Shorewall devel - Jan 2011 - Shorewall 4.4.16 RC 1

Shorewall 4.4.16-RC1 is now available for download.

There is one known problem:

1)  If the parameters to an action contain ":", then the @params array
    visible to an extension script for the action is truncated at the
    ":".

That problem is corrected by the attached patch.

	patch /usr/share/shorewall/Shorewall/Rules < COLON-RC1.patch

Thank you for testing,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

Tom

In the attached config. rules file entry:

COUNT:warn  lan  tst

produces the following error message:

ERROR: Internal error in Shorewall::Chains::expand_rule 
at /usr/share/shorewall/Shorewall/Chains.pm line 3852 : /etc/shorewallC/rules 
(line 15)

Steven.


------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/3/11 1:22 PM, Steven Jan Springl wrote:
> Tom
> 
> In the attached config. rules file entry:
> 
> COUNT:warn  lan  tst
> 
> produces the following error message:
> 
> ERROR: Internal error in Shorewall::Chains::expand_rule 
> at /usr/share/shorewall/Shorewall/Chains.pm line 3852 :
/etc/shorewallC/rules
> (line 15)
The attached patch seems to resolve this problem.

Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On Monday 03 January 2011 22:07:48 Tom Eastep wrote:
> The attached patch seems to resolve this problem.
>
> Thanks, Steven
>
> -Tom
Tom

The patch works for me too. Thanks.

Steven.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/3/11 3:22 PM, Steven Jan Springl wrote:
> On Monday 03 January 2011 22:07:48 Tom Eastep wrote:
>> The attached patch seems to resolve this problem.
> The patch works for me too. Thanks.
Thanks for the confirmation, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

Tom

If the rule is changed to:

COUNT()  lan  tst

the following message is produced:

iptables-restore v1.4.10: Couldn''t load target 
`COUNT()'':/usr/local/libexec/xtables/libipt_COUNT().so: cannot open
shared
object file: No such file or directory

---------------------------------------------------------------------------------------------------------------------

If the rule is changed to:

COUNT():warn  lan  tst

the following message is produced:

ERROR: Internal error in Shorewall::Chains::delete_jumps 
at /usr/share/shorewall/Shorewall/Chains.pm line 1165

Steven.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/3/11 3:49 PM, Steven Jan Springl wrote:
> If the rule is changed to:
> 
> COUNT()  lan  tst
> 
> the following message is produced:
> 
> iptables-restore v1.4.10: Couldn''t load target 
> `COUNT()'':/usr/local/libexec/xtables/libipt_COUNT().so: cannot
open shared
> object file: No such file or directory
> 
>
---------------------------------------------------------------------------------------------------------------------
> 
> If the rule is changed to:
> 
> COUNT():warn  lan  tst
> 
> the following message is produced:
> 
> ERROR: Internal error in Shorewall::Chains::delete_jumps 
> at /usr/share/shorewall/Shorewall/Chains.pm line 1165
Steven,

Here''s a patch that generates an error in these cases. Don''t
know if I
totally like this solution but it''s simple and efficient.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On Tuesday 04 January 2011 01:05:53 Tom Eastep wrote:
>
> Here''s a patch that generates an error in these cases.
Don''t know if I
> totally like this solution but it''s simple and efficient.
>
> Thanks,
> -Tom
Tom

Confirmed, it catches both errors. Thanks.

Steven.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/3/11 5:17 PM, Steven Jan Springl wrote:
> 
> Confirmed, it catches both errors. Thanks.
> 
Thanks, Steven.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

Tom

In the attached config. rule:

Limit(ssh,5,10):warn:garbage  lan  tst  tcp  22

generates the following iptables rule:

-A %Limit% garbage-j LOG --log-level 4 --log-prefix
"Shorewall:ssh:DROP:"

which produces the following message:

Bad argument `garbage-j''

Steven.


------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/5/11 4:59 PM, Steven Jan Springl wrote:
> Tom
> 
> In the attached config. rule:
> 
> Limit(ssh,5,10):warn:garbage  lan  tst  tcp  22
> 
> generates the following iptables rule:
> 
> -A %Limit% garbage-j LOG --log-level 4 --log-prefix
"Shorewall:ssh:DROP:"
> 
> which produces the following message:
> 
> Bad argument `garbage-j''
Thanks, Steven

The attached patch seems to correct the problem.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On Thursday 06 January 2011 01:19:18 Tom Eastep wrote:
>
> The attached patch seems to correct the problem.
>
> -Tom
Tom

I can confirm the patch works for me too. Thanks.

Steven.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

On 1/5/11 5:30 PM, Steven Jan Springl wrote:
> I can confirm the patch works for me too. Thanks.
Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl