4.4.12 Beta 4 is now ready for testing.
There are two new features in this Beta:
1) ''icmp'' is now accepted as a synonym for
''ipv6-icmp'' in IPv6
compilations.
2) Shorewall now detects the presence of a recent ipset iptables
module and uses its new syntax. This avoids a warning on iptables
1.4.9. This change involves a new capabilities file version so if
you use a capabilities file, be sure to regenerate it with 4.4.12
shorewall-lite or shorewall6-lite.
3) (Inadvertently omitted from the release notes) - A new COMPLETE
option has been added to shorewall.conf and to shorewall6.conf.
When set to Yes, it signifies that the configuration is complete so
that your set of zones encompasses any hosts that can send or
receive traffic to/from/through the firewall. This causes Shorewall
to omit the rules that catch packets in which the source or
destination IP address is outside of any of your zones. Default is
No. It is recommended that this option only be set to Yes if:
- You have defined an interface whose effective physical setting is
''+''.
- That interface is assigned to a zone.
- You have no CONTINUE policies or rules.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can''t live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
Tom Running Shorewall install.sh script produces the following error: 748 install-file: command not found The problem does not occur in Shorewall6. Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On 8/7/10 4:00 AM, Steven Jan Springl wrote:> Tom > > Running Shorewall install.sh script produces the following error: > > 748 install-file: command not found > > > The problem does not occur in Shorewall6.Steven, Except for the VERSION assignment, the installer is identical to 4.4.11. I suspect that it is being confused by your current environmental variable settings. Please trace its execution and find out where it is going wrong. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On Saturday 07 August 2010 15:29:13 Tom Eastep wrote:> On 8/7/10 4:00 AM, Steven Jan Springl wrote: > > Tom > > > > Running Shorewall install.sh script produces the following error: > > > > 748 install-file: command not found > > > > > > The problem does not occur in Shorewall6. > > Steven, > > Except for the VERSION assignment, the installer is identical to 4.4.11. > I suspect that it is being confused by your current environmental > variable settings. > > Please trace its execution and find out where it is going wrong. > > Thanks, > -TomTom Sorry, my original report should have been more explicit. Line 748 in Shorewall install.sh refers to install-file where as all others (including Shorewall6) refer to install_file. Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On 8/7/10 8:17 AM, Steven Jan Springl wrote:> On Saturday 07 August 2010 15:29:13 Tom Eastep wrote: >> On 8/7/10 4:00 AM, Steven Jan Springl wrote: >>> Tom >>> >>> Running Shorewall install.sh script produces the following error: >>> >>> 748 install-file: command not found >>> >>> >>> The problem does not occur in Shorewall6. >> >> Steven, >> >> Except for the VERSION assignment, the installer is identical to 4.4.11. >> I suspect that it is being confused by your current environmental >> variable settings. >> >> Please trace its execution and find out where it is going wrong. >> >> Thanks, >> -Tom > > Tom > > Sorry, my original report should have been more explicit. > > Line 748 in Shorewall install.sh refers to install-file where as all others > (including Shorewall6) refer to install_file.Thanks, Steven. I had interpreted your original report to mean the install.sh was failing; I see now that you were simply reporting the failure of a single command. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
Tom In http://www.shorewall.net/configuration_file_basics.htm#Ranges the section PORT RANGES states: If you omit the low port number, a value of zero is assumed If I code the following rule: ACCEPT lan dms tcp :80 then the following message is produced: ERROR: Invalid/Unknown tcp port/service (0) : ...... Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On 8/12/10 8:57 AM, Steven Jan Springl wrote:> Tom > > In http://www.shorewall.net/configuration_file_basics.htm#Ranges > the section PORT RANGES states: > If you omit the low port number, a value of zero is assumed > > If I code the following rule: > > ACCEPT lan dms tcp :80 > > then the following message is produced: > > ERROR: Invalid/Unknown tcp port/service (0) : ......Commit 49053afdcb5aee60ca255cbd46842cd25e0f737b should fix it. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
On Thursday 12 August 2010 17:52:18 Tom Eastep wrote:> On 8/12/10 8:57 AM, Steven Jan Springl wrote: > > Tom > > > > In http://www.shorewall.net/configuration_file_basics.htm#Ranges > > the section PORT RANGES states: > > If you omit the low port number, a value of zero is assumed > > > > If I code the following rule: > > > > ACCEPT lan dms tcp :80 > > > > then the following message is produced: > > > > ERROR: Invalid/Unknown tcp port/service (0) : ...... > > Commit 49053afdcb5aee60ca255cbd46842cd25e0f737b should fix it. > > Thanks, Steven > > -TomTom That''s fixed it. Thanks. Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can''t live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev