Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The ''functions'' and ''version'' files and the ''firewall'' symbolic link have been moved from /var/lib/shorewall to /usr/lib/shorewall to appease the LFS police at Debian. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Perry F Nguyen wrote:> So the behavior has changed in 1.3.9 as well? My STATEDIR (1.3.8) > points to /tmp/shorewall, yet ''restarted'' goes into /var/lib/shorewall. > >There is probably an old ''restarted'' in /var/lib/shorewall -- after you ''shorewall restart'', the active ''restarted'' file will be in /tmp/shorewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Hmm, this is not the behavior I''m seeing... [root@firewall shorewall]# grep STATEDIR /etc/shorewall/shorewall.conf STATEDIR=/tmp/shorewall [root@firewall shorewall]# shorewall version 1.3.8 [root@firewall shorewall]# shorewall restart | tail -1 Shorewall Restarted [root@firewall shorewall]# ls -l /var/lib/shorewall/restarted -rw-r--r-- 1 root root 29 Sep 29 18:40 /var/lib/shorewall/restarted [root@firewall shorewall]# ls /tmp/shorewall/ nat proxyarp> -----Original Message----- > From: shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep > Sent: Sunday, September 29, 2002 6:38 PM > To: Perry F Nguyen > Cc: Shorewall Users List > Subject: Re: [Shorewall-users] Shorewall 1.3.9 > > > Perry F Nguyen wrote: > > So the behavior has changed in 1.3.9 as well? My STATEDIR (1.3.8) > > points to /tmp/shorewall, yet ''restarted'' goes into > > /var/lib/shorewall. > > > > > > There is probably an old ''restarted'' in /var/lib/shorewall -- > after you > ''shorewall restart'', the active ''restarted'' file will be in > /tmp/shorewall. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shor> ewall-users >
Perry F Nguyen wrote:> Hmm, this is not the behavior I''m seeing... > > > [root@firewall shorewall]# grep STATEDIR /etc/shorewall/shorewall.conf > > STATEDIR=/tmp/shorewall > > [root@firewall shorewall]# shorewall version > > 1.3.8 >And your point is? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net