RC 1 is now available for testing.
1. Additional column/value specification formats are supported; see
http://www.shorewall.net/configuration_file_basics.htm#Pairs for
details.
2. The generated script now uses ''iptables -S'' rather than
''iptables-save'' if the former is supported.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
Tom
When the nat file contains:
{external=10.99.99.85 interface=eth0: internal=192.168.36.1 allints=no}
The following message is produced:
ERROR: EXTERNAL must be specified : /etc/shorewallT6/nat (line 11)
Steven.
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 8, 2011, at 4:00 PM, Steven Jan Springl wrote:> When the nat file contains: > > {external=10.99.99.85 interface=eth0: internal=192.168.36.1 allints=no} > > The following message is produced: > > ERROR: EXTERNAL must be specified : /etc/shorewallT6/nat (line 11)Steven, This patch should fix it. Thanks, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sunday 09 October 2011 01:00:54 Tom Eastep wrote:> On Oct 8, 2011, at 4:00 PM, Steven Jan Springl wrote: > > When the nat file contains: > > > > {external=10.99.99.85 interface=eth0: internal=192.168.36.1 > > allints=no} > > > > The following message is produced: > > > > ERROR: EXTERNAL must be specified : /etc/shorewallT6/nat (line 11) > > Steven, > > This patch should fix it. > > Thanks, > -Tom > > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________Tom Confirmed, the patch has fixed the problem. The "pairs" documentation states that the last column in the nat file is local: {external=10.99.99.85 interface=eth0: internal=192.168.36.1 allints=no local=no} But this produces the following error: ERROR: Unknown column (local) : /etc/shorewallT6/nat (line 11) Looking at the patch you supplied above, the column should be localnat. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 8, 2011, at 5:26 PM, Steven Jan Springl wrote:> The "pairs" documentation states that the last column in the nat file is > local: > > {external=10.99.99.85 interface=eth0: internal=192.168.36.1 allints=no > local=no} > > But this produces the following error: > > ERROR: Unknown column (local) : /etc/shorewallT6/nat (line 11) > > Looking at the patch you supplied above, the column should be localnat. >Steven, Given that the column is labeled LOCAL, I''ve changed to implementation to accept ''local''. Patch attached. Thanks, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sunday 09 October 2011 01:33:26 Tom Eastep wrote:> On Oct 8, 2011, at 5:26 PM, Steven Jan Springl wrote: > > The "pairs" documentation states that the last column in the nat file is > > local: > > > > {external=10.99.99.85 interface=eth0: internal=192.168.36.1 allints=no > > local=no} > > > > But this produces the following error: > > > > ERROR: Unknown column (local) : /etc/shorewallT6/nat (line 11) > > > > Looking at the patch you supplied above, the column should be localnat. > > Steven, > > Given that the column is labeled LOCAL, I''ve changed to implementation to > accept ''local''. > > Patch attached. > > Thanks, > -Tom > > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________Tom Confirmed, the patch has fixed the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 8, 2011, at 5:38 PM, Steven Jan Springl wrote:> > Confirmed, the patch has fixed the issue. >Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
Tom
Netmap entry:
{type=DNAT:O net1=192.168.168.0/24 interface=eth0 net2=10.199.0.0/16
net3=88.88.88.88 proto=tcp dport=102,103}
Produces the following error message:
ERROR: Invalid/Unknown protocol (102,103) : /etc/shorewallT6/netmap (line 11)
Steven.
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 8, 2011, at 5:53 PM, Steven Jan Springl wrote:> Netmap entry: > > {type=DNAT:O net1=192.168.168.0/24 interface=eth0 net2=10.199.0.0/16 > net3=88.88.88.88 proto=tcp dport=102,103} > > Produces the following error message: > > ERROR: Invalid/Unknown protocol (102,103) : /etc/shorewallT6/netmap (line 11)I didn''t seem to be able to count when I did this file. Patch attached. Thanks, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sunday 09 October 2011 02:12:25 Tom Eastep wrote:> On Oct 8, 2011, at 5:53 PM, Steven Jan Springl wrote: > > Netmap entry: > > > > {type=DNAT:O net1=192.168.168.0/24 interface=eth0 net2=10.199.0.0/16 > > net3=88.88.88.88 proto=tcp dport=102,103} > > > > Produces the following error message: > > > > ERROR: Invalid/Unknown protocol (102,103) : /etc/shorewallT6/netmap (line > > 11) > > I didn''t seem to be able to count when I did this file. Patch attached. > > Thanks, > -Tom > > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________Tom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 9, 2011, at 4:46 AM, Steven Jan Springl wrote:> > Confirmed, the patch fixes the issue.Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
Tom The routes config. file is not mentioned in the ''pairs'' documentation. It works using the following column names: provider dest gateway device ---------------------------------------------------------------------------------------------------------- Routestopped entry: ;interface=eth0 hosts=192.168.99.0/24 Produces the following error message: ERROR: INTERFACE must be specified : /etc/shorewallT6/routestopped (line 17) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sun, 2011-10-09 at 14:54 +0100, Steven Jan Springl wrote:> The routes config. file is not mentioned in the ''pairs'' documentation. > It works using the following column names: > > provider dest gateway deviceI''ve updated the doc.> > ---------------------------------------------------------------------------------------------------------- > > Routestopped entry: > > ;interface=eth0 hosts=192.168.99.0/24 > > Produces the following error message: > > ERROR: INTERFACE must be specified : /etc/shorewallT6/routestopped (line 17) >The attached patch should fix that. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sunday 09 October 2011 15:04:28 Tom Eastep wrote:> On Sun, 2011-10-09 at 14:54 +0100, Steven Jan Springl wrote: > > The routes config. file is not mentioned in the ''pairs'' documentation. > > It works using the following column names: > > > > provider dest gateway device > > I''ve updated the doc. > > > ------------------------------------------------------------------------- > >--------------------------------- > > > > Routestopped entry: > > > > ;interface=eth0 hosts=192.168.99.0/24 > > > > Produces the following error message: > > > > ERROR: INTERFACE must be specified : /etc/shorewallT6/routestopped (line > > 17) > > The attached patch should fix that. > > Thanks, Steven > > -TomTom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sun, 2011-10-09 at 15:13 +0100, Steven Jan Springl wrote:> > Confirmed, the patch fixes the issue. >Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
Tom
The ''pairs'' documentation refers to the first column in the
tunnels file
as ''type'' but Shorewall expects ''kind'';
{kind=ipsec:noah zone=wan gateway=1.1.1.5-1.1.1.8 gateway_zone=lan,wan,dms}
Steven.
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
On Sun, 2011-10-09 at 16:35 +0100, Steven Jan Springl wrote:> The ''pairs'' documentation refers to the first column in the tunnels file > as ''type'' but Shorewall expects ''kind''; > > {kind=ipsec:noah zone=wan gateway=1.1.1.5-1.1.1.8 gateway_zone=lan,wan,dms}Corrected by the attached patch. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Sunday 09 October 2011 16:49:51 Tom Eastep wrote:> On Sun, 2011-10-09 at 16:35 +0100, Steven Jan Springl wrote: > > The ''pairs'' documentation refers to the first column in the tunnels file > > as ''type'' but Shorewall expects ''kind''; > > > > {kind=ipsec:noah zone=wan gateway=1.1.1.5-1.1.1.8 > > gateway_zone=lan,wan,dms} > > Corrected by the attached patch. > > Thanks, Steven > > -TomTom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2
On Oct 9, 2011, at 11:09 AM, Steven Jan Springl wrote:> > Confirmed, the patch fixes the issue. >Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2