Accounting issue (was: Re: [Shorewall-users] More about
teastep at shorewall.net
Mon Aug 11 18:09:32 PDT 2003
On Mon, 2003-08-11 at 09:45, kb wrote:
> [ Sorry for cross-posting. This should be on the dev list, but I am not
> subscribed to that list -- but curious about comments. ;) ]
> First of all: Thanks again to Tom for this great new feature and his
> help debugging. :-)
> While playing around a little bit with this new feature I encountered a
> minor issue:
> DONE # does not work
> DONE - - - - - # works
> (In fact, the newline followed directly after the last char of the rule,
> no unnecessary whitespace added.)
> According to the docs, trailing 'any's can be omitted.  This works
> at least for the last 3 of them, as I tested. Omitting all 5 optional
> values results in shorewall to start without(!) any error, not notifying
> about the created chain -- and indeed the chain does not exist.
In my test, I get this:
Deleting user chains...
Setting up Accounting...
Warning: Invalid Accounting rule DONE
Restoring dynamic rules...
I try to give warnings in the accounting code rather than errors since
omissions in the accounting rules don't represent potential security
I suppose that the simplest thing to do is just allow the degenerate
rules "DONE" and "COUNT".
>  This is not mentioned in the docs, but the examples are omitting
> them if not needed.
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users