I have shorewall 4.6.1.2 (Debian package version 4.6.1.2-1).
I am trying to use SAVE and RESTORE actions in the tcrules file,
with a non-default mask, and it doesn't work. Here are the last
few lines of output from /sbin/shorewall trace check:
Checking /etc/shorewall/tcrules...
IN===> SAVE(0x7f):T 0.0.0.0/0 0.0.0.0/0 all
ERROR: Invalid SAVE ACTION (SAVE(0x7f):T) /etc/shorewall/tcrules (line 109)
at /usr/share/shorewall/Shorewall/Config.pm line 1348.
Shorewall::Config::fatal_error('Invalid SAVE ACTION
(SAVE(0x7f):T)') called at /usr/share/shorewall/Shorewall/Tc.pm line 943
Shorewall::Tc::process_tc_rule1('SAVE(0x7f):T',
'0.0.0.0/0', '0.0.0.0/0', 'all', '-',
'-', '-', '-', '-', ...) called at
/usr/share/shorewall/Shorewall/Tc.pm line 1045
Shorewall::Tc::process_tc_rule() called at
/usr/share/shorewall/Shorewall/Tc.pm line 3180
Shorewall::Tc::setup_tc(0) called at
/usr/share/shorewall/Shorewall/Compiler.pm line 796
Shorewall::Compiler::compiler('script', '',
'directory', '', 'verbosity', 1, 'timestamp', 0,
'debug', ...) called at /usr/share/shorewall/compiler.pl line 152
The documentation in the shorewall-tcrules and shorewall-mangle man
pages was inconsistent, with one suggesting that I needed
SAVE[/mask]
and one suggesting
SAVE[(/mask)]
Anyway, I tried all 8 possible combinations of with and without
parentheses, with and without slash, with and without :T. Nothing
worked.
Am I doing something wrong, or is this a bug? If it's a bug, my
first suspect would be the "match" subs in the value of %tccmd
assigned at line 853 of Shorewall/Tc.pm.
--apb (Alan Barrett)
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds