Shorewall announce - Jul 2003 - Snapshot 1.4.6_20030726

http://shorewall.net/pub/shorewall/Snapshots
ftp://shorewall.net/pub/shorewall/Snapshots

Problems Corrected since version 1.4.6:

1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was
   being tested before it was set.

2) Corrected handling of MAC addresses in the SOURCE column of the
   tcrules file. Previously, these addresses resulted in an invalid
   iptables command.

Migration Issues:

1) Once you have installed this version of Shorewall, you must 
   restart Shorewall before you may use the ''drop'',
''reject'', ''allow''
   or ''save'' commands.

2) To maintain strict compatibility with previous versions, current
   uses of "shorewall drop" and "shorewall reject" should be
replaced
   with "shorewall dropall" and "shorewall rejectall". 

New Features:

1) Shorewall now creates a dynamic blacklisting chain for each interface
   defined in /etc/shorewall/interfaces. The ''drop'' and
''reject''
   commands use the routing table to determine which of these chains is
   to be used for blacklisting the specified IP address(es).

   Two new commands (''dropall'' and
''rejectall'') have been introduced
   that do what ''drop'' and ''reject'' used to
do; namely, when an address
   is blacklisted using these new commands, it will be blacklisted on
   all of your firewall''s interfaces.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom;
 Having installed the latest Shorewall snapshot I get the following error 
message repeated 12 times from the shorewall check command:
         /usr/share/shorewall/firewall: line 1: chain_base: command not found 
       
This is followed by the message:
         Warning: Zone wan is empty

My interface file contains:
#ZONE    INTERFACE      BROADCAST       OPTIONS
wan      ppp5           -               logunclean,tcpflags #,norfc1918
wan      ppp+           -               logunclean,tcpflags,norfc1918
wan      eth3   detect          logunclean,tcpflags,routefilter,dhcp,norfc1918
lan      eth4           192.168.0.255   routefilter,logunclean,tcpflags
#lan     eth0           192.168.0.255   routefilter,logunclean,tcpflags
#lan     eth1           192.168.1.255   routefilter,logunclean,tcpflags
#lan     eth2           192.168.2.255   routefilter,logunclean,tcpflags
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

The ouput from the shorewall debug check command is attached.
I have not tried the shorewall start or restart commands.

Steven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shorewall.zip
Type: application/x-zip
Size: 16131 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030726/49d2e467/shorewall.bin

On Sat, 2003-07-26 at 13:50, Steven Jan Springl wrote:
> Tom;
>  Having installed the latest Shorewall snapshot I get the following error 
> message repeated 12 times from the shorewall check command:
>          /usr/share/shorewall/firewall: line 1: chain_base: command not
found
>        
Somehow, the wrong version of /usr/share/shorewall/functions was
included in the .tgz and in the .rpm. The correct version is attached
and the download site has been corrected.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: functions
Type: text/x-sh
Size: 9806 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030726/a16dc759/functions-0001.bin

> On Sat, 2003-07-26 at 13:50, Steven Jan Springl wrote:
>> Tom;
>>  Having installed the latest Shorewall snapshot I get the following
>> error
>> message repeated 12 times from the shorewall check command:
>>          /usr/share/shorewall/firewall: line 1: chain_base: command not
>> found
>>
>
> Somehow, the wrong version of /usr/share/shorewall/functions was
> included in the .tgz and in the .rpm. The correct version is attached
> and the download site has been corrected.
Tom, did you replace the rpm with the same name? I downloaded it right now
and I got this:

   Zones: net loc
Validating interfaces file...
/usr/share/shorewall/firewall: chain_base: command not found
/usr/share/shorewall/firewall: chain_base: command not found
Validating hosts file...
Determining Hosts in Zones...
/usr/share/shorewall/firewall: chain_base: command not found
/usr/share/shorewall/firewall: chain_base: command not found
/usr/share/shorewall/firewall: chain_base: command not found
/usr/share/shorewall/firewall: chain_base: command not found
   Net Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0
   Warning: Zone loc is empty
Validating policy file...

Regards,
Simon
>
> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
> http://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm