RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the ''save'' file to the correct remote directory. Previously, the file was always copied to /etc/$PRODUCT/. 4) ?IF, ?ELSE and ?ENDIF now work within embedded Shell and Perl scripts. 5) The ''shorewall6 dump'' command now reads the Shorewall version file from the correct directory when $SHAREDIR != /usr/share/. 6) An extraneous character was removed from ifupdown.sh. Thank you for testing. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Tom The attached minimal config. produces the following error messages: /bin/sh: Syntax error: Unterminated quoted string ERROR: SHELL Script failed : /etc/shorewallC1/rules (line 15) This worked with RC1 and previous releases. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/08/2012 05:58 AM, Steven Jan Springl wrote:> The attached minimal config. produces the following error messages: > > /bin/sh: Syntax error: Unterminated quoted string > ERROR: SHELL Script failed : /etc/shorewallC1/rules (line 15) > > This worked with RC1 and previous releases.The attached patch seems to resolve the issue. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/08/2012 05:58 AM, Steven Jan Springl wrote:> The attached minimal config. produces the following error messages: > > /bin/sh: Syntax error: Unterminated quoted string > ERROR: SHELL Script failed : /etc/shorewallC1/rules (line 15) > > This worked with RC1 and previous releases.Steven, Here is a related patch the avoids deleting leading whitespace and blank lines in embedded Perl and Shell. Such deletion could affect multi-line quoting. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Tom I have applied both patches. The original issue has been fixed. -------------------------------------------------------------- When the rules file contains: BEGIN SHELL echo "DROP fw lan tcp 80" echo "DROP fw lan tcp 81,82" END SHELL The following error message is produced: ERROR: Invalid/Unknown tcp port/service (80echo) : SHELL@/etc/shorewallC1/rules:16 (line 1) Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/8/12 9:28 AM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote:> >BEGIN SHELL >echo "DROP fw lan tcp 80" >echo "DROP fw lan tcp 81,82" >END SHELL > >The following error message is produced: > >ERROR: Invalid/Unknown tcp port/service (80echo) : >SHELL@/etc/shorewallC1/rules:16 (line 1)The attached patch corrects it for me. Thanks, Steven -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Sunday 08 Apr 2012 19:20:15 Tom Eastep wrote:> On 4/8/12 9:28 AM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote: > >BEGIN SHELL > >echo "DROP fw lan tcp 80" > >echo "DROP fw lan tcp 81,82" > >END SHELL > > > >The following error message is produced: > > > >ERROR: Invalid/Unknown tcp port/service (80echo) : > >SHELL@/etc/shorewallC1/rules:16 (line 1) > > The attached patch corrects it for me. > > Thanks, Steven > > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice.Tom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/8/12 2:50 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote:> >Confirmed, the patch fixes the issue.Thanks, Steven -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Tom Rule: SHELL echo "#DROP fw wan tcp 80" produces the following error messages: /bin/sh: Syntax error: Unterminated quoted string ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 06:56 AM, Steven Jan Springl wrote:> Rule: > > SHELL echo "#DROP fw wan tcp 80" > > produces the following error messages: > > /bin/sh: Syntax error: Unterminated quoted string > ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15)Steven, Doesn''t this happen on prior versions as well? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Monday 09 Apr 2012 18:13:48 Tom Eastep wrote:> On 04/09/2012 06:56 AM, Steven Jan Springl wrote: > > Rule: > > > > SHELL echo "#DROP fw wan tcp 80" > > > > produces the following error messages: > > > > /bin/sh: Syntax error: Unterminated quoted string > > ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) > > Steven, > > Doesn''t this happen on prior versions as well? > > Thanks, > -TomTom I have just tried RC1 and the problem occurs on that release also. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 10:13 AM, Tom Eastep wrote:> On 04/09/2012 06:56 AM, Steven Jan Springl wrote: > >> Rule: >> >> SHELL echo "#DROP fw wan tcp 80" >> >> produces the following error messages: >> >> /bin/sh: Syntax error: Unterminated quoted string >> ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) > > Doesn''t this happen on prior versions as well?The attached patch should correct this issue. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Monday 09 Apr 2012 19:09:28 Tom Eastep wrote:> On 04/09/2012 10:13 AM, Tom Eastep wrote: > > On 04/09/2012 06:56 AM, Steven Jan Springl wrote: > >> Rule: > >> > >> SHELL echo "#DROP fw wan tcp 80" > >> > >> produces the following error messages: > >> > >> /bin/sh: Syntax error: Unterminated quoted string > >> ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) > > > > Doesn''t this happen on prior versions as well? > > The attached patch should correct this issue. > > Thanks, Steven > > -TomTom Unfortunately the patch has not worked. The messages are still produced. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 12:35 PM, Steven Jan Springl wrote:> On Monday 09 Apr 2012 19:09:28 Tom Eastep wrote: >> On 04/09/2012 10:13 AM, Tom Eastep wrote: >>> On 04/09/2012 06:56 AM, Steven Jan Springl wrote: >>>> Rule: >>>> >>>> SHELL echo "#DROP fw wan tcp 80" >>>> >>>> produces the following error messages: >>>> >>>> /bin/sh: Syntax error: Unterminated quoted string >>>> ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) >>> >>> Doesn''t this happen on prior versions as well? >> >> The attached patch should correct this issue. > > Unfortunately the patch has not worked. The messages are still produced.Steven, This ''bug'' has been in the compiler for a long time. The attached patch (on top of the earlier one) corrects it. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 12:55 PM, Tom Eastep wrote:> On 04/09/2012 12:35 PM, Steven Jan Springl wrote: >> On Monday 09 Apr 2012 19:09:28 Tom Eastep wrote: >>> On 04/09/2012 10:13 AM, Tom Eastep wrote: >>>> On 04/09/2012 06:56 AM, Steven Jan Springl wrote: >>>>> Rule: >>>>> >>>>> SHELL echo "#DROP fw wan tcp 80" >>>>> >>>>> produces the following error messages: >>>>> >>>>> /bin/sh: Syntax error: Unterminated quoted string >>>>> ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) >>>> >>>> Doesn''t this happen on prior versions as well? >>> >>> The attached patch should correct this issue. >> >> Unfortunately the patch has not worked. The messages are still produced. > > Steven, > > This ''bug'' has been in the compiler for a long time. The attached patch > (on top of the earlier one) corrects it.The fix may have a defect -- I''m seeing differences in the generated ruleset while running regression tests. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Monday 09 Apr 2012 21:56:57 Tom Eastep wrote:> On 04/09/2012 12:55 PM, Tom Eastep wrote: > > On 04/09/2012 12:35 PM, Steven Jan Springl wrote: > >> On Monday 09 Apr 2012 19:09:28 Tom Eastep wrote: > >>> On 04/09/2012 10:13 AM, Tom Eastep wrote: > >>>> On 04/09/2012 06:56 AM, Steven Jan Springl wrote: > >>>>> Rule: > >>>>> > >>>>> SHELL echo "#DROP fw wan tcp 80" > >>>>> > >>>>> produces the following error messages: > >>>>> > >>>>> /bin/sh: Syntax error: Unterminated quoted string > >>>>> ERROR: SHELL Script failed : /etc/shorewallT8/rules (line 15) > >>>> > >>>> Doesn''t this happen on prior versions as well? > >>> > >>> The attached patch should correct this issue. > >> > >> Unfortunately the patch has not worked. The messages are still produced. > > > > Steven, > > > > This ''bug'' has been in the compiler for a long time. The attached patch > > (on top of the earlier one) corrects it. > > The fix may have a defect -- I''m seeing differences in the generated > ruleset while running regression tests. > > -TomTom I can confirm the patch resolves the issue. However it does cause a futher problem. Rule: {ACTION=DROP SOURCE=fw DEST=lan PROTO=udp} # produces the following error message: ERROR: Unknown ACTION ({ACTION=DROP) : /etc/shorewallT8/rules (line 17) Steven ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 01:56 PM, Tom Eastep wrote:> > The fix may have a defect -- I''m seeing differences in the generated > ruleset while running regression tests. >Steven, The problem turned out to be ''first-entry'' processing. That was happening before the first non-omitted non-commentary entry in a file was found. Corrected by the attached patch. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 02:33 PM, Steven Jan Springl wrote:> > I can confirm the patch resolves the issue. However it does cause a futher > problem. Rule: > > {ACTION=DROP SOURCE=fw DEST=lan PROTO=udp} # > > produces the following error message: > > ERROR: Unknown ACTION ({ACTION=DROP) : /etc/shorewallT8/rules (line 17)Steven, I''m not seeing that behavior -- is this re-producible after applying the last patch I sent (SINGLELINE2.patch)? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Monday 09 Apr 2012 22:40:30 Tom Eastep wrote:> On 04/09/2012 01:56 PM, Tom Eastep wrote: > > The fix may have a defect -- I''m seeing differences in the generated > > ruleset while running regression tests. > > Steven, > > The problem turned out to be ''first-entry'' processing. That was > happening before the first non-omitted non-commentary entry in a file > was found. Corrected by the attached patch. > > Thanks, > -TomTom Confirmed, the patch fixes the issue and my last reported issue also. Thanks Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/09/2012 02:48 PM, Steven Jan Springl wrote:> > Confirmed, the patch fixes the issue and my last reported issue also. >Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Tom In the attached config. accounting entry: RPFILTER:COUNT - - eth0 generates the following iptables rule: -A INPUT -o eth0 -j RPFILTER which produces the following error message: iptables-restore v1.4.13: Can''t use -o with INPUT Additionally accounting entry: RPFILTER:COUNT - eth0 - generates the following iptables rule: -A OUTPUT -i eth0 -j RPFILTER which produces the following error message: ptables-restore v1.4.13: Can''t use -i with OUTPUT Note, neither of these errors occur if OPTIMIZE=0 is specified. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/9/12 3:14 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote:>Tom > >In the attached config. accounting entry: > >RPFILTER:COUNT - - eth0 > >generates the following iptables rule: > >-A INPUT -o eth0 -j RPFILTER > >which produces the following error message: > >iptables-restore v1.4.13: Can''t use -o with INPUT > >Additionally accounting entry: > >RPFILTER:COUNT - eth0 - > >generates the following iptables rule: > >-A OUTPUT -i eth0 -j RPFILTER > >which produces the following error message: > >ptables-restore v1.4.13: Can''t use -i with OUTPUT > >Note, neither of these errors occur if OPTIMIZE=0 is specified.Steven, If we make any change here, it will be in the documentation. The entire reason for adding sections to the accounting file was to be able to detect this particular issue. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On Tuesday 10 Apr 2012 00:32:08 Tom Eastep wrote:> On 4/9/12 3:14 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote: > >Tom > > > >In the attached config. accounting entry: > > > >RPFILTER:COUNT - - eth0 > > > >generates the following iptables rule: > > > >-A INPUT -o eth0 -j RPFILTER > > > >which produces the following error message: > > > >iptables-restore v1.4.13: Can''t use -o with INPUT > > > >Additionally accounting entry: > > > >RPFILTER:COUNT - eth0 - > > > >generates the following iptables rule: > > > >-A OUTPUT -i eth0 -j RPFILTER > > > >which produces the following error message: > > > >ptables-restore v1.4.13: Can''t use -i with OUTPUT > > > >Note, neither of these errors occur if OPTIMIZE=0 is specified. > > Steven, > > If we make any change here, it will be in the documentation. The entire > reason for adding sections to the accounting file was to be able to detect > this particular issue. >Tom I happy with that. Thanks. Steven. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/9/12 4:32 PM, "Tom Eastep" <teastep@shorewall.net> wrote:>On 4/9/12 3:14 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote: > >>Tom >> >>In the attached config. accounting entry: >> >>RPFILTER:COUNT - - eth0 >> >>generates the following iptables rule: >> >>-A INPUT -o eth0 -j RPFILTER >> >>which produces the following error message: >> >>iptables-restore v1.4.13: Can''t use -o with INPUT >> >>Additionally accounting entry: >> >>RPFILTER:COUNT - eth0 - >> >>generates the following iptables rule: >> >>-A OUTPUT -i eth0 -j RPFILTER >> >>which produces the following error message: >> >>ptables-restore v1.4.13: Can''t use -i with OUTPUT >> >>Note, neither of these errors occur if OPTIMIZE=0 is specified. > >Steven, > >If we make any change here, it will be in the documentation. The entire >reason for adding sections to the accounting file was to be able to detect >this particular issue.I realized that this may be something that was broken in this release. Please verify with the attached patch. Thanks, Steven -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
On 4/9/12 5:03 PM, "Tom Eastep" <teastep@shorewall.net> wrote:>On 4/9/12 4:32 PM, "Tom Eastep" <teastep@shorewall.net> wrote: > >>On 4/9/12 3:14 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote: >> >>>Tom >>> >>>In the attached config. accounting entry: >>> >>>RPFILTER:COUNT - - eth0 >>> >>>generates the following iptables rule: >>> >>>-A INPUT -o eth0 -j RPFILTER >>> >>>which produces the following error message: >>> >>>iptables-restore v1.4.13: Can''t use -o with INPUT >>> >>>Additionally accounting entry: >>> >>>RPFILTER:COUNT - eth0 - >>> >>>generates the following iptables rule: >>> >>>-A OUTPUT -i eth0 -j RPFILTER >>> >>>which produces the following error message: >>> >>>ptables-restore v1.4.13: Can''t use -i with OUTPUT >>> >>>Note, neither of these errors occur if OPTIMIZE=0 is specified. >> >>Steven, >> >>If we make any change here, it will be in the documentation. The entire >>reason for adding sections to the accounting file was to be able to >>detect >>this particular issue. > >I realized that this may be something that was broken in this release. >Please verify with the attached patch.Steven, Please try this patch instead. I don''t think this was broken in this release but it seems to avoid all accounting rule optimization when OPTIMIZE_ACCOUNTING=No. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
On 4/9/12 6:06 PM, "Tom Eastep" <teastep@shorewall.net> wrote:>On 4/9/12 5:03 PM, "Tom Eastep" <teastep@shorewall.net> wrote: > >>On 4/9/12 4:32 PM, "Tom Eastep" <teastep@shorewall.net> wrote: >> >>>On 4/9/12 3:14 PM, "Steven Jan Springl" <steven@springl.ukfsn.org> >>>wrote: >>> >>>>Tom >>>> >>>>In the attached config. accounting entry: >>>> >>>>RPFILTER:COUNT - - eth0 >>>> >>>>generates the following iptables rule: >>>> >>>>-A INPUT -o eth0 -j RPFILTER >>>> >>>>which produces the following error message: >>>> >>>>iptables-restore v1.4.13: Can''t use -o with INPUT >>>> >>>>Additionally accounting entry: >>>> >>>>RPFILTER:COUNT - eth0 - >>>> >>>>generates the following iptables rule: >>>> >>>>-A OUTPUT -i eth0 -j RPFILTER >>>> >>>>which produces the following error message: >>>> >>>>ptables-restore v1.4.13: Can''t use -i with OUTPUT >>>> >>>>Note, neither of these errors occur if OPTIMIZE=0 is specified. >>> >>>Steven, >>> >>>If we make any change here, it will be in the documentation. The entire >>>reason for adding sections to the accounting file was to be able to >>>detect >>>this particular issue. >> >>I realized that this may be something that was broken in this release. >>Please verify with the attached patch. > >Steven, > >Please try this patch instead.Patch attached this time. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
> > > >Steven, > > > >Please try this patch instead. > > Patch attached this time. > > -Tom > You do not need a parachute to skydive. You only need a parachute to > skydive twice.Tom Confirmed, OPTIMIZE_ACCOUNTING now works. I have finished my testing of RC2. Steven. ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
On 04/10/2012 04:26 AM, Steven Jan Springl wrote:> > > Confirmed, OPTIMIZE_ACCOUNTING now works. > > I have finished my testing of RC2.Thank you, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev