Shorewall users - May 2004 - Error with empty action for policy in "actions" file

Hi there,

With Shorewall 2.02a, I get an error when trying to do the following
suggestion in the "actions" file:

#       If you specify ":DROP", ":REJECT" or
":ACCEPT" on a line by
#       itself, the associated policy will have no common action. 

i.e., if I put this in "actions"

:REJECT
:DROP

then I get the error:

/usr/share/shorewall/firewall: line 215: [: =: unary operator expected

which is caused by the following code in "firewall":

  createchain() # $1 = chain name, $2 = If "yes", create default rules
  {
      local c=$(chain_base $1)
  
      run_iptables -N $1
  
==>   if [ $2 = yes ]; then
          run_iptables -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
          [ -z "$NEWNOTSYN" ] && \
             run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
      fi

      eval exists_${c}=Yes
  }

I think since createchain is called with an empty first argument, the
$1 argument incorrectly gets assigned as "no" and $2 ends up with
"".

--eric

Eric E. Bowles wrote:
> With Shorewall 2.02a, I get an error when trying to do the following
> suggestion in the "actions" file:
> 
> #       If you specify ":DROP", ":REJECT" or
":ACCEPT" on a line by
> #       itself, the associated policy will have no common action. 
> 
> i.e., if I put this in "actions"
> 
> :REJECT
> :DROP
> 
> then I get the error:
> 
> /usr/share/shorewall/firewall: line 215: [: =: unary operator expected
> 
> which is caused by the following code in "firewall":
> 
The root cause was actially earlier -- the firewall script at 
http://shorewall.net/pub/shorewall/errata/2.0.2/firewall corrects the 
problem.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net