Shorewall announce - Apr 2002 - Shorewall 1.2.11 Available

In this release:

1. The ''try'' command now accepts an optional timeout. If the
timeout is
   given in the command, the standard configuration will automatically
   be restarted after the new configuration has been running for that
   length of time. This prevents a remote admin from being locked out
   of the firewall in the case where the new configuration starts but
   prevents access.

2. Kernel route filtering may now be enabled globally using the new
   ROUTE_FILTER parameter in /etc/shorewall/shorewall.conf.

3. Individual IP source addresses and/or subnets may now be excluded
   from masquerading/SNAT.

4. Simple "Yes/No" and "On/Off" values are now
case-insensitive in
   /etc/shorewall/shorewall.conf.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Hi,

I believe I have found a typo in the shorewall script. I couldn''t run
the
"shorewall try" command, every time I tried it it just printed out the
usage
instructions (which doesn''t list the new timeout parameter by the way).
In
the script there is a line:

[ $# -lt 2 -o $# -gt 3 ] || usage 1

about 13 lines form the end. If you change ''||'' to
''&&'' it works better :-).

Another "bug" I found today was that if I insert a
''-'' as the LOG LEVEL in
the policy file (like the instructions in the file say I can do), shorewall
will fail saying that ''-'' is an unknown log level. (Of course
there wasn''t
any real reason to insert a ''-'' since there aren''t
any more columns, but
still...)

Cheers!
Magnus



-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net]On Behalf Of Tom Eastep
Sent: Saturday, 13 April, 2002 16:41
To: Shorewall Users; Shorewall Announcements
Subject: [Shorewall-users] Shorewall 1.2.11 Available


In this release:

1. The ''try'' command now accepts an optional timeout. If the
timeout is
   given in the command, the standard configuration will automatically
   be restarted after the new configuration has been running for that
   length of time. This prevents a remote admin from being locked out
   of the firewall in the case where the new configuration starts but
   prevents access.

2. Kernel route filtering may now be enabled globally using the new
   ROUTE_FILTER parameter in /etc/shorewall/shorewall.conf.

3. Individual IP source addresses and/or subnets may now be excluded
   from masquerading/SNAT.

4. Simple "Yes/No" and "On/Off" values are now
case-insensitive in
   /etc/shorewall/shorewall.conf.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

On Wed, 17 Apr 2002, Magnus Hyllander wrote:
> Hi,
> 
> I believe I have found a typo in the shorewall script. I couldn''t
run the
> "shorewall try" command, every time I tried it it just printed
out the usage
> instructions (which doesn''t list the new timeout parameter by the
way). In
> the script there is a line:
> 
> [ $# -lt 2 -o $# -gt 3 ] || usage 1
> 
> about 13 lines form the end. If you change ''||'' to
''&&'' it works better :-).
>
So true (reaches for paper bag). There''s a corrected version of 
/sbin/shorewall available on the Errata page.
 
> Another "bug" I found today was that if I insert a
''-'' as the LOG LEVEL in
> the policy file (like the instructions in the file say I can do), shorewall
> will fail saying that ''-'' is an unknown log level. (Of
course there wasn''t
> any real reason to insert a ''-'' since there
aren''t any more columns, but
> still...)
> 
Thanks -- I''ve fixed that buglet and will include the fix in the next 
release.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net