surfer@emailengine.net
2014-Jul-17 20:24 UTC
multiple Rules consolidated in my user-Action report ERROR on compile
I've setup my Shorewall to handle my VoIP -- access to/from an adapter on my LAN, plus additional signalling. These /rules /action.VoIP #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ?FORMAT 2 DNAT net:$V1 lan:$V2 udp 5036,5038,5060:5082,10010:10020 DNAT net:$V1 lan:$V2 tcp 5060:5082,10010:10020 DNAT net:$V1 lan:$V2 tcp - 5060:5082,10010:10020 ACCEPT lan:$V2 net:$V1 udp 5036,5038,5060:5082,10010:10020 ACCEPT lan:$V2 net:$V1 tcp 5060:5082,10010:10020 ACCEPT lan:$V2 net:$V1 tcp - 5060:5082,10010:10020 work perfectly. I'd like to consolidate these rules, ideally in their own chain, After reading at wiki, iiuc, an 'Action' seemes better for this that a 'Macro'. I defined /actions #ACTION OPTIONS COMMENT ?FORMAT 2 VoIP # multiple VoIP actions /action.VoIP #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ?FORMAT 2 DNAT net:$1 lan:$2 udp 5036,5038,5060:5082,10010:10020 DNAT net:$1 lan:$2 tcp 5060:5082,10010:10020 DNAT net:$1 lan:$2 tcp - 5060:5082,10010:10020 ACCEPT lan:$2 net:$1 udp 5036,5038,5060:5082,10010:10020 ACCEPT lan:$2 net:$1 tcp 5060:5082,10010:10020 ACCEPT lan:$2 net:$1 tcp - 5060:5082,10010:10020 /rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ... 36 VoIP($V1,$V2) - - ... When I compile that, I get an ERROR Compiling /usr/local/etc/shorewall/rules... ERROR: Missing source zone /usr/local/etc/shorewall/rules (line 36) If I change /rules ... -- VoIP($V1,$V2) - - ++ VoIP($V1,$V2) all all ... and recompile, I get a different ERROR Compiling /usr/local/etc/shorewall/action.VoIP for chain VoIP... ERROR: Invalid/Unknown udp port/service (192.168.0.100) /usr/local/etc/shorewall/action.VoIP (line 4) from /usr/local/etc/shorewall/rules (line 36) My Action, as written, doesn't actually need the SOURCE/DEST passed to it, just the $1 & $2 params. IS an Action the right way to consolidate these multiple-Action/Proto/Port rules? or a Macro? ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds