Shorewall announce - Mar 2003 - Shorewall 1.4.1a

Rather than have lots of folks downloading a version with a broken
''check''
command, I''ve released 1.4.1a that corrects the problem.

Sorry for the back-to-back releases today...

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.sf.net
Washington USA  \ teastep@shorewall.net

Tom;
         During testing I have encountered a problem with icmp and 
mutiport=yes.
         
	ACCEPT    fw  lan  icmp  8,13
  
is ok if multiport=no is used, but if multiport=yes is used  then the    
following error message is displayed:
         iptables v.1.2.7a:  Invalid ICMP type ''8,13''

The iptables docs states that multiport rules are only supported for TCP and 
UDP.
Should Shorewall support this? The Shorewall docs are not clear on this point.


On the ftp.shorewall.net site,

      LATEST.rpm points to shorewall-1.4.1a.lrp
and
      LATEST.lrp points to shorewall-1.4.1.lrp


Steven Springl

On Mon, 24 Mar 2003, Steven Jan Springl wrote:
> Tom;
>          During testing I have encountered a problem with icmp and 
> mutiport=yes.
>          
> 	ACCEPT    fw  lan  icmp  8,13
>   
> is ok if multiport=no is used, but if multiport=yes is used  then the    
> following error message is displayed:
>          iptables v.1.2.7a:  Invalid ICMP type ''8,13''
> 
> The iptables docs states that multiport rules are only supported for TCP
and
> UDP.
> Should Shorewall support this? The Shorewall docs are not clear on this
point.
> 
It was my intention that ICMP types must be specified one per rule.
> 
> On the ftp.shorewall.net site,
> 
>       LATEST.rpm points to shorewall-1.4.1a.lrp
> and
>       LATEST.lrp points to shorewall-1.4.1.lrp
> 
> 
I''m about to get rid of those %$#@ LATEST.* symbolic links since I
never
seem to be able to set them right.

Thanks,
-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.sf.net
Washington USA  \ teastep@shorewall.net

On Monday 24 March 2003 22:06, Tom Eastep wrote:
> On Mon, 24 Mar 2003, Steven Jan Springl wrote:
> > Tom;
> >          During testing I have encountered a problem with icmp and
> > mutiport=yes.
> >
> > 	ACCEPT    fw  lan  icmp  8,13
> >
> > is ok if multiport=no is used, but if multiport=yes is used  then the
> > following error message is displayed:
> >          iptables v.1.2.7a:  Invalid ICMP type
''8,13''
> >
> > The iptables docs states that multiport rules are only supported for
TCP
> > and UDP.
> > Should Shorewall support this? The Shorewall docs are not clear on
this
> > point.
>
> It was my intention that ICMP types must be specified one per rule.
Thanks,
             Steven.

I for one would love to see LATEST go away.
I just downloaded LATEST.rpm and am not sure what sort of file I actually 
got.  I just went back to your browse option, found the 1.4.1a rpm and
got that.  The LATEST just wasted my time.



-- 
Steve Herber	herber@thing.com	work: 206-221-7262
Security Engineer, AMCIS, UoW		home: 425-454-2399

On Mon, 24 Mar 2003, Tom Eastep wrote:
> On Mon, 24 Mar 2003, Steven Jan Springl wrote:
> 
> > Tom;
> >          During testing I have encountered a problem with icmp and 
> > mutiport=yes.
> >          
> > 	ACCEPT    fw  lan  icmp  8,13
> >   
> > is ok if multiport=no is used, but if multiport=yes is used  then the
> > following error message is displayed:
> >          iptables v.1.2.7a:  Invalid ICMP type
''8,13''
> > 
> > The iptables docs states that multiport rules are only supported for
TCP and
> > UDP.
> > Should Shorewall support this? The Shorewall docs are not clear on
this point.
> > 
> 
> It was my intention that ICMP types must be specified one per rule.
> 
> > 
> > On the ftp.shorewall.net site,
> > 
> >       LATEST.rpm points to shorewall-1.4.1a.lrp
> > and
> >       LATEST.lrp points to shorewall-1.4.1.lrp
> > 
> > 
> 
> I''m about to get rid of those %$#@ LATEST.* symbolic links since I
never
> seem to be able to set them right.
> 
> Thanks,
> -Tom
>

On Mon, 24 Mar 2003, Steve Herber wrote:
> I for one would love to see LATEST go away.
> I just downloaded LATEST.rpm and am not sure what sort of file I actually 
> got.
As Steven pointed out, you got the .lrp.
> I just went back to your browse option, found the 1.4.1a rpm and
> got that.  The LATEST just wasted my time.
> 
Except for LATEST.samples, these links go away with the next rsync.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.sf.net
Washington USA  \ teastep@shorewall.net