Is it possible to execute macro in another macro file? I am using shorewall version 4.4.11.6 on Debian Squeeze. Shorewall installed from debian repositories. # dpkg -l | grep shorewall ii shorewall 4.4.11.6-2 Shoreline Firewall, netfilter configurator ii shorewall-perl 4.4.11.6-2 Shoreline Firewall, netfilter configurator - transition package I am asking this because I tried to use standard macro called macro.JAP with following content: PARAM - - tcp 8080 # HTTP port PARAM - - tcp 6544 # HTTP port PARAM - - tcp 6543 # InfoService port HTTPS(PARAM) SSH(PARAM) but shorewall check returns: Checking /etc/shorewall/rules... ERROR: Invalid Action (PARAM) in macro : /usr/share/shorewall/macro.HTTPS (line 11) Regards, Vlado ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/28/10 4:57 AM, Vlado Peshov wrote:> Is it possible to execute macro in another macro file? I am using shorewall > version > > 4.4.11.6 > > on Debian Squeeze. Shorewall installed from debian repositories. > > # dpkg -l | grep shorewall > ii shorewall 4.4.11.6-2 > Shoreline Firewall, netfilter configurator > ii shorewall-perl 4.4.11.6-2 > Shoreline Firewall, netfilter configurator - transition package > > > I am asking this because I tried to use standard macro called macro.JAP with > following content: > > PARAM - - tcp 8080 # HTTP port > PARAM - - tcp 6544 # HTTP port > PARAM - - tcp 6543 # InfoService port > HTTPS(PARAM) > SSH(PARAM) > > but shorewall check returns: > > Checking /etc/shorewall/rules... > ERROR: Invalid Action (PARAM) in macro : /usr/share/shorewall/macro.HTTPS > (line 11)Hmmm -- clearly the person who contributed macro.JAP never tested it :-(. The last two lines should be: HTTPS SSH In other words, to pass the current PARAM on to the nested macro invocation, specify no parameter to that invocation. Simply copy /usr/share/shorewall/macro.JAP to /etc/shorewall/ and modify the copy as suggested. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On Sun, Nov 28, 2010 at 4:03 PM, Tom Eastep <teastep@shorewall.net> wrote:> > Hmmm -- clearly the person who contributed macro.JAP never tested it > :-(. The last two lines should be: > > HTTPS > SSH > > In other words, to pass the current PARAM on to the nested macro > invocation, specify no parameter to that invocation. >Tested with ACCEPT, DROP, REJECT, and I have seen that the rules are well generated to iptables ... Regards, Vlado ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On Sun, Nov 28, 2010 at 07:03:44AM -0800, Tom Eastep wrote:> > Hmmm -- clearly the person who contributed macro.JAP never tested it > :-(. The last two lines should be: > > HTTPS > SSH > > In other words, to pass the current PARAM on to the nested macro > invocation, specify no parameter to that invocation. > > Simply copy /usr/share/shorewall/macro.JAP to /etc/shorewall/ and modify > the copy as suggested. >I will try and upload a patched version today to Debian. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/28/10 12:20 PM, Roberto C. Sánchez wrote:> On Sun, Nov 28, 2010 at 07:03:44AM -0800, Tom Eastep wrote: >> >> Hmmm -- clearly the person who contributed macro.JAP never tested it >> :-(. The last two lines should be: >> >> HTTPS >> SSH >> >> In other words, to pass the current PARAM on to the nested macro >> invocation, specify no parameter to that invocation. >> >> Simply copy /usr/share/shorewall/macro.JAP to /etc/shorewall/ and modify >> the copy as suggested. >> > I will try and upload a patched version today to Debian. >Thanks Roberto. For 4.4.15, I''ve changed the code to support passing ''PARAM'' as a parameter in a nested macro invocation but I don''t think we need to back-port that to 4.4.11. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On Sun, Nov 28, 2010 at 07:03:44AM -0800, Tom Eastep wrote:> On 11/28/10 4:57 AM, Vlado Peshov wrote: > > Is it possible to execute macro in another macro file? I am using shorewall > > version > > > > 4.4.11.6 > > > > on Debian Squeeze. Shorewall installed from debian repositories. > > > > # dpkg -l | grep shorewall > > ii shorewall 4.4.11.6-2 > > Shoreline Firewall, netfilter configurator > > ii shorewall-perl 4.4.11.6-2 > > Shoreline Firewall, netfilter configurator - transition package > > > > > > I am asking this because I tried to use standard macro called macro.JAP with > > following content: > > > > PARAM - - tcp 8080 # HTTP port > > PARAM - - tcp 6544 # HTTP port > > PARAM - - tcp 6543 # InfoService port > > HTTPS(PARAM) > > SSH(PARAM) > > > > but shorewall check returns: > > > > Checking /etc/shorewall/rules... > > ERROR: Invalid Action (PARAM) in macro : /usr/share/shorewall/macro.HTTPS > > (line 11) > > Hmmm -- clearly the person who contributed macro.JAP never tested it > :-(. The last two lines should be: > > HTTPS > SSH >A new shorewall/4.4.11.6-3 package has been uploaded to Debian to correct this problem. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
On 11/28/10 7:07 PM, Roberto C. Sánchez wrote:> A new shorewall/4.4.11.6-3 package has been uploaded to Debian to > correct this problem.Thanks, Roberto. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev