Hi all, We are trying to upgrade to iptables 1.4.1+ however the ipp2p module now it is included in the xtables-addons modules. In the xtables-addons modules the commad line for ipp2p is changed and the -m ipp2p --ipp2p option is not supported anymore .... instead the maintainer requires that we use -m ipp2p --bit ... -m ipp2p --kaza for each different P2P protocol. as a result shorewall does not recognize the existence of ipp2p support. we are currently using shorewall version 3.4.8 but the same problem occurs for other versions of shorewall ( 4.0.9.1 shell ) also ... Please advise Kind regards, Harry Lachanas. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
I include the maintainers option on the issue ..> There seems to be a problem for some of us trying to combine > > xtables-addons and shorewall .... in your code of ipp2p support you > > have exluded the command line option -m ipp2p --ipp2p as it is used > > in shorewall and as I presume in many other sh netfilter > > applications as a result shorewall is unable to detect the > > existence of ipp2p support in the kernel and also the combined > > command if --ipp2p now must be specified for all separate protocols > > ( --kaza, --bit ... etc ).... >Correct. I felt that --ipp2p is a very ambiguous option — “does it include protocol XYZ or not?” — so it has been removed. Any scripts should be adjusted. There is no workaround other than to modify libxt_ipp2p.c and add it back, but I will not be making this change in the repository. Harry Lachanas. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Harry Lachanas wrote:> Hi all, > > We are trying to upgrade to iptables 1.4.1+ > however the ipp2p module now it is included in the xtables-addons modules. > > In the xtables-addons modules the commad line for ipp2p is changed > and the > -m ipp2p --ipp2p > option is not supported anymore .... > instead the maintainer requires that we use -m ipp2p --bit ... -m ipp2p > --kaza for each different P2P protocol. > > as a result shorewall does not recognize the existence of ipp2p support. > > we are currently using shorewall version > 3.4.8 > > but the same problem occurs for other versions of shorewall ( 4.0.9.1 > shell ) also ... > > Please adviseShorwall 3 is no longer supported so if you want to stay on that version, you will have to make the change yourself. It''s in lib.base around line 1026. We will provide updates to the 4.x shorewall-common and shorewall-perl releases soon. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Shorewall Geek wrote:> > We will provide updates to the 4.x shorewall-common and shorewall-perl > releases soon. >I presume that this latest and greatest ipp2p still supports the --edk match option? ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Hi shorewall Geek thanks for the ans...
Here is the code portion for any members out there that are skeptical
about this ....
{.name = "edk", .has_arg = false, .val = ''2''},
{.name = "dc", .has_arg = false, .val = ''7''},
{.name = "gnu", .has_arg = false, .val = ''9''},
{.name = "kazaa", .has_arg = false, .val = ''a''},
{.name = "bit", .has_arg = false, .val = ''b''},
{.name = "apple", .has_arg = false, .val = ''c''},
{.name = "soul", .has_arg = false, .val = ''d''},
{.name = "winmx", .has_arg = false, .val = ''e''},
{.name = "ares", .has_arg = false, .val = ''f''},
{.name = "mute", .has_arg = false, .val = ''g''},
{.name = "waste", .has_arg = false, .val = ''h''},
{.name = "xdcc", .has_arg = false, .val = ''i''},
{.name = "debug", .has_arg = false, .val = ''j''},
{NULL},
Regards,
Harry
> Shorewall Geek wrote:
>
>
>> We will provide updates to the 4.x shorewall-common and shorewall-perl
>> releases soon.
>>
>>
>
> I presume that this latest and greatest ipp2p still supports the --edk
> match option?
>
>
------------------------------------------------------------------------------
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can''t happen without you. Join us at MIX09
to help
> pave the way to the Next Web now. Learn more and register at
>
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you. Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Harry Lachanas wrote:> Hi shorewall Geek thanks for the ans... > > Here is the code portion for any members out there that are skeptical > about this ....I''ve installed xtable-addons+iptables 1.4.1.1 and I''ve tested a fix for Shorewall 4.2. The fix is in SVN and I''ll create a point release shortly. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Shorewall Geek
2008-Dec-05 17:36 UTC
Shorewall-4.2.2.1 (was xtables-addons+iptables-1.4.1+)
Shorewall Geek wrote:> Harry Lachanas wrote: >> Hi shorewall Geek thanks for the ans... >> >> Here is the code portion for any members out there that are skeptical >> about this .... > > I''ve installed xtable-addons+iptables 1.4.1.1 and I''ve tested a fix for > Shorewall 4.2. The fix is in SVN and I''ll create a point release shortly.Shorewall 4.2.2.1 has just been uploaded to www1.shorewall.net and to Sourceforge. It will be at the other mirror sites shortly. This change allows Shorewall to correctly detect the latest version of IPP2P. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/