Hi Tom and all, I started to play a bit with the AutoBL action on a CentOS 6 box and ran into the following problems: 1) The action.AutoBL doesn''t work for me until I patch it like so: --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 00:59:42.000000000 +0200 +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200 @@ -22,6 +22,9 @@ DEFAULTS -,60,5,2,300,DROP,info ?begin perl + +use Shorewall::Config; + my ( $event, $interval, $count, $successive, $bltime, $disposition, $level ) = get_action_params(7); fatal_error "The event name parameter to AutoBL is required" unless supplied $event; 2) The iptables package of CentOS 6 doesn''t have the "--reap" option. From some Google searches it seems that the same applies to a number of distributions and iptables version, even new iptables versions. My question is, is there a way to change action.IfEvent to work without the "--reap" option? Thanks, Simon ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
On 10/7/2013 6:18 AM, Simon Matter wrote:> Hi Tom and all, > > I started to play a bit with the AutoBL action on a CentOS 6 box and ran > into the following problems: > > 1) The action.AutoBL doesn''t work for me until I patch it like so: > > --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 > 00:59:42.000000000 +0200 > +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200 > @@ -22,6 +22,9 @@ > DEFAULTS -,60,5,2,300,DROP,info > > ?begin perl > + > +use Shorewall::Config; > + > my ( $event, $interval, $count, $successive, $bltime, $disposition, > $level ) = get_action_params(7); > > fatal_error "The event name parameter to AutoBL is required" > unless supplied $event; > > > 2) The iptables package of CentOS 6 doesn''t have the "--reap" option. From > some Google searches it seems that the same applies to a number of > distributions and iptables version, even new iptables versions. My > question is, is there a way to change action.IfEvent to work without the > "--reap" option?Hi Simon, Please try the attached patch. It implements a REAP_OPTION capability that should allow AutoBL to work without --reap. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> On 10/7/2013 6:18 AM, Simon Matter wrote: >> Hi Tom and all, >> >> I started to play a bit with the AutoBL action on a CentOS 6 box and ran >> into the following problems: >> >> 1) The action.AutoBL doesn''t work for me until I patch it like so: >> >> --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 >> 00:59:42.000000000 +0200 >> +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 >> +0200 >> @@ -22,6 +22,9 @@ >> DEFAULTS -,60,5,2,300,DROP,info >> >> ?begin perl >> + >> +use Shorewall::Config; >> + >> my ( $event, $interval, $count, $successive, $bltime, $disposition, >> $level ) = get_action_params(7); >> >> fatal_error "The event name parameter to AutoBL is required" >> unless supplied $event; >> >> >> 2) The iptables package of CentOS 6 doesn''t have the "--reap" option. >> From >> some Google searches it seems that the same applies to a number of >> distributions and iptables version, even new iptables versions. My >> question is, is there a way to change action.IfEvent to work without the >> "--reap" option? > > Hi Simon, > > Please try the attached patch. It implements a REAP_OPTION capability > that should allow AutoBL to work without --reap.Hi Tom, thanks for the quick patch, it works excellent for me! Regards, Simon ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
>> On 10/7/2013 6:18 AM, Simon Matter wrote: >>> Hi Tom and all, >>> >>> I started to play a bit with the AutoBL action on a CentOS 6 box and >>> ran >>> into the following problems: >>> >>> 1) The action.AutoBL doesn''t work for me until I patch it like so: >>> >>> --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 >>> 00:59:42.000000000 +0200 >>> +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 >>> +0200 >>> @@ -22,6 +22,9 @@ >>> DEFAULTS -,60,5,2,300,DROP,info >>> >>> ?begin perl >>> + >>> +use Shorewall::Config; >>> + >>> my ( $event, $interval, $count, $successive, $bltime, $disposition, >>> $level ) = get_action_params(7); >>> >>> fatal_error "The event name parameter to AutoBL is required" >>> unless supplied $event; >>> >>> >>> 2) The iptables package of CentOS 6 doesn''t have the "--reap" option. >>> From >>> some Google searches it seems that the same applies to a number of >>> distributions and iptables version, even new iptables versions. My >>> question is, is there a way to change action.IfEvent to work without >>> the >>> "--reap" option? >> >> Hi Simon, >> >> Please try the attached patch. It implements a REAP_OPTION capability >> that should allow AutoBL to work without --reap. > > Hi Tom, > > thanks for the quick patch, it works excellent for me! > > Regards, > SimonHi Tom, do you intend to add this patch to an upcoming release? I didn''t find it in 4.5.21.1 which is why I ask. Thanks, Simon ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
On 10/8/2013 10:56 PM, Simon Matter wrote:>>> On 10/7/2013 6:18 AM, Simon Matter wrote: >>>> Hi Tom and all, >>>> >>>> I started to play a bit with the AutoBL action on a CentOS 6 box and >>>> ran >>>> into the following problems: >>>> >>>> 1) The action.AutoBL doesn''t work for me until I patch it like so: >>>> >>>> --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 >>>> 00:59:42.000000000 +0200 >>>> +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 >>>> +0200 >>>> @@ -22,6 +22,9 @@ >>>> DEFAULTS -,60,5,2,300,DROP,info >>>> >>>> ?begin perl >>>> + >>>> +use Shorewall::Config; >>>> + >>>> my ( $event, $interval, $count, $successive, $bltime, $disposition, >>>> $level ) = get_action_params(7); >>>> >>>> fatal_error "The event name parameter to AutoBL is required" >>>> unless supplied $event; >>>> >>>> >>>> 2) The iptables package of CentOS 6 doesn''t have the "--reap" option. >>>> From >>>> some Google searches it seems that the same applies to a number of >>>> distributions and iptables version, even new iptables versions. My >>>> question is, is there a way to change action.IfEvent to work without >>>> the >>>> "--reap" option? >>> >>> Hi Simon, >>> >>> Please try the attached patch. It implements a REAP_OPTION capability >>> that should allow AutoBL to work without --reap. >> >> Hi Tom, >> >> thanks for the quick patch, it works excellent for me! >> >> Regards, >> Simon > > Hi Tom, > > do you intend to add this patch to an upcoming release? I didn''t find it > in 4.5.21.1 which is why I ask.Yes -- it will be in 4.5.22. I don''t like to add new capabilties in a point release, which is why it is not in 4.5.21.1. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk