Menu
▾
▴
[Shorewall-devel] Re: Accounting issue (was: Re: [Shorewall-users] More about Accounting)
|
From: Tom E. <te...@sh...> - 2003-08-11 17:09:26
|
On Mon, 2003-08-11 at 09:45, kb wrote: > [ Sorry for cross-posting. This should be on the dev list, but I am not > subscribed to that list -- but curious about comments. ;) ] > > > > First of all: Thanks again to Tom for this great new feature and his > help debugging. :-) > > > While playing around a little bit with this new feature I encountered a > minor issue: > > DONE # does not work > DONE - - - - - # works > > (In fact, the newline followed directly after the last char of the rule, > no unnecessary whitespace added.) > > According to the docs, trailing 'any's can be omitted. [1] This works > at least for the last 3 of them, as I tested. Omitting all 5 optional > values results in shorewall to start without(!) any error, not notifying > about the created chain -- and indeed the chain does not exist. In my test, I get this: Deleting user chains... Setting up Accounting... Warning: Invalid Accounting rule DONE Restoring dynamic rules... I try to give warnings in the accounting code rather than errors since omissions in the accounting rules don't represent potential security holes. I suppose that the simplest thing to do is just allow the degenerate rules "DONE" and "COUNT". > > karsten > > > [1] This is not mentioned in the docs, but the examples are omitting > them if not needed. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ te...@sh... |
