search for: separate_list

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

hello , i''m currently trying to set-up Traffic Shapping with Shorewall and I have strong feelings that I found a bug. I may be mistaken, but I tried everything and can''t get it to work. I''ve turned ON TC_ENABLED=Yes and CLEAR_TC=Yes when i start shorewall ( shorewall start ), i get this message : Setting up Traffic Control Rules... TC Rule "2 eth1 0.0.0.0/0 tcp

...loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o '''' = No ne -o '''' = none -o '''' = None '']'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' ++ separate_list www ++ echo www ++ sed ''s/,/ /g'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' + add_a_rule + cli= + ''['' -n - '...

...loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o '''' = No ne -o '''' = none -o '''' = None '']'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' ++ separate_list www ++ echo www ++ sed ''s/,/ /g'' ++ separate_list - ++ echo - ++ sed ''s/,/ /g'' + add_a_rule + cli= + ''['' -n - '...

...@@ -1344,6 +1344,7 @@ run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options else run_iptables -A $inchain -p udp -s $1 --dport 500 $options + run_iptables -A $inchain -p udp -s $1 --dport 4500 $options fi for z in `separate_list $3`; do -- Tuomo Soini <tis@foobar.fi> http://tis.foobar.fi/

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

...ocal/cvs/Shorewall/firewall,v retrieving revision 1.146 diff -a -u -r1.146 firewall --- firewall 19 Dec 2002 20:14:10 -0000 1.146 +++ firewall 19 Dec 2002 21:14:14 -0000 @@ -597,7 +597,7 @@ eval ${interface}_zone="$z" eval ${interface}_options=\"$options\" - for option in `separate_list $options`; do + for option in $options; do case $option in dhcp|noping|filterping|routestopped|norfc1918|multi|tcpflags) ;; @@ -2160,8 +2160,8 @@ if [ "$loglevel" = ULOG ]; then run_iptables2 -A $chain $proto $multiport \ $state $cli $sports $ser...

Hi folks, When we first started talking about Shorewall post-Tom, a few people offered to help with testing. Would those people please raise their hands again? :-) I''m investigating Nicolas Helleringer''s recent message on shorewall-users (http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html), and a good test environment would come in really handy,

...=eth0_masq + ''['' -n '''' '']'' + addrlist= + ''['' -n '''' '']'' + ''['' -n 192.168.4.0/24 '']'' + ''['' -n '''' '']'' ++ separate_list 0.0.0.0/0 ++ local list ++ local part ++ local newlist ++ list=0.0.0.0/0 ++ part=0.0.0.0/0 ++ newlist=0.0.0.0/0 ++ ''['' x0.0.0.0/0 ''!='' x0.0.0.0/0 '']'' ++ echo 0.0.0.0/0 + addnatrule eth0_masq -s 192.168.4.0/24 -d 0.0.0.0/0 -j MASQUERADE + ensuren...

Hi, it seems not to be possible to add more than one host at once to a zone. So shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface. --snip -- iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter than IFNAMSIZ (15) Try `iptables -h'' or ''iptables

...39;['' 4 -gt 1 '']'' + shift + ''['' xloc = xloc '']'' + return 0 + list_search eth1 + local e=eth1 + ''['' 1 -gt 1 '']'' + return 1 + wildcard= + case $interface in + ALL_INTERFACES='' eth1'' ++ separate_list dhcp ++ local list=dhcp ++ local part ++ local newlist ++ local firstpart ++ local lastpart ++ local enclosure ++ case "$list" in ++ list=dhcp ++ part=dhcp ++ newlist=dhcp ++ ''['' xdhcp ''!='' xdhcp '']'' ++ echo dhcp + options=dhcp ++ chai...