This is the first full release in the new 3.9.1 development branch. It contains four packages: Shorewall-shell - the old shell-based compiler and related components. Shorewall-perl - the new Perl-based compiler. May be installed under Shorewall 3.4.2 or 3.9.1. Shorewall - the part of Shorewall common to both compilers Shorewall-lite - same as the 3.4 version of Shorewall Lite. Can run scripts generated by either Shorewall-perl or Shorewall-shell. If you upgrade to Shorewall 3.9.1, you must install Shorewall-shell and/or Shorewall-perl; in fact, if you are using the tarball for your installation, you must install Shorewall-shell and/or Shorewall-perl *before* you upgrade Shorewall. The 3.9.1 release notes are attached. Users installing Shorewall-perl 3.9.1 under Shorewall 3.4.2, please see the release notes packaged with Shorewall-perl 3.9.1. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote on 12/04/2007 18:50:50:> This is the first full release in the new 3.9.1 development branch. It > contains four packages: > > Shorewall-shell - the old shell-based compiler and related components. > Shorewall-perl - the new Perl-based compiler. May be installed under > Shorewall 3.4.2 or 3.9.1.CentOS 5 is being downloaded, Now we''ve got shorewall-perl 3.9.1. hei, this is a beautifull day here in Rio, sunny and bluesky all around. glorious day - three new firewalls next week. thanks! ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Thursday 12 April 2007 22:50, Tom Eastep wrote:> This is the first full release in the new 3.9.1 development branch. It > contains four packages: > > Shorewall-shell - the old shell-based compiler and related components. > Shorewall-perl - the new Perl-based compiler. May be installed under > Shorewall 3.4.2 or 3.9.1. > Shorewall - the part of Shorewall common to both compilers > Shorewall-lite - same as the 3.4 version of Shorewall Lite. Can run > scripts generated by either Shorewall-perl or Shorewall-shell. > > If you upgrade to Shorewall 3.9.1, you must install Shorewall-shell and/or > Shorewall-perl; in fact, if you are using the tarball for your > installation, you must install Shorewall-shell and/or Shorewall-perl > *before* you upgrade Shorewall. > > The 3.9.1 release notes are attached. Users installing Shorewall-perl 3.9.1 > under Shorewall 3.4.2, please see the release notes packaged with > Shorewall-perl 3.9.1. > > -TomTom I have installed Shorewall & Shorewall-perl in a Debian Etch environment. Shorewall-shell and shorewall-lite have not been installed. While shorewall start & shorewall restart both work, shorewall stop & shorewall clear produce the following error message: ERROR: USE_ACTIONS=Yes requires the Shorewall library actions (/usr/share/shorewall-shell/lib.actions) which is not installed. I have tried setting SHOREWALL_COMPILER=perl in shorewall.conf, but the message is still produced. Is this a bug or have I missed something obvious? If you need the my config files or a trace, please let me know. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> I have installed Shorewall & Shorewall-perl in a Debian Etch environment. > Shorewall-shell and shorewall-lite have not been installed. > > While shorewall start & shorewall restart both work, > shorewall stop & shorewall clear produce the following error message: > > ERROR: USE_ACTIONS=Yes requires the Shorewall library actions > (/usr/share/shorewall-shell/lib.actions) which is not installed. > > I have tried setting SHOREWALL_COMPILER=perl in shorewall.conf, but the > message is still produced. > > Is this a bug or have I missed something obvious? > > If you need the my config files or a trace, please let me know. >Steven, Did you install Shorewall 3.9.1 or Shorewall 3.4.2? Sounds like Shorewall 3.4.2... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Monday 16 April 2007 22:09, Tom Eastep wrote:> Steven Jan Springl wrote: > > I have installed Shorewall & Shorewall-perl in a Debian Etch environment. > > Shorewall-shell and shorewall-lite have not been installed. > > > > While shorewall start & shorewall restart both work, > > shorewall stop & shorewall clear produce the following error message: > > > > ERROR: USE_ACTIONS=Yes requires the Shorewall library actions > > (/usr/share/shorewall-shell/lib.actions) which is not installed. > > > > I have tried setting SHOREWALL_COMPILER=perl in shorewall.conf, but the > > message is still produced. > > > > Is this a bug or have I missed something obvious? > > > > If you need the my config files or a trace, please let me know. > > Steven, > > Did you install Shorewall 3.9.1 or Shorewall 3.4.2? Sounds like Shorewall > 3.4.2... > > -TomTom I installed Shorewall 3.9.1. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> On Monday 16 April 2007 22:09, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> I have installed Shorewall & Shorewall-perl in a Debian Etch environment. >>> Shorewall-shell and shorewall-lite have not been installed. >>> >>> While shorewall start & shorewall restart both work, >>> shorewall stop & shorewall clear produce the following error message: >>> >>> ERROR: USE_ACTIONS=Yes requires the Shorewall library actions >>> (/usr/share/shorewall-shell/lib.actions) which is not installed. >>> >>> I have tried setting SHOREWALL_COMPILER=perl in shorewall.conf, but the >>> message is still produced. >>> >>> Is this a bug or have I missed something obvious? >>> >>> If you need the my config files or a trace, please let me know. >> Steven, >> >> Did you install Shorewall 3.9.1 or Shorewall 3.4.2? Sounds like Shorewall >> 3.4.2... >> >> -Tom > Tom > > I installed Shorewall 3.9.1. >I see the problem. Try the attached patch to /usr/share/shorewall-common/lib.config -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Monday 16 April 2007 22:17, Tom Eastep wrote:> Steven Jan Springl wrote: > > On Monday 16 April 2007 22:09, Tom Eastep wrote: > >> Steven Jan Springl wrote: > >>> I have installed Shorewall & Shorewall-perl in a Debian Etch > >>> environment. Shorewall-shell and shorewall-lite have not been > >>> installed. > >>> > >>> While shorewall start & shorewall restart both work, > >>> shorewall stop & shorewall clear produce the following error message: > >>> > >>> ERROR: USE_ACTIONS=Yes requires the Shorewall library actions > >>> (/usr/share/shorewall-shell/lib.actions) which is not installed. > >>> > >>> I have tried setting SHOREWALL_COMPILER=perl in shorewall.conf, but the > >>> message is still produced. > >>> > >>> Is this a bug or have I missed something obvious? > >>> > >>> If you need the my config files or a trace, please let me know. > >> > >> Steven, > >> > >> Did you install Shorewall 3.9.1 or Shorewall 3.4.2? Sounds like > >> Shorewall 3.4.2... > >> > >> -Tom > > > > Tom > > > > I installed Shorewall 3.9.1. > > I see the problem. > > Try the attached patch to /usr/share/shorewall-common/lib.config > > -TomTom Your patch has solved the problem, thankyou. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> > Your patch has solved the problem, thankyou. >Thank you for testing 3.9. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Monday 16 April 2007 22:50, Tom Eastep wrote:> Steven Jan Springl wrote: > > Your patch has solved the problem, thankyou. > > Thank you for testing 3.9. > > -TomTom There is a similar problem with shorewall add & shorewall delete. They both produce the following error message: ERROR: The add command requires the Shorewall library dynamiczones (/usr/share/shorewall-shell/lib.dynamiczones) which is not installed Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> On Monday 16 April 2007 22:50, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> Your patch has solved the problem, thankyou. >> Thank you for testing 3.9. >> >> -Tom > Tom > > There is a similar problem with shorewall add & shorewall delete. They both > produce the following error message: > > ERROR: The add command requires the Shorewall library dynamiczones > (/usr/share/shorewall-shell/lib.dynamiczones) which is not installedHmmm -- fixing this problem will require moving that library from shorewall-shell to shorewall. Probably won''t make a fix available for that one until 3.9.2. Thanks, Steven, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Monday 16 April 2007 23:13, Tom Eastep wrote:> Steven Jan Springl wrote: > > On Monday 16 April 2007 22:50, Tom Eastep wrote: > >> Steven Jan Springl wrote: > >>> Your patch has solved the problem, thankyou. > >> > >> Thank you for testing 3.9. > >> > >> -Tom > > > > Tom > > > > There is a similar problem with shorewall add & shorewall delete. They > > both produce the following error message: > > > > ERROR: The add command requires the Shorewall library dynamiczones > > (/usr/share/shorewall-shell/lib.dynamiczones) which is not installed > > Hmmm -- fixing this problem will require moving that library from > shorewall-shell to shorewall. Probably won''t make a fix available for that > one until 3.9.2. > > Thanks, Steven, > > -TomTom That''s OK. Steven ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Line 823 of /usr/share/shorewall/lib.base generates a "command not found" message. A patch for this is attached. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven Jan Springl wrote:> Tom > > Line 823 of /usr/share/shorewall/lib.base generates a "command not found" > message. > > A patch for this is attached.Thanks, Jan - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGJBIYO/MAbZfjDLIRAhjqAKCxShu6RMZvNFqtGeUCATswmiWLYQCffIj+ FT5/q8u+8X78sdJqqaeeyRw=VA3Y -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Further testing of 3.9.1 has revealed various problems with rules for ICMP traffic. A rule of the type: ACCEPT lan:192.168.0.3 fw icmp 8 correctly produces an iptables rule: -A lan2fw -s 192.168.0.3 -p icmp -m icmp -icmp-type 8 -j ACCEPT However a rule of type: ACCEPT lan:192.168.0.3 fw icmp incorrectly produces an iptables rule without an icmp protocol: -A lan2fw -s 192.168.0.3 -j ACCEPT Rule: ACCEPT lan:192.168.0.3 fw icmp 0 also produces an iptables rule without a protocol: -A lan2fw -s 192.168.0.3 -j ACCEPT Specifying a rule of type: ACCEPT lan:192.168.0.3 fw icmp 8 4 correctly generates shorewall error: ERROR: SOURCE PORTS(S) not permitted with ICMP ....... However a rule with source port 0: ACCEPT lan:192.168.0.3 fw icmp 8 0 does not produce an error message. A rule with multiple ICMP types: ACCEPT lan:192.168.0.3 fw icmp 8,3 results in an iptables error: iptables-restore v1.3.6: Invalid ICMP type ''8,3'' A patch is attached to correct these problems. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > Further testing of 3.9.1 has revealed various problems with rules for ICMP > traffic. > > A patch is attached to correct these problems.Thanks, Steven! Would you please also upload http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.1/errata/Shorewall/lib.dynamiczones , install it in /usr/share/shorewall/ and retest dynamic zones? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Steven Jan Springl wrote: >> Tom >> >> Further testing of 3.9.1 has revealed various problems with rules for ICMP >> traffic. >> >> A patch is attached to correct these problems. > > Thanks, Steven! > > Would you please also upload > http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-3.9.1/errata/Shorewall/lib.dynamiczones > , install it in /usr/share/shorewall/ and retest dynamic zones?Rats -- there''s also a patch to lib.config required for dynamic zones to work. I''ll have to supply that later -- time to get to work. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/