Fix bashisms in iptables backend
Issue #32
resolved
Hello,
After compile sshguard v.1.6.3 in GNU Debian unstable.
sudo /usr/sbin/sshguard -l /var/log/auth.log
sh: 1: [: x: unexpected operator
Chain INPUT (policy ACCEPT)
target prot opt source destination
sshguard all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain sshguard (1 references)
target prot opt source destination
sh: 1: [: 0: unexpected operator
Here Ctrl + C ^Csh: 1: [: x: unexpected operator sh: 1: [: 0: unexpected operator sh: 1: [: x6: unexpected operator sh: 1: [: 0: unexpected operator
It shows several unexpected operators.
That it doesn't happen with v1.6.0
sudo /usr/sbin/sshguard -l /var/log/auth.log
Chain INPUT (policy ACCEPT)
target prot opt source destination
sshguard all -- 0.0.0.0/0 0.0.0.0/0
sshguard all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain sshguard (2 references) target prot opt source destination
Kind regards,
Julián Moreno Patiño
Comments (8)
-
-
Hello Kevin,
In Debian /bin/sh is a symbolic link to /bin/dash
dash is the default shell in Debian.
-
Hello Kevin,
Checking the code I see this:
src/fwalls/command_iptables.h
#define IPTBLCMD "TBL=iptables; if [ x$SSHG_ADDRKIND == x6 ]; then TBL=ip6tables; fi; iptblscmd() { " IPTABLES_PATH "/$TBL -w $@; r=$?; if [ $r == 2 ]; then exec " IPTABLES_PATH "/$TBL $@; fi; exit $r; }; iptblscmd "
The line above is a pure bash script ? if yes, there are some errors. I believe that '==' operator, it doesn't exists.
To do comparison please check: man test
http://linux.die.net/man/1/test
There are useful examples there.
I'll be attentive to any doubt
-
- attached patch.diff
I believe that the attached patch fix that. could you check it?
-
The patch looks correct, although since I don't have iptables it's hard for me to test. Does the patch fix your issue?
-
Yes, it does
-
- changed title to Fix bashisms in iptables backend
-
assigned issue to
Kevin Zheng
-
- changed status to resolved
Committed in 3c39f8e, thanks!
- Log in to comment
I'd have to do some digging, but if I remember correctly the major change was to make some arguments passed to
iptablesbackward-compatible. I wonder if that change introduced some bashisms? What shell is Debian's /bin/sh?