Shorewall users - Aug 2005 - shorewall module of webmin cannot recgonize custom added actions

I''m using shorewall 2.4.2 , webmin 1.220

I added a custom action file e.g. action.FTP2 under /etc/shorewall
and added an entry FTP2 in /etc/shorewall/actions file

However I cannot see this action in webmin->shorewall->rules
The shorewall webmin module can see shorewall built-in actions

Does it mean I still need to manual edit the /etc/shorewall/rules file
to use my custom added action files ?

rgds,
adrian


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

>Does it mean I still need to manual edit the /etc/shorewall/rules file
>to use my custom added action files ?
Yes, From:
http://www.shorewall.net/Actions.html
"Shorewall actions allow a symbolic name to be associated with a 
series of one or more iptables rules. The symbolic name may appear 
in the ACTION column of an /etc/shorewall/rules file entry in which 
case, the traffic matching that rules file entry will be passed to the 
series of iptables rules named by the action."

Jerry



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Hello,

  To use multiple ISP with Shorewall iptables 1.3.1
  has to be patched.

  I have the patch, I have the iptables 1.3.1 sources.
  I even have the 1.3.2 sources which seams to be
  already patch if I look at the code!

  I use Suse 9.3 with the last updates:

      iptables-1.3.1-3
      Kernel 2.6.11.4-21.8

  To compile one of the iptables sources, I need to have
  the kernel sources.

  I downloaded it but it give some bzip2 files, not a
  clear source directory.

  I always get:

    Making dependencies: please wait...
    Something wrong... deleting dependencies.
    make: *** [linux/autoconfig.h] Error 1

  I want to get that "linux/autoconfig.h" file but the
  structure of the kernel source is not the one I expected
  to do a "make config" like I''m used to usually.  I think
  that the linux/autoconfig.h would be generated then.

  Is there someone with a patched iptables-1.3.1-3 CONNTRACK
  module somewhere?  Or a RPM of iptables-1.3.2 for Suse 9.3?

  Thank you very much.


Yves





-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Yves Bélanger wrote:
> 
>  Hello,
> 
>  To use multiple ISP with Shorewall iptables 1.3.1
>  has to be patched.
> 
>  I have the patch, I have the iptables 1.3.1 sources.
>  I even have the 1.3.2 sources which seams to be
>  already patch if I look at the code!
> 
>  I use Suse 9.3 with the last updates:
> 
There should be no need for you to patch either iptables or the kernel
to use multiple ISPs.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Unless http://shorewall.net/pub/shorewall/contrib/iptables/
  is installed, It seams that my email comes from my ADSL
  but sites that verifies "open relays" and "spammers nests"
  put me on blacklists!

  I succeeded to use this patch on iptables 1.3.1 and now
  I receive emails from these sites.  iptables 1.3.2 has
  already that patch applied.

  I found this patch in the document at Shorewall site talking
  about traffic control...


----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: <shorewall-users@lists.sourceforge.net>
Sent: Sunday, August 07, 2005 3:53 PM
Subject: Re: [Shorewall-users] Patch of IPTABLES for Shorewall





-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

It talks about a bug in CONNMARK "save" and "restore"
  modules...

  Anyway, I don''t remember precisely the web document
  but someone told me to read it and it said to patch
  iptables 1.3.1...


----- Original Message ----- 
From: "Yves Bélanger" <belanger@dariustech.qc.ca>
To: <shorewall-users@lists.sourceforge.net>
Sent: Monday, August 08, 2005 8:11 AM
Subject: Re: [Shorewall-users] Patch of IPTABLES for Shorewall

>
>  Unless http://shorewall.net/pub/shorewall/contrib/iptables/
>  is installed, It seams that my email comes from my ADSL
>  but sites that verifies "open relays" and "spammers
nests"
>  put me on blacklists!
>
>  I succeeded to use this patch on iptables 1.3.1 and now
>  I receive emails from these sites.  iptables 1.3.2 has
>  already that patch applied.
>
>  I found this patch in the document at Shorewall site talking
>  about traffic control...
>
>
> ----- Original Message ----- 
> From: "Tom Eastep" <teastep@shorewall.net>
> To: <shorewall-users@lists.sourceforge.net>
> Sent: Sunday, August 07, 2005 3:53 PM
> Subject: Re: [Shorewall-users] Patch of IPTABLES for Shorewall
>
>
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle 
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams *
Testing & QA
> Security * Process Improvement & Measurement *
http://www.sqe.com/bsce5sf
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> 



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Yves Bélanger wrote:
> 
>  Unless http://shorewall.net/pub/shorewall/contrib/iptables/
>  is installed, It seams that my email comes from my ADSL
>  but sites that verifies "open relays" and "spammers
nests"
>  put me on blacklists!
You''ve probably misconfigured your mail server, or you''ve
inherited a
dynamic IP address from someone who did. Try restarting your ADSL modem
to get a different IP address.

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  If you receive a virus warning from a friend and not
through a virus software vendor, it''s likely to be a hoax.  See
<http://gear.dyndns.org:81/features/virus_hoaxes> for more info.

It works with the patch...  So:

    "If it ain''t broken don''t touch it"

  I explicitely blocked communictions from Cable
  Modem in Rules to be sure that nothing regarding
  email uses the dynamic provider.

  If I could find that !@#$!@# web page who tell
  that iptables CONNTRACK module is broken for
  "save" and "restore"!!


----- Original Message ----- 
From: "Paul Gear" <paul@gear.dyndns.org>
To: <shorewall-users@lists.sourceforge.net>
Sent: Monday, August 08, 2005 8:34 AM
Subject: [Shorewall-users] Re: Patch of IPTABLES for Shorewall





-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Yves Bélanger wrote:
> 
>  It works with the patch...  So:
> 
>    "If it ain''t broken don''t touch it"
> 
>  I explicitely blocked communictions from Cable
>  Modem in Rules to be sure that nothing regarding
>  email uses the dynamic provider.
> 
>  If I could find that !@#$!@# web page who tell
>  that iptables CONNTRACK module is broken for
>  "save" and "restore"!!
Ok -- for all of you who are rpmbuild-challenged, there are updated SuSE-9.3
iptables RPMs at:

http://www1.shorewall.net/var/ftp/pub/shorewall/contrib/iptables/suse93

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> Ok -- for all of you who are rpmbuild-challenged, there are updated
SuSE-9.3
> iptables RPMs at:
>
> http://www1.shorewall.net/var/ftp/pub/shorewall/contrib/iptables/suse93
>
Now for the correct URL:

http://www1.shorewall.net/pub/shorewall/contrib/iptables/suse93/

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

should I specify the proto field in /etc/shorewall/rules file when I use actions
e.g.



On 8/6/05, Adrian Mak <makkaichung@gmail.com>
wrote:
> I''m using shorewall 2.4.2 , webmin 1.220
> 
> I added a custom action file e.g. action.FTP2 under /etc/shorewall
> and added an entry FTP2 in /etc/shorewall/actions file
> 
> However I cannot see this action in webmin->shorewall->rules
> The shorewall webmin module can see shorewall built-in actions
> 
> Does it mean I still need to manual edit the /etc/shorewall/rules file
> to use my custom added action files ?
> 
> rgds,
> adrian
>

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Adrian Mak wrote:
> should I specify the proto field in /etc/shorewall/rules file when I use
actions
No, the action takes care of that for you.

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  Email viruses spread using addresses they find on the
host computer.  You can help to reduce the spread of these viruses by
using Bcc: instead of To: on mass mailings, or using mailing list
software such as mailman (http://www.list.org/) instead.