From b349cc0f220d5ebd4f271f46fbb7876ff0206eee Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 10 Feb 2013 09:16:18 -0800 Subject: [PATCH 1/3] A better fix for inline default action with parameters. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Rules.pm | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 682d9b08e..34754d55e 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -672,9 +672,12 @@ sub policy_rules( $$$$$ ) { if ( $default && $default ne 'none' ) { my ( $action ) = split ':', $default; - my ( $basicaction, $param ) = get_target_param $action; - - if ( ( $targets{$basicaction} || 0 ) == INLINE ) { + if ( ( $targets{$action} || 0 ) == ACTION ) { + # + # Default action is a regular action -- jump to the action chain + # + add_ijump $chainref, j => use_policy_action( $default, $chainref->{name} ); + } else { # # Default action is an inline # @@ -702,11 +705,6 @@ sub policy_rules( $$$$$ ) { '-', #Helper 0, #Wildcard ); - } else { - # - # Default action is a regular action -- jump to the action chain - # - add_ijump $chainref, j => use_policy_action( $default, $chainref->{name} ); } } From b9d5b92f1b5dd67af747381874bd33a22d94b212 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 10 Feb 2013 15:19:30 -0800 Subject: [PATCH 2/3] Correct handling of expressions consisting of a single number. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index e4d48eff2..71780c9de 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -2212,7 +2212,9 @@ sub evaluate_expression( $$$ ) { print "EXPR=> $expression\n" if $debug; - unless ( $expression =~ /^\d+$/ ) { + if ( $expression =~ /^\d+$/ ) { + $val = $expression + } else { # # Not a simple one-term expression -- compile it # From bda1e05d9a17df95c9095830dc1720d3fad30b7e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 11 Feb 2013 05:58:01 -0800 Subject: [PATCH 3/3] Mention the requirement for a params file in the Shorewall Lite article. Signed-off-by: Tom Eastep --- docs/Shorewall-Lite.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/Shorewall-Lite.xml b/docs/Shorewall-Lite.xml index bbf8eccbc..01faeff2b 100644 --- a/docs/Shorewall-Lite.xml +++ b/docs/Shorewall-Lite.xml @@ -221,6 +221,13 @@ on the firewall system is "/etc/shorewall-lite:/usr/share/shorewall-lite". + + + The export directory should contain a + params file, even if it is empty. + Otherwise, /sbin/shorewall will attempt + to read /etc/shorewall/params. +