/kernel/net/ipv4/netfilter '']''
+ echo ''Loading Modules...''
+ . /etc/shorewall/modules
++ loadmodule ip_tables
++ local modulename=ip_tables
++ local modulefile
+++ lsmod
+++ grep ip_tables
++ ''['' -z ''ip_tables 11576 13 [ipt_TOS
ipt_MASQUERADE ipt_multiport ipt_unclean ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state
iptable_mangle iptable_nat iptable_filter]'' '']''
++ loadmodule iptable_filter
++ local modulename=iptable_filter
++ local modulefile
+++ lsmod
+++ grep iptable_filter
++ ''['' -z ''iptable_filter 1644 1
(autoclean)
ip_tables 11576 13 [ipt_TOS ipt_MASQUERADE ipt_multiport
ipt_unclean ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state iptable_mangle iptable_nat
iptable_filter]'' '']''
++ loadmodule ip_conntrack
++ local modulename=ip_conntrack
++ local modulefile
+++ lsmod
+++ grep ip_conntrack
++ ''['' -z ''ip_conntrack_irc 2496 0 (unused)
ip_conntrack_ftp 3456 0 (unused)
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]''
'']''
++ loadmodule ip_conntrack_ftp
++ local modulename=ip_conntrack_ftp
++ local modulefile
+++ lsmod
+++ grep ip_conntrack_ftp
++ ''['' -z ''ip_conntrack_ftp 3456 0 (unused)
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]''
'']''
++ loadmodule ip_conntrack_irc
++ local modulename=ip_conntrack_irc
++ local modulefile
+++ lsmod
+++ grep ip_conntrack_irc
++ ''['' -z ''ip_conntrack_irc 2496 0 (unused)
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]''
'']''
++ loadmodule iptable_nat
++ local modulename=iptable_nat
++ local modulefile
+++ lsmod
+++ grep iptable_nat
++ ''['' -z ''iptable_nat 13688 3
[ipt_MASQUERADE ip_nat_irc ip_nat_ftp]
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
ip_tables 11576 13 [ipt_TOS ipt_MASQUERADE ipt_multiport
ipt_unclean ipt_REJECT ipt_LOG ipt_TCPMSS ipt_state iptable_mangle iptable_nat
iptable_filter]'' '']''
++ loadmodule ip_nat_ftp
++ local modulename=ip_nat_ftp
++ local modulefile
+++ lsmod
+++ grep ip_nat_ftp
++ ''['' -z ''ip_nat_ftp 3056 0 (unused)
iptable_nat 13688 3 [ipt_MASQUERADE ip_nat_irc ip_nat_ftp]
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]''
'']''
++ loadmodule ip_nat_irc
++ local modulename=ip_nat_irc
++ local modulefile
+++ lsmod
+++ grep ip_nat_irc
++ ''['' -z ''ip_nat_irc 2480 0 (unused)
iptable_nat 13688 3 [ipt_MASQUERADE ip_nat_irc ip_nat_ftp]
ip_conntrack 14140 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]''
'']''
+ echo ''Determining Zones...''
+ determine_zones
++ find_file zones
++ ''['' -n '''' -a -f /zones
'']''
++ echo /etc/shorewall/zones
+ local zonefile=/etc/shorewall/zones
+ multi_display=Multi-zone
+ ''['' -f /etc/shorewall/zones '']''
++ find_zones /etc/shorewall/zones
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#'' '']''
++ read zone display comments
++ ''['' -n ''#ZONE'' '']''
++ read zone display comments
++ ''['' -n wan '']''
++ echo wan
++ read zone display comments
++ ''['' -n lan '']''
++ echo lan
++ read zone display comments
++ ''['' -n ''#dmz'' '']''
++ read zone display comments
++ ''['' -n ''#LAST'' '']''
++ read zone display comments
+ zones=wan
lan
++ echo wan lan
+ zones=wan lan
++ find_display wan /etc/shorewall/zones
++ read z display comments
++ grep ''^wan'' /etc/shorewall/zones
++ ''['' xwan = xwan '']''
++ echo WAN
++ read z display comments
+ dsply=WAN
+ eval ''wan_display=$dsply''
++ wan_display=WAN
++ find_display lan /etc/shorewall/zones
++ grep ''^lan'' /etc/shorewall/zones
++ read z display comments
++ ''['' xlan = xlan '']''
++ echo LAN
++ read z display comments
+ dsply=LAN
+ eval ''lan_display=$dsply''
++ lan_display=LAN
+ ''['' -z ''wan lan'' '']''
+ display_list Zones: wan lan
+ ''['' 3 -gt 1 '']''
+ echo '' Zones: wan lan''
+ echo ''Validating interfaces file...''
+ validate_interfaces_file
+ read z interface subnet options
+ expandv z interface subnet options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=wan
+ eval ''z="wan"''
++ z=wan
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=ppp+
+ eval ''interface="ppp+"''
++ interface=ppp+
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$subnet''
++ varval=-
+ eval ''subnet="-"''
++ subnet=-
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=logunclean,tcpflags,norfc1918
+ eval ''options="logunclean,tcpflags,norfc1918"''
++ options=logunclean,tcpflags,norfc1918
+ shift
+ ''['' 0 -gt 0 '']''
+ r=wan ppp+ - logunclean,tcpflags,norfc1918
+ ''['' xwan = x- '']''
+ ''['' -n wan '']''
+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
++ ip link show ppp+
++ grep LOOPBACK
+ ''['' -n '''' '']''
+ list_search ppp+
+ local e=ppp+
+ ''['' 1 -gt 1 '']''
+ return 1
+ all_interfaces= ppp+
++ separate_list logunclean,tcpflags,norfc1918
++ local list
++ local part
++ local newlist
++ list=logunclean,tcpflags,norfc1918
++ part=logunclean
++ newlist=logunclean
++ ''['' xlogunclean ''!=''
xlogunclean,tcpflags,norfc1918 '']''
++ list=tcpflags,norfc1918
++ part=tcpflags
++ newlist=logunclean tcpflags
++ ''['' xtcpflags ''!='' xtcpflags,norfc1918
'']''
++ list=norfc1918
++ part=norfc1918
++ newlist=logunclean tcpflags norfc1918
++ ''['' xnorfc1918 ''!='' xnorfc1918
'']''
++ echo ''logunclean tcpflags norfc1918''
+ options=logunclean tcpflags norfc1918
++ chain_base ppp+
++ local c=ppp
++ echo ppp
+ interface=ppp
+ eval ppp_broadcast=-
++ ppp_broadcast=-
+ eval ppp_zone=wan
++ ppp_zone=wan
+ eval ''ppp_options="logunclean'' tcpflags
''norfc1918"''
++ ppp_options=logunclean tcpflags norfc1918
+ ''['' -z '' ppp+'' '']''
+ read z interface subnet options
+ expandv z interface subnet options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=lan
+ eval ''z="lan"''
++ z=lan
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth0
+ eval ''interface="eth0"''
++ interface=eth0
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$subnet''
++ varval=192.168.0.255
+ eval ''subnet="192.168.0.255"''
++ subnet=192.168.0.255
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=routefilter,logunclean,tcpflags
+ eval ''options="routefilter,logunclean,tcpflags"''
++ options=routefilter,logunclean,tcpflags
+ shift
+ ''['' 0 -gt 0 '']''
+ r=lan eth0 192.168.0.255 routefilter,logunclean,tcpflags
+ ''['' xlan = x- '']''
+ ''['' -n lan '']''
+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
++ ip link show eth0
++ grep LOOPBACK
+ ''['' -n '''' '']''
+ list_search eth0 ppp+
+ local e=eth0
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth0 = xppp+ '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ all_interfaces= ppp+ eth0
++ separate_list routefilter,logunclean,tcpflags
++ local list
++ local part
++ local newlist
++ list=routefilter,logunclean,tcpflags
++ part=routefilter
++ newlist=routefilter
++ ''['' xroutefilter ''!=''
xroutefilter,logunclean,tcpflags '']''
++ list=logunclean,tcpflags
++ part=logunclean
++ newlist=routefilter logunclean
++ ''['' xlogunclean ''!='' xlogunclean,tcpflags
'']''
++ list=tcpflags
++ part=tcpflags
++ newlist=routefilter logunclean tcpflags
++ ''['' xtcpflags ''!='' xtcpflags
'']''
++ echo ''routefilter logunclean tcpflags''
+ options=routefilter logunclean tcpflags
++ chain_base eth0
++ local c=eth0
++ echo eth0
+ interface=eth0
+ eval eth0_broadcast=192.168.0.255
++ eth0_broadcast=192.168.0.255
+ eval eth0_zone=lan
++ eth0_zone=lan
+ eval ''eth0_options="routefilter'' logunclean
''tcpflags"''
++ eth0_options=routefilter logunclean tcpflags
+ ''['' -z '' ppp+ eth0'' '']''
+ read z interface subnet options
+ expandv z interface subnet options
+ local varval
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$z''
++ varval=lan
+ eval ''z="lan"''
++ z=lan
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$interface''
++ varval=eth1
+ eval ''interface="eth1"''
++ interface=eth1
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$subnet''
++ varval=192.168.1.255
+ eval ''subnet="192.168.1.255"''
++ subnet=192.168.1.255
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$options''
++ varval=routefilter,logunclean,tcpflags
+ eval ''options="routefilter,logunclean,tcpflags"''
++ options=routefilter,logunclean,tcpflags
+ shift
+ ''['' 0 -gt 0 '']''
+ r=lan eth1 192.168.1.255 routefilter,logunclean,tcpflags
+ ''['' xlan = x- '']''
+ ''['' -n lan '']''
+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
++ ip link show eth1
++ grep LOOPBACK
+ ''['' -n '''' '']''
+ list_search eth1 ppp+ eth0
+ local e=eth1
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xeth1 = xppp+ '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth1 = xeth0 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ all_interfaces= ppp+ eth0 eth1
++ separate_list routefilter,logunclean,tcpflags
++ local list
++ local part
++ local newlist
++ list=routefilter,logunclean,tcpflags
++ part=routefilter
++ newlist=routefilter
++ ''['' xroutefilter ''!=''
xroutefilter,logunclean,tcpflags '']''
++ list=logunclean,tcpflags
++ part=logunclean
++ newlist=routefilter logunclean
++ ''['' xlogunclean ''!='' xlogunclean,tcpflags
'']''
++ list=tcpflags
++ part=tcpflags
++ newlist=routefilter logunclean tcpflags
++ ''['' xtcpflags ''!='' xtcpflags
'']''
++ echo ''routefilter logunclean tcpflags''
+ options=routefilter logunclean tcpflags
++ chain_base eth1
++ local c=eth1
++ echo eth1
+ interface=eth1
+ eval eth1_broadcast=192.168.1.255
++ eth1_broadcast=192.168.1.255
+ eval eth1_zone=lan
++ eth1_zone=lan
+ eval ''eth1_options="routefilter'' logunclean
''tcpflags"''
++ eth1_options=routefilter logunclean tcpflags
+ ''['' -z '' ppp+ eth0 eth1''
'']''
+ read z interface subnet options
+ echo ''Validating hosts file...''
+ validate_hosts_file
+ read z hosts options
+ echo ''Determining Hosts in Zones...''
+ determine_interfaces
++ find_interfaces wan
++ local zne=wan
++ local z
++ local interface
+++ chain_base ppp+
+++ local c=ppp
+++ echo ppp
++ eval ''z=$ppp_zone''
+++ z=wan
++ ''['' xwan = xwan '']''
++ echo ppp+
+++ chain_base eth0
+++ local c=eth0
+++ echo eth0
++ eval ''z=$eth0_zone''
+++ z=lan
++ ''['' xlan = xwan '']''
+++ chain_base eth1
+++ local c=eth1
+++ echo eth1
++ eval ''z=$eth1_zone''
+++ z=lan
++ ''['' xlan = xwan '']''
+ interfaces=ppp+
++ echo ppp+
+ interfaces=ppp+
+ eval ''wan_interfaces="$interfaces"''
++ wan_interfaces=ppp+
++ find_interfaces lan
++ local zne=lan
++ local z
++ local interface
+++ chain_base ppp+
+++ local c=ppp
+++ echo ppp
++ eval ''z=$ppp_zone''
+++ z=wan
++ ''['' xwan = xlan '']''
+++ chain_base eth0
+++ local c=eth0
+++ echo eth0
++ eval ''z=$eth0_zone''
+++ z=lan
++ ''['' xlan = xlan '']''
++ echo eth0
+++ chain_base eth1
+++ local c=eth1
+++ echo eth1
++ eval ''z=$eth1_zone''
+++ z=lan
++ ''['' xlan = xlan '']''
++ echo eth1
+ interfaces=eth0
eth1
++ echo eth0 eth1
+ interfaces=eth0 eth1
+ eval ''lan_interfaces="$interfaces"''
++ lan_interfaces=eth0 eth1
+ determine_hosts
++ find_hosts wan
++ local hosts
++ read z hosts options
+ hosts++ echo
+ hosts+ eval ''interfaces=$wan_interfaces''
++ interfaces=ppp+
+ ''['' -z '''' '']''
+ hosts=ppp+:0.0.0.0/0
+ interfaces+ interface=ppp+
+ list_search ppp+
+ local e=ppp+
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z '''' '']''
+ interfaces=ppp+
+ eval ''wan_interfaces=$interfaces''
++ wan_interfaces=ppp+
+ eval ''wan_hosts=$hosts''
++ wan_hosts=ppp+:0.0.0.0/0
+ ''['' -n ppp+:0.0.0.0/0 '']''
+ eval ''display=$wan_display''
++ display=WAN
+ display_list ''WAN Zone:'' ppp+:0.0.0.0/0
+ ''['' 2 -gt 1 '']''
+ echo '' WAN Zone: ppp+:0.0.0.0/0''
++ find_hosts lan
++ local hosts
++ read z hosts options
+ hosts++ echo
+ hosts+ eval ''interfaces=$lan_interfaces''
++ interfaces=eth0 eth1
+ ''['' -z '''' '']''
+ hosts=eth0:0.0.0.0/0
+ ''['' -z eth0:0.0.0.0/0 '']''
+ hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ interfaces+ interface=eth0
+ list_search eth0
+ local e=eth0
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z '''' '']''
+ interfaces=eth0
+ interface=eth1
+ list_search eth1 eth0
+ local e=eth1
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xeth1 = xeth0 '']''
+ ''['' 1 -gt 1 '']''
+ return 1
+ ''['' -z eth0 '']''
+ interfaces=eth0 eth1
+ eval ''lan_interfaces=$interfaces''
++ lan_interfaces=eth0 eth1
+ eval ''lan_hosts=$hosts''
++ lan_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' -n ''eth0:0.0.0.0/0 eth1:0.0.0.0/0''
'']''
+ eval ''display=$lan_display''
++ display=LAN
+ display_list ''LAN Zone:'' eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' 3 -gt 1 '']''
+ echo '' LAN Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0''
+ echo ''Validating rules file...''
++ find_file rules
++ ''['' -n '''' -a -f /rules
'']''
++ echo /etc/shorewall/rules
+ rules=/etc/shorewall/rules
+ strip_file rules /etc/shorewall/rules
+ local fname
+ ''['' 2 = 1 '']''
+ fname=/etc/shorewall/rules
+ ''['' -f /etc/shorewall/rules '']''
+ cut -d# -f1 /etc/shorewall/rules
+ grep -v ''^[[:space:]]*$''
+ process_rules
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=wan
+ eval ''xservers="wan"''
++ xservers=wan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=21,53,80
+ eval ''xports="21,53,80"''
++ xports=21,53,80
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xwan = xall '']''
+ process_rule ACCEPT fw wan tcp 21,53,80
+ local target=ACCEPT
+ local clients=fw
+ local servers=wan
+ local protocol=tcp
+ local ports=21,53,80
+ local cports+ local address++ echo ACCEPT fw wan tcp 21,53,80
+ local ''rule=ACCEPT fw wan tcp 21,53,80''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=fw2wan
+ eval ''policy=$fw2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 21,53,80
+++ separate_list 21,53,80
+++ local list
+++ local part
+++ local newlist
+++ list=21,53,80
+++ part=21
+++ newlist=21
+++ ''['' x21 ''!='' x21,53,80
'']''
+++ list=53,80
+++ part=53
+++ newlist=21 53
+++ ''['' x53 ''!='' x53,80
'']''
+++ list=80
+++ part=80
+++ newlist=21 53 80
+++ ''['' x80 ''!='' x80 '']''
+++ echo ''21 53 80''
++ arg_count 21 53 80
++ echo 3
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 21,53,80 = 21,53,80 -a '''' =
'''' -a 3 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=21,53,80
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=tcp
+ addr+ servport+ multiport+ ''['' -n 21,53,80 -a x21,53,80
''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 21,53,80
''!='' 21,53 '']''
+ multiport=-m multiport
+ dports=--dports
+ dports=--dports 21,53,80
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p tcp
+ ''['' -z ''-p tcp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT fw wan tcp 21,53,80"
checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=wan
+ eval ''xservers="wan"''
++ xservers=wan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=53
+ eval ''xports="53"''
++ xports=53
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xwan = xall '']''
+ process_rule ACCEPT fw wan udp 53
+ local target=ACCEPT
+ local clients=fw
+ local servers=wan
+ local protocol=udp
+ local ports=53
+ local cports+ local address++ echo ACCEPT fw wan udp 53
+ local ''rule=ACCEPT fw wan udp 53''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=fw2wan
+ eval ''policy=$fw2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 53
+++ separate_list 53
+++ local list
+++ local part
+++ local newlist
+++ list=53
+++ part=53
+++ newlist=53
+++ ''['' x53 ''!='' x53 '']''
+++ echo 53
++ arg_count 53
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 53 = 53 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=53
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=udp
+ addr+ servport+ multiport+ ''['' -n 53 -a x53
''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 53
''!='' 53 '']''
+ dports=--dport 53
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p udp
+ ''['' -z ''-p udp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT fw wan udp 53" checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=lan
+ eval ''xservers="lan"''
++ xservers=lan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=514
+ eval ''xports="514"''
++ xports=514
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xlan = xall '']''
+ process_rule ACCEPT fw lan udp 514
+ local target=ACCEPT
+ local clients=fw
+ local servers=lan
+ local protocol=udp
+ local ports=514
+ local cports+ local address++ echo ACCEPT fw lan udp 514
+ local ''rule=ACCEPT fw lan udp 514''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' lan = lan '']''
+ serverzone=lan
+ servers+ serverport+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ dest=lan
+ chain=fw2lan
+ eval ''policy=$fw2lan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2lan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 514
+++ separate_list 514
+++ local list
+++ local part
+++ local newlist
+++ list=514
+++ part=514
+++ newlist=514
+++ ''['' x514 ''!='' x514 '']''
+++ echo 514
++ arg_count 514
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 514 = 514 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=514
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=udp
+ addr+ servport+ multiport+ ''['' -n 514 -a x514
''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 514
''!='' 514 '']''
+ dports=--dport 514
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p udp
+ ''['' -z ''-p udp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT fw lan udp 514" checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=lan
+ eval ''xclients="lan"''
++ xclients=lan
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=fw
+ eval ''xservers="fw"''
++ xservers=fw
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=22,53,3128,3185
+ eval ''xports="22,53,3128,3185"''
++ xports=22,53,3128,3185
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xlan = xall '']''
+ ''['' xfw = xall '']''
+ process_rule ACCEPT lan fw tcp 22,53,3128,3185
+ local target=ACCEPT
+ local clients=lan
+ local servers=fw
+ local protocol=tcp
+ local ports=22,53,3128,3185
+ local cports+ local address++ echo ACCEPT lan fw tcp 22,53,3128,3185
+ local ''rule=ACCEPT lan fw tcp 22,53,3128,3185''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' fw = fw '']''
+ serverzone=fw
+ servers+ serverport+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ dest=fw
+ chain=lan2fw
+ eval ''policy=$lan2fw_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2fw = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 22,53,3128,3185
+++ separate_list 22,53,3128,3185
+++ local list
+++ local part
+++ local newlist
+++ list=22,53,3128,3185
+++ part=22
+++ newlist=22
+++ ''['' x22 ''!='' x22,53,3128,3185
'']''
+++ list=53,3128,3185
+++ part=53
+++ newlist=22 53
+++ ''['' x53 ''!='' x53,3128,3185
'']''
+++ list=3128,3185
+++ part=3128
+++ newlist=22 53 3128
+++ ''['' x3128 ''!='' x3128,3185
'']''
+++ list=3185
+++ part=3185
+++ newlist=22 53 3128 3185
+++ ''['' x3185 ''!='' x3185
'']''
+++ echo ''22 53 3128 3185''
++ arg_count 22 53 3128 3185
++ echo 4
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 22,53,3128,3185 = 22,53,3128,3185 -a
'''' = '''' -a 4 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=22,53,3128,3185
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=tcp
+ addr+ servport+ multiport+ ''['' -n 22,53,3128,3185 -a
x22,53,3128,3185 ''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 22,53,3128,3185
''!='' 22,53,3128 '']''
+ multiport=-m multiport
+ dports=--dports
+ dports=--dports 22,53,3128,3185
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p tcp
+ ''['' -z ''-p tcp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT lan fw tcp 22,53,3128,3185"
checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=lan
+ eval ''xclients="lan"''
++ xclients=lan
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=fw
+ eval ''xservers="fw"''
++ xservers=fw
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=udp
+ eval ''xprotocol="udp"''
++ xprotocol=udp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=53
+ eval ''xports="53"''
++ xports=53
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xlan = xall '']''
+ ''['' xfw = xall '']''
+ process_rule ACCEPT lan fw udp 53
+ local target=ACCEPT
+ local clients=lan
+ local servers=fw
+ local protocol=udp
+ local ports=53
+ local cports+ local address++ echo ACCEPT lan fw udp 53
+ local ''rule=ACCEPT lan fw udp 53''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' fw = fw '']''
+ serverzone=fw
+ servers+ serverport+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ dest=fw
+ chain=lan2fw
+ eval ''policy=$lan2fw_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2fw = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 53
+++ separate_list 53
+++ local list
+++ local part
+++ local newlist
+++ list=53
+++ part=53
+++ newlist=53
+++ ''['' x53 ''!='' x53 '']''
+++ echo 53
++ arg_count 53
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 53 = 53 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=53
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=udp
+ addr+ servport+ multiport+ ''['' -n 53 -a x53
''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 53
''!='' 53 '']''
+ dports=--dport 53
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p udp
+ ''['' -z ''-p udp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT lan fw udp 53" checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=lan
+ eval ''xclients="lan"''
++ xclients=lan
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=wan
+ eval ''xservers="wan"''
++ xservers=wan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=tcp
+ eval ''xprotocol="tcp"''
++ xprotocol=tcp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=21,25,80,110,443
+ eval ''xports="21,25,80,110,443"''
++ xports=21,25,80,110,443
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xlan = xall '']''
+ ''['' xwan = xall '']''
+ process_rule ACCEPT lan wan tcp 21,25,80,110,443
+ local target=ACCEPT
+ local clients=lan
+ local servers=wan
+ local protocol=tcp
+ local ports=21,25,80,110,443
+ local cports+ local address++ echo ACCEPT lan wan tcp 21,25,80,110,443
+ local ''rule=ACCEPT lan wan tcp 21,25,80,110,443''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=lan2wan
+ eval ''policy=$lan2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 21,25,80,110,443
+++ separate_list 21,25,80,110,443
+++ local list
+++ local part
+++ local newlist
+++ list=21,25,80,110,443
+++ part=21
+++ newlist=21
+++ ''['' x21 ''!='' x21,25,80,110,443
'']''
+++ list=25,80,110,443
+++ part=25
+++ newlist=21 25
+++ ''['' x25 ''!='' x25,80,110,443
'']''
+++ list=80,110,443
+++ part=80
+++ newlist=21 25 80
+++ ''['' x80 ''!='' x80,110,443
'']''
+++ list=110,443
+++ part=110
+++ newlist=21 25 80 110
+++ ''['' x110 ''!='' x110,443
'']''
+++ list=443
+++ part=443
+++ newlist=21 25 80 110 443
+++ ''['' x443 ''!='' x443 '']''
+++ echo ''21 25 80 110 443''
++ arg_count 21 25 80 110 443
++ echo 5
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 21,25,80,110,443 = 21,25,80,110,443 -a
'''' = '''' -a 5 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=21,25,80,110,443
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=tcp
+ addr+ servport+ multiport+ ''['' -n 21,25,80,110,443 -a
x21,25,80,110,443 ''!='' x- '']''
+ dports=--dport
+ ''['' -n ''-m multiport'' -a 21,25,80,110,443
''!='' 21,25,80,110 '']''
+ multiport=-m multiport
+ dports=--dports
+ dports=--dports 21,25,80,110,443
+ ''['' -n - -a x- ''!='' x-
'']''
+ proto=-p tcp
+ ''['' -z ''-p tcp'' -a -z ''''
-a -z '''' -a -z '''' '']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT lan wan tcp 21,25,80,110,443"
checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=lan
+ eval ''xclients="lan"''
++ xclients=lan
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=wan
+ eval ''xservers="wan"''
++ xservers=wan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=13
+ eval ''xports="13"''
++ xports=13
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xlan = xall '']''
+ ''['' xwan = xall '']''
+ process_rule ACCEPT lan wan icmp 13
+ local target=ACCEPT
+ local clients=lan
+ local servers=wan
+ local protocol=icmp
+ local ports=13
+ local cports+ local address++ echo ACCEPT lan wan icmp 13
+ local ''rule=ACCEPT lan wan icmp 13''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=lan2wan
+ eval ''policy=$lan2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 13
+++ separate_list 13
+++ local list
+++ local part
+++ local newlist
+++ list=13
+++ part=13
+++ newlist=13
+++ ''['' x13 ''!='' x13 '']''
+++ echo 13
++ arg_count 13
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 13 = 13 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=13
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n 13 '']''
+ ''['' x13 ''!='' x- '']''
+ dports=--icmp-type 13
+ state+ proto=-p icmp
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT lan wan icmp 13" checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=all
+ eval ''xservers="all"''
++ xservers=all
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval=8
+ eval ''xports="8"''
++ xports=8
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xall = xall '']''
+ xservers=wan lan fw
+ process_wildcard_rule
+ ''['' fw ''!='' wan '']''
+ process_rule DROP:warn fw wan icmp 8
+ local target=DROP:warn
+ local clients=fw
+ local servers=wan
+ local protocol=icmp
+ local ports=8
+ local cports+ local address++ echo DROP:warn fw wan icmp 8
+ local ''rule=DROP:warn fw wan icmp 8''
+ ''['' DROP:warn = DROP '']''
+ loglevel=warn
+ target=DROP
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=DROP
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=fw2wan
+ eval ''policy=$fw2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 8
+++ separate_list 8
+++ local list
+++ local part
+++ local newlist
+++ list=8
+++ part=8
+++ newlist=8
+++ ''['' x8 ''!='' x8 '']''
+++ echo 8
++ arg_count 8
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 8 = 8 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=8
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n 8 '']''
+ ''['' x8 ''!='' x- '']''
+ dports=--icmp-type 8
+ state+ proto=-p icmp
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "DROP:warn fw wan icmp 8" checked.''
+ ''['' fw ''!='' lan '']''
+ process_rule DROP:warn fw lan icmp 8
+ local target=DROP:warn
+ local clients=fw
+ local servers=lan
+ local protocol=icmp
+ local ports=8
+ local cports+ local address++ echo DROP:warn fw lan icmp 8
+ local ''rule=DROP:warn fw lan icmp 8''
+ ''['' DROP:warn = DROP '']''
+ loglevel=warn
+ target=DROP
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=DROP
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' lan = lan '']''
+ serverzone=lan
+ servers+ serverport+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ dest=lan
+ chain=fw2lan
+ eval ''policy=$fw2lan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2lan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count 8
+++ separate_list 8
+++ local list
+++ local part
+++ local newlist
+++ list=8
+++ part=8
+++ newlist=8
+++ ''['' x8 ''!='' x8 '']''
+++ echo 8
++ arg_count 8
++ echo 1
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a 8 = 8 -a '''' =
'''' -a 1 -le 15 -a 0 -le 15 '']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=8
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n 8 '']''
+ ''['' x8 ''!='' x- '']''
+ dports=--icmp-type 8
+ state+ proto=-p icmp
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "DROP:warn fw lan icmp 8" checked.''
+ ''['' fw ''!='' fw '']''
+ continue
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=all
+ eval ''xclients="all"''
++ xclients=all
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=all
+ eval ''xservers="all"''
++ xservers=all
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xall = xall '']''
+ xclients=wan lan fw
+ ''['' xall = xall '']''
+ xservers=wan lan fw
+ process_wildcard_rule
+ ''['' wan ''!='' wan '']''
+ ''['' wan ''!='' lan '']''
+ process_rule LOG:warn wan lan icmp
+ local target=LOG:warn
+ local clients=wan
+ local servers=lan
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn wan lan icmp
+ local ''rule=LOG:warn wan lan icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' wan = wan '']''
+ clientzone=wan
+ clients+ ''['' wan = wan '']''
+ excludezones+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ source=wan
+ ''['' wan = fw '']''
+ eval ''source_hosts="$wan_hosts"''
++ source_hosts=ppp+:0.0.0.0/0
+ ''['' lan = lan '']''
+ serverzone=lan
+ servers+ serverport+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ dest=lan
+ chain=wan2lan
+ eval ''policy=$wan2lan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xwan2lan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn wan lan icmp" checked.''
+ ''['' wan ''!='' fw '']''
+ process_rule LOG:warn wan fw icmp
+ local target=LOG:warn
+ local clients=wan
+ local servers=fw
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn wan fw icmp
+ local ''rule=LOG:warn wan fw icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' wan = wan '']''
+ clientzone=wan
+ clients+ ''['' wan = wan '']''
+ excludezones+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ source=wan
+ ''['' wan = fw '']''
+ eval ''source_hosts="$wan_hosts"''
++ source_hosts=ppp+:0.0.0.0/0
+ ''['' fw = fw '']''
+ serverzone=fw
+ servers+ serverport+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ dest=fw
+ chain=wan2fw
+ eval ''policy=$wan2fw_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xwan2fw = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn wan fw icmp" checked.''
+ ''['' lan ''!='' wan '']''
+ process_rule LOG:warn lan wan icmp
+ local target=LOG:warn
+ local clients=lan
+ local servers=wan
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn lan wan icmp
+ local ''rule=LOG:warn lan wan icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=lan2wan
+ eval ''policy=$lan2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn lan wan icmp" checked.''
+ ''['' lan ''!='' lan '']''
+ ''['' lan ''!='' fw '']''
+ process_rule LOG:warn lan fw icmp
+ local target=LOG:warn
+ local clients=lan
+ local servers=fw
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn lan fw icmp
+ local ''rule=LOG:warn lan fw icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' lan = lan '']''
+ clientzone=lan
+ clients+ ''['' lan = lan '']''
+ excludezones+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ source=lan
+ ''['' lan = fw '']''
+ eval ''source_hosts="$lan_hosts"''
++ source_hosts=eth0:0.0.0.0/0 eth1:0.0.0.0/0
+ ''['' fw = fw '']''
+ serverzone=fw
+ servers+ serverport+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ dest=fw
+ chain=lan2fw
+ eval ''policy=$lan2fw_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xlan2fw = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn lan fw icmp" checked.''
+ ''['' fw ''!='' wan '']''
+ process_rule LOG:warn fw wan icmp
+ local target=LOG:warn
+ local clients=fw
+ local servers=wan
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn fw wan icmp
+ local ''rule=LOG:warn fw wan icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' wan = wan '']''
+ serverzone=wan
+ servers+ serverport+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ dest=wan
+ chain=fw2wan
+ eval ''policy=$fw2wan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2wan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn fw wan icmp" checked.''
+ ''['' fw ''!='' lan '']''
+ process_rule LOG:warn fw lan icmp
+ local target=LOG:warn
+ local clients=fw
+ local servers=lan
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo LOG:warn fw lan icmp
+ local ''rule=LOG:warn fw lan icmp''
+ ''['' LOG:warn = LOG '']''
+ loglevel=warn
+ target=LOG
+ expandv loglevel
+ local varval
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 0 -gt 0 '']''
+ logtarget=LOG
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' lan = lan '']''
+ serverzone=lan
+ servers+ serverport+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ dest=lan
+ chain=fw2lan
+ eval ''policy=$fw2lan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2lan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z warn '']''
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "LOG:warn fw lan icmp" checked.''
+ ''['' fw ''!='' fw '']''
+ continue
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ expandv xclients xservers xprotocol xports xcports xaddress
+ local varval
+ ''['' 6 -gt 0 '']''
+ eval ''varval=$xclients''
++ varval=fw
+ eval ''xclients="fw"''
++ xclients=fw
+ shift
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$xservers''
++ varval=lan
+ eval ''xservers="lan"''
++ xservers=lan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$xprotocol''
++ varval=icmp
+ eval ''xprotocol="icmp"''
++ xprotocol=icmp
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$xports''
++ varval+ eval ''xports=""''
++ xports+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$xcports''
++ varval+ eval ''xcports=""''
++ xcports+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$xaddress''
++ varval+ eval ''xaddress=""''
++ xaddress+ shift
+ ''['' 0 -gt 0 '']''
+ ''['' xfw = xall '']''
+ ''['' xlan = xall '']''
+ process_rule ACCEPT fw lan icmp
+ local target=ACCEPT
+ local clients=fw
+ local servers=lan
+ local protocol=icmp
+ local ports+ local cports+ local address++ echo ACCEPT fw lan icmp
+ local ''rule=ACCEPT fw lan icmp''
+ ''['' ACCEPT = ACCEPT '']''
+ loglevel+ logtarget=ACCEPT
+ dnat_only+ ''['' x = x- '']''
+ ''['' fw = fw '']''
+ clientzone=fw
+ clients+ ''['' fw = fw '']''
+ excludezones+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ source=fw
+ ''['' fw = fw '']''
+ source_hosts+ ''['' lan = lan '']''
+ serverzone=lan
+ servers+ serverport+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ dest=lan
+ chain=fw2lan
+ eval ''policy=$fw2lan_policy''
++ policy+ ''['' = NONE '']''
/usr/share/shorewall/firewall: line 2174: [: =: unary operator expected
+ ''['' check = check '']''
+ ''['' xfw2lan = xfw2fw '']''
+ ''['' check = check '']''
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
++ list_count
+++ separate_list
+++ local list
+++ local part
+++ local newlist
+++ list+++ part+++ newlist+++ ''['' x ''!='' x
'']''
+++ echo ''''
++ arg_count
++ echo 0
+ ''['' -n Yes -a '''' = '''' -a
'''' = '''' -a 0 -le 15 -a 0 -le 15
'']''
+ multioption=-m multiport
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
++ separate_list -
++ local list
++ local part
++ local newlist
++ list=-
++ part=-
++ newlist=-
++ ''['' x- ''!='' x- '']''
++ echo -
+ port=-
+ cport=-
+ add_a_rule
+ cli+ ''['' -n - '']''
+ dest_interface+ serv+ ''['' -n - '']''
+ sports+ dports+ state=-m state --state NEW
+ proto=icmp
+ addr+ servport+ multiport+ ''['' -n - '']''
+ ''['' x- ''!='' x- '']''
+ state+ proto=-p icmp
+ ''['' -z ''-p icmp'' -a -z
'''' -a -z '''' -a -z ''''
'']''
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ ''['' check ''!='' check '']''
+ ''['' check = check '']''
+ echo '' Rule "ACCEPT fw lan icmp" checked.''
+ read xtarget xclients xservers xprotocol xports xcports xaddress
+ echo ''Validating policy file...''
+ validate_policy
+ local clientwild
+ local serverwild
+ local zone
+ local zone1
+ local pc
+ local chain
+ local policy
+ local loglevel
+ local synparams
+ all_policy_chains+ strip_file policy
+ local fname
+ ''['' 1 = 1 '']''
++ find_file policy
++ ''['' -n '''' -a -f /policy
'']''
++ echo /etc/shorewall/policy
+ fname=/etc/shorewall/policy
+ ''['' -f /etc/shorewall/policy '']''
+ cut -d# -f1 /etc/shorewall/policy
+ grep -v ''^[[:space:]]*$''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=lan
+ eval ''client="lan"''
++ client=lan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=lan
+ eval ''server="lan"''
++ server=lan
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=ACCEPT
+ eval ''policy="ACCEPT"''
++ policy=ACCEPT
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval+ eval ''loglevel=""''
++ loglevel+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ validate_zone lan
+ list_search lan wan lan fw
+ local e=lan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xlan = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xlan = xlan '']''
+ return 0
+ chain=lan2lan
+ ''['' xlan2lan = xfw2fw '']''
+ is_policy_chain lan2lan
+ eval test ''"$lan2lan_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' x = x- '']''
+ chain=lan2lan
+ ''['' ACCEPT = NONE '']''
+ all_policy_chains= lan2lan
+ eval lan2lan_is_policy=Yes
++ lan2lan_is_policy=Yes
+ eval lan2lan_policy=ACCEPT
++ lan2lan_policy=ACCEPT
+ eval lan2lan_loglevel++ lan2lan_loglevel+ eval lan2lan_synparams++
lan2lan_synparams+ ''['' -n ''''
'']''
+ ''['' -n '''' '']''
+ eval lan2lan_policychain=lan2lan
++ lan2lan_policychain=lan2lan
+ print_policy lan lan
+ ''['' check ''!='' check '']''
+ ''['' lan = lan '']''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=wan
+ eval ''client="wan"''
++ client=wan
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=fw
+ eval ''server="fw"''
++ server=fw
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=DROP
+ eval ''policy="DROP"''
++ policy=DROP
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ validate_zone wan
+ list_search wan wan lan fw
+ local e=wan
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xwan = xwan '']''
+ return 0
+ validate_zone fw
+ list_search fw wan lan fw
+ local e=fw
+ ''['' 4 -gt 1 '']''
+ shift
+ ''['' xfw = xwan '']''
+ ''['' 3 -gt 1 '']''
+ shift
+ ''['' xfw = xlan '']''
+ ''['' 2 -gt 1 '']''
+ shift
+ ''['' xfw = xfw '']''
+ return 0
+ chain=wan2fw
+ ''['' xwan2fw = xfw2fw '']''
+ is_policy_chain wan2fw
+ eval test ''"$wan2fw_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' xwarn = x- '']''
+ chain=wan2fw
+ ''['' DROP = NONE '']''
+ all_policy_chains= lan2lan wan2fw
+ eval wan2fw_is_policy=Yes
++ wan2fw_is_policy=Yes
+ eval wan2fw_policy=DROP
++ wan2fw_policy=DROP
+ eval wan2fw_loglevel=warn
++ wan2fw_loglevel=warn
+ eval wan2fw_synparams++ wan2fw_synparams+ ''['' -n
'''' '']''
+ ''['' -n '''' '']''
+ eval wan2fw_policychain=wan2fw
++ wan2fw_policychain=wan2fw
+ print_policy wan fw
+ ''['' check ''!='' check '']''
+ ''['' wan = fw '']''
+ ''['' wan = all '']''
+ ''['' fw = all '']''
+ echo '' Policy for wan to fw is DROP''
+ read client server policy loglevel synparams
+ expandv client server policy loglevel synparams
+ local varval
+ ''['' 5 -gt 0 '']''
+ eval ''varval=$client''
++ varval=all
+ eval ''client="all"''
++ client=all
+ shift
+ ''['' 4 -gt 0 '']''
+ eval ''varval=$server''
++ varval=all
+ eval ''server="all"''
++ server=all
+ shift
+ ''['' 3 -gt 0 '']''
+ eval ''varval=$policy''
++ varval=DROP
+ eval ''policy="DROP"''
++ policy=DROP
+ shift
+ ''['' 2 -gt 0 '']''
+ eval ''varval=$loglevel''
++ varval=warn
+ eval ''loglevel="warn"''
++ loglevel=warn
+ shift
+ ''['' 1 -gt 0 '']''
+ eval ''varval=$synparams''
++ varval+ eval ''synparams=""''
++ synparams+ shift
+ ''['' 0 -gt 0 '']''
+ clientwild+ serverwild+ clientwild=Yes
+ serverwild=Yes
+ chain=all2all
+ ''['' xall2all = xfw2fw '']''
+ is_policy_chain all2all
+ eval test ''"$all2all_is_policy"'' = Yes
++ test '''' = Yes
+ ''['' xwarn = x- '']''
+ chain=all2all
+ ''['' DROP = NONE '']''
+ all_policy_chains= lan2lan wan2fw all2all
+ eval all2all_is_policy=Yes
++ all2all_is_policy=Yes
+ eval all2all_policy=DROP
++ all2all_policy=DROP
+ eval all2all_loglevel=warn
++ all2all_loglevel=warn
+ eval all2all_synparams++ all2all_synparams+ ''['' -n Yes
'']''
+ ''['' -n Yes '']''
+ eval ''pc=$wan2wan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval wan2wan_policychain=all2all
++ wan2wan_policychain=all2all
+ eval wan2wan_policy=DROP
++ wan2wan_policy=DROP
+ print_policy wan wan
+ ''['' check ''!='' check '']''
+ ''['' wan = wan '']''
+ eval ''pc=$wan2lan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval wan2lan_policychain=all2all
++ wan2lan_policychain=all2all
+ eval wan2lan_policy=DROP
++ wan2lan_policy=DROP
+ print_policy wan lan
+ ''['' check ''!='' check '']''
+ ''['' wan = lan '']''
+ ''['' wan = all '']''
+ ''['' lan = all '']''
+ echo '' Policy for wan to lan is DROP''
+ eval ''pc=$wan2fw_policychain''
++ pc=wan2fw
+ ''['' -z wan2fw '']''
+ eval ''pc=$wan2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval wan2all_policychain=all2all
++ wan2all_policychain=all2all
+ eval wan2all_policy=DROP
++ wan2all_policy=DROP
+ print_policy wan all
+ ''['' check ''!='' check '']''
+ ''['' wan = all '']''
+ ''['' wan = all '']''
+ ''['' all = all '']''
+ eval ''pc=$lan2wan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval lan2wan_policychain=all2all
++ lan2wan_policychain=all2all
+ eval lan2wan_policy=DROP
++ lan2wan_policy=DROP
+ print_policy lan wan
+ ''['' check ''!='' check '']''
+ ''['' lan = wan '']''
+ ''['' lan = all '']''
+ ''['' wan = all '']''
+ echo '' Policy for lan to wan is DROP''
+ eval ''pc=$lan2lan_policychain''
++ pc=lan2lan
+ ''['' -z lan2lan '']''
+ eval ''pc=$lan2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval lan2fw_policychain=all2all
++ lan2fw_policychain=all2all
+ eval lan2fw_policy=DROP
++ lan2fw_policy=DROP
+ print_policy lan fw
+ ''['' check ''!='' check '']''
+ ''['' lan = fw '']''
+ ''['' lan = all '']''
+ ''['' fw = all '']''
+ echo '' Policy for lan to fw is DROP''
+ eval ''pc=$lan2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval lan2all_policychain=all2all
++ lan2all_policychain=all2all
+ eval lan2all_policy=DROP
++ lan2all_policy=DROP
+ print_policy lan all
+ ''['' check ''!='' check '']''
+ ''['' lan = all '']''
+ ''['' lan = all '']''
+ ''['' all = all '']''
+ eval ''pc=$fw2wan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2wan_policychain=all2all
++ fw2wan_policychain=all2all
+ eval fw2wan_policy=DROP
++ fw2wan_policy=DROP
+ print_policy fw wan
+ ''['' check ''!='' check '']''
+ ''['' fw = wan '']''
+ ''['' fw = all '']''
+ ''['' wan = all '']''
+ echo '' Policy for fw to wan is DROP''
+ eval ''pc=$fw2lan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2lan_policychain=all2all
++ fw2lan_policychain=all2all
+ eval fw2lan_policy=DROP
++ fw2lan_policy=DROP
+ print_policy fw lan
+ ''['' check ''!='' check '']''
+ ''['' fw = lan '']''
+ ''['' fw = all '']''
+ ''['' lan = all '']''
+ echo '' Policy for fw to lan is DROP''
+ eval ''pc=$fw2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2fw_policychain=all2all
++ fw2fw_policychain=all2all
+ eval fw2fw_policy=DROP
++ fw2fw_policy=DROP
+ print_policy fw fw
+ ''['' check ''!='' check '']''
+ ''['' fw = fw '']''
+ eval ''pc=$fw2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval fw2all_policychain=all2all
++ fw2all_policychain=all2all
+ eval fw2all_policy=DROP
++ fw2all_policy=DROP
+ print_policy fw all
+ ''['' check ''!='' check '']''
+ ''['' fw = all '']''
+ ''['' fw = all '']''
+ ''['' all = all '']''
+ eval ''pc=$all2wan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2wan_policychain=all2all
++ all2wan_policychain=all2all
+ eval all2wan_policy=DROP
++ all2wan_policy=DROP
+ print_policy all wan
+ ''['' check ''!='' check '']''
+ ''['' all = wan '']''
+ ''['' all = all '']''
+ eval ''pc=$all2lan_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2lan_policychain=all2all
++ all2lan_policychain=all2all
+ eval all2lan_policy=DROP
++ all2lan_policy=DROP
+ print_policy all lan
+ ''['' check ''!='' check '']''
+ ''['' all = lan '']''
+ ''['' all = all '']''
+ eval ''pc=$all2fw_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2fw_policychain=all2all
++ all2fw_policychain=all2all
+ eval all2fw_policy=DROP
++ all2fw_policy=DROP
+ print_policy all fw
+ ''['' check ''!='' check '']''
+ ''['' all = fw '']''
+ ''['' all = all '']''
+ eval ''pc=$all2all_policychain''
++ pc+ ''['' -z '''' '']''
+ eval all2all_policychain=all2all
++ all2all_policychain=all2all
+ eval all2all_policy=DROP
++ all2all_policy=DROP
+ print_policy all all
+ ''['' check ''!='' check '']''
+ ''['' all = all '']''
+ read client server policy loglevel synparams
+ rm -rf /tmp/shorewall-4655
+ echo ''Configuration Validated''
+ disclaimer
+ echo
+ echo ''WARNING: THE
''\''''check''\'''' COMMAND IS
TOTALLY UNSUPPORTED AND PROBLEM''
+ echo '' REPORTS COMPLAINING ABOUT ERRORS THAT IT
DIDN''\''''T CATCH''
+ echo '' WILL NOT BE ACCEPTED''
+ echo