Beta 1 is now available for testing.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) If the current environment exported the VERBOSE variable with a
non-zero value, then startup would fail.
2) If a route existed for an entire RFC1918 subnet (10.0.0.0/8,
172.20.0.0/12 or 192.168.0.0/16), then setting
NULL_ROUTE_RFC1918=Yes would cause the route to be replaced with an
''unreachable'' one.
3) Shorewall6 failed to start correctly if all the following were true:
- Shorewall was installed using the tarball. It may have
subsequently been installed using a distribution-specific package
or the rpm from shorewall.net without first unstalling the
tarball components.
- Shorewall6 was installed using a distribution-specific package or
the rpm from shorewall.net.
- The file /etc/shorewall6/init was not created.
4) If an interface with physical=''+'' is given the
''optional'' or
''required'', then invalid shell variables names were
generated by the
compiler.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Previously, /usr/share/shorewall/compiler.pl expected the contents
of the params file to be passed in the environment. Now, the
compiler invokes a small shell program
(/usr/share/shorewall/getparams) to process the file and to pass
the (variable,value) pairs back to the compiler.
Shell variable expansion uses the value from the params file if the
parameter was set in that file. Otherwise the current environment
is used. If the variable does not appear in either place, an error
message is generated.
2) Shared IPv4/IPv6 traffic shaping configuraiton is now
available. The device and class configuration can be included in
either the Shorewall or the Shorewall6 configuration. To place it
in the Shorewall configuration:
a) Set TC_ENABLED=Internal in shorewall.conf
b) Set TC_ENABLED=Shared in shorewall6.conf
c) Create symbolic link /etc/shorewall6/tcdevices pointing to
/etc/shorewall/tcdevices.
d) Create symbolic link /etc/shorewall6/tcclasses pointing to
/etc/shorewall/tcclasses.
e) Entries for both IPv4 and IPv6 can be included in
/etc/shorewall/tcfilters. This file has been extended to allow
both IPv4 and IPv6 entries to be included in a single file.
f) Packet marking rules are included in both configurations''
tcrules file as needed. CLASSIFY rules in
/etc/shorewall6/tcrules are validated against the Shorewall TC
configuration.
In this setup, the tcdevices and tcclasses will only be updated
when Shorewall is restarted. The IPv6 marking rules are updated
when Shorewall6 is restarted.
The above configuration may be reversed to allow Shorewall6 to
control the TC configuration.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
Tom Issuing ''shorewall start'' produces the following messages: Processing /etc/shorewall/params ... /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while looking for matching `"'' /usr/share/shorewall//getparams: eval: line 33: syntax error: unexpected end of file A copy of my params file is attached. Steven. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On 11/17/10 1:07 PM, Steven Jan Springl wrote:> Tom > > Issuing ''shorewall start'' produces the following messages: > > Processing /etc/shorewall/params ... > /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while looking > for matching `"'' > /usr/share/shorewall//getparams: eval: line 33: syntax error: unexpected end > of file > > A copy of my params file is attached.Hmmm -- that params file works fine for me. Sure that''s the one that is failing? It''s nothing but comments. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On 11/17/10 1:07 PM, Steven Jan Springl wrote:> Tom > > Issuing ''shorewall start'' produces the following messages: > > Processing /etc/shorewall/params ... > /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while looking > for matching `"'' > /usr/share/shorewall//getparams: eval: line 33: syntax error: unexpected end > of file > > A copy of my params file is attached.What does the output of ''env'' look like before you try to start? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On Wednesday 17 November 2010 21:59:54 Tom Eastep wrote:> On 11/17/10 1:07 PM, Steven Jan Springl wrote: > > Tom > > > > Issuing ''shorewall start'' produces the following messages: > > > > Processing /etc/shorewall/params ... > > /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while > > looking for matching `"'' > > /usr/share/shorewall//getparams: eval: line 33: syntax error: unexpected > > end of file > > > > A copy of my params file is attached. > > What does the output of ''env'' look like before you try to start? > > -TomTom The output from ''env'' is attached. Steven. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On 11/17/10 2:06 PM, Steven Jan Springl wrote:> On Wednesday 17 November 2010 21:59:54 Tom Eastep wrote: >> On 11/17/10 1:07 PM, Steven Jan Springl wrote: >>> Tom >>> >>> Issuing ''shorewall start'' produces the following messages: >>> >>> Processing /etc/shorewall/params ... >>> /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while >>> looking for matching `"'' >>> /usr/share/shorewall//getparams: eval: line 33: syntax error: unexpected >>> end of file >>> >>> A copy of my params file is attached. >> >> What does the output of ''env'' look like before you try to start? >> >> -Tom > > Tom > > The output from ''env'' is attached.Please try the attached copy of getparams. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On Wednesday 17 November 2010 22:35:21 Tom Eastep wrote:> On 11/17/10 2:06 PM, Steven Jan Springl wrote: > > On Wednesday 17 November 2010 21:59:54 Tom Eastep wrote: > >> On 11/17/10 1:07 PM, Steven Jan Springl wrote: > >>> Tom > >>> > >>> Issuing ''shorewall start'' produces the following messages: > >>> > >>> Processing /etc/shorewall/params ... > >>> /usr/share/shorewall//getparams: eval: line 32: unexpected EOF while > >>> looking for matching `"'' > >>> /usr/share/shorewall//getparams: eval: line 33: syntax error: > >>> unexpected end of file > >>> > >>> A copy of my params file is attached. > >> > >> What does the output of ''env'' look like before you try to start? > >> > >> -Tom > > > > Tom > > > > The output from ''env'' is attached. > > Please try the attached copy of getparams. > > Thanks, > -TomTom No, that doesn''t work either. The messages are essentially the same, apart from: matching `'''' instead of: matching `"` Steven ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
Tom If I ssh to the firewall using IPv4 the problem still occurs. If I log on at the machine, rather than using ssh the problem does not occur. I have attached a copy of the "env" ouput for this. Steven. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On 11/17/10 3:47 PM, Steven Jan Springl wrote:> Tom > > If I ssh to the firewall using IPv4 the problem still occurs. > > If I log on at the machine, rather than using ssh the problem does not occur. > I have attached a copy of the "env" ouput for this.Please try this one, Steven. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On Thursday 18 November 2010 00:31:07 Tom Eastep wrote:> On 11/17/10 3:47 PM, Steven Jan Springl wrote: > > Tom > > > > If I ssh to the firewall using IPv4 the problem still occurs. > > > > If I log on at the machine, rather than using ssh the problem does not > > occur. I have attached a copy of the "env" ouput for this. > > Please try this one, Steven. > > -TomTom That seems to work. Thanks. Steven. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
On 11/17/10 4:46 PM, Steven Jan Springl wrote:> That seems to work. Thanks.Thank *you* for testing. I couldn''t reproduce the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev