Given that there is a potential security hole in Beta 2 (the effective $FW->all policy is the same as the $FW->$FW policy), I''ve uploaded Beta 3. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Tom The new option FORWARD_CLEAR_MARK is refered to as CLEAR_FORWARD_MARK in the release notes. The new NET3 column in NETMAP seems to accept any value. The following NETMAP entry produces no message and shorewall starts without error. Is this expected? DNAT 192.168.168.0/24 eth4 10.199.0.0/16 GARBAGE Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On 7/4/10 3:21 PM, Steven Jan Springl wrote:> DNAT 192.168.168.0/24 eth4 10.199.0.0/16 GARBAGEThanks, Steven. NET3 bug fixed by the attached patch. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On Sunday 04 July 2010 23:59:35 Tom Eastep wrote:> On 7/4/10 3:21 PM, Steven Jan Springl wrote: > > DNAT 192.168.168.0/24 eth4 10.199.0.0/16 GARBAGE > > Thanks, Steven. > > NET3 bug fixed by the attached patch. > > -TomTom Thanks, that''s fixed it. Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Tom When REQUIRE_INTERFACE=Yes is specified in shorewall.conf, a closing quote is missing on the startup_error function call. See the following section of code from /var/lib/shorewall/.start if [ -z "$HAVE_INTERFACE" ]; then case "$COMMAND" in start|restart|restore|refresh) if shorewall_is_started; then fatal_error "No network interface available" else startup_error "No network interface available fi ;; esac fi Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On 7/5/10 9:36 AM, Steven Jan Springl wrote:> Tom > > When REQUIRE_INTERFACE=Yes is specified in shorewall.conf, a closing quote is > missing on the startup_error function call. See the following section of code > from /var/lib/shorewall/.start > > if [ -z "$HAVE_INTERFACE" ]; then > case "$COMMAND" in > start|restart|restore|refresh) > if shorewall_is_started; then > fatal_error "No network interface available" > else > startup_error "No network interface available > fi > ;; > esac > fiThanks, Steven. The attached patch should fix you up. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On Monday 05 July 2010 17:47:55 Tom Eastep wrote:> On 7/5/10 9:36 AM, Steven Jan Springl wrote: > > Tom > > > > When REQUIRE_INTERFACE=Yes is specified in shorewall.conf, a closing > > quote is missing on the startup_error function call. See the following > > section of code from /var/lib/shorewall/.start > > > > if [ -z "$HAVE_INTERFACE" ]; then > > case "$COMMAND" in > > start|restart|restore|refresh) > > if shorewall_is_started; then > > fatal_error "No network interface available" > > else > > startup_error "No network interface available > > fi > > ;; > > esac > > fi > > Thanks, Steven. > > The attached patch should fix you up. > > -TomTom That''s fixed it. Thanks. Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first