Shorewall devel - May 2007 - Shorewall 4.0.0 Beta 1

Thanks to the tireless efforts of Steven Springl, I believe that the new
release is stable enough for wider testing.

Since I uploaded an earlier version of the code, please check the MD5SUMs if
you download from a mirror:

c36b649668caa052830bf1cfb42aec5e  shorewall-4.0.0-0Beta1.noarch.rpm
2866b06b33fdbfdbf3141ab3b97c824a  shorewall-lite-4.0.0-0Beta1.noarch.rpm
934f9cbcc80b3c9cf29dc8e1ec32c1b2  shorewall-perl-4.0.0-0Beta1.noarch.rpm
adc4b91ea083f82cd6c6960bf73e3dca  shorewall-shell-4.0.0-0Beta1.noarch.rpm
68a4ac1637f9bcd43dad5c7fa4abfc0b  shorewall-4.0.0-Beta1.tar.bz2
c0a720d4d75c03ae2c768947e7093c40  shorewall-4.0.0-Beta1.tgz
78b70fb9f7f4b83825f0959796a8d9ea  shorewall-docs-html-4.0.0-Beta1.tar.bz2
95c444e51f7de8ccf18b86e266da6935  shorewall-docs-html-4.0.0-Beta1.tgz
02cb62f851aed4e9dbaa7e753e408e16  shorewall-docs-xml-4.0.0-Beta1.tar.bz2
3a5db8638f7b904e30828abd2794092d  shorewall-docs-xml-4.0.0-Beta1.tgz
1ebafdc6ea675ed50f589296f79a342d  shorewall-lite-4.0.0-Beta1.tar.bz2
f8fd4d441d78e5115aba60e4abce9b04  shorewall-lite-4.0.0-Beta1.tgz

The Beta release can be found in the
/pub/shorewall/development/4.0/shorewall-4.0.0-Beta1 directory at the
download sites (with the exception of SourceForge).

As I''m sure you are all aware, the centerpiece of 4.0.0 is
Shorewall-perl,
the new compiler that not only runs much faster than the old compiler but
also does a more thorough job of validating the configuration.
Shorewall-perl also generates iptables-restore input so that the generated
script runs in a fraction of the time of a similar script produced by the
old compiler and does not disable new connections while it is running.

Please read the release notes carefully -- Shorewall-perl is not completely
compatible with the old compiler. The good news is that the old compiler is
still available and is largely unchanged from Shorewall 3.4.

Please pay particular attention to the upgrade instructions. You cannot
simply upgrade the "shorewall" package; you must also install one or
both of
the compilers.

Not all of the documentation included with the release has been updated yet
for 4.0.0 -- please rely on the man pages that are installed as part of the
release (the online man pages are for Shorewall 3.4 only).

I expect the beta period to last throughout the summer with the first
release candidate in September or so.

Happy testing,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom Eastep wrote:
> c36b649668caa052830bf1cfb42aec5e  shorewall-4.0.0-0Beta1.noarch.rpm
> 2866b06b33fdbfdbf3141ab3b97c824a  shorewall-lite-4.0.0-0Beta1.noarch.rpm
> 934f9cbcc80b3c9cf29dc8e1ec32c1b2  shorewall-perl-4.0.0-0Beta1.noarch.rpm
> adc4b91ea083f82cd6c6960bf73e3dca  shorewall-shell-4.0.0-0Beta1.noarch.rpm
> 68a4ac1637f9bcd43dad5c7fa4abfc0b  shorewall-4.0.0-Beta1.tar.bz2
> c0a720d4d75c03ae2c768947e7093c40  shorewall-4.0.0-Beta1.tgz
> 78b70fb9f7f4b83825f0959796a8d9ea  shorewall-docs-html-4.0.0-Beta1.tar.bz2
> 95c444e51f7de8ccf18b86e266da6935  shorewall-docs-html-4.0.0-Beta1.tgz
> 02cb62f851aed4e9dbaa7e753e408e16  shorewall-docs-xml-4.0.0-Beta1.tar.bz2
> 3a5db8638f7b904e30828abd2794092d  shorewall-docs-xml-4.0.0-Beta1.tgz
> 1ebafdc6ea675ed50f589296f79a342d  shorewall-lite-4.0.0-Beta1.tar.bz2
> f8fd4d441d78e5115aba60e4abce9b04  shorewall-lite-4.0.0-Beta1.tgz
Sharp-eyed readers will notice that the above list is missing
shorewall-shell and shorewall-perl tarballs. They are now available at
www1.shorewall.net and ftp1.shorewall.net and will be available at other
download sites shortly.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom

When masq file contains:
	
	eth1  eth0

The following iptables rules are generated:

-A POSTROUTING -o eth1 -j eth1_masq
-A eth1_masq -s 192.168.0.0/24 -j MASQUERADE 
-A eth1_masq -s WARNING: -j MASQUERADE 
-A eth1_masq -s default -j MASQUERADE 
-A eth1_masq -s route -j MASQUERADE 
-A eth1_masq -s ignored -j MASQUERADE 
-A eth1_masq -s on -j MASQUERADE 
-A eth1_masq -s interface -j MASQUERADE 
-A eth1_masq -s eth0 -j MASQUERADE 


Note: the firewall''s default route is via eth0.

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> When masq file contains:
> 	
> 	eth1  eth0
> 
> The following iptables rules are generated:
> 
> -A POSTROUTING -o eth1 -j eth1_masq
> -A eth1_masq -s 192.168.0.0/24 -j MASQUERADE 
> -A eth1_masq -s WARNING: -j MASQUERADE 
> -A eth1_masq -s default -j MASQUERADE 
> -A eth1_masq -s route -j MASQUERADE 
> -A eth1_masq -s ignored -j MASQUERADE 
> -A eth1_masq -s on -j MASQUERADE 
> -A eth1_masq -s interface -j MASQUERADE 
> -A eth1_masq -s eth0 -j MASQUERADE 
Crap. That wasn''t in the original Beta1 -- it sneaked in when I had to
rebuild to get the tarballs to be created with the right names.

Fixed in current SVN.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Here are the updated MD5SUMs


c36b649668caa052830bf1cfb42aec5e  shorewall-4.0.0-0Beta1.noarch.rpm
2866b06b33fdbfdbf3141ab3b97c824a  shorewall-lite-4.0.0-0Beta1.noarch.rpm
934f9cbcc80b3c9cf29dc8e1ec32c1b2  shorewall-perl-4.0.0-0Beta1.noarch.rpm
adc4b91ea083f82cd6c6960bf73e3dca  shorewall-shell-4.0.0-0Beta1.noarch.rpm
98e5aa63e187f1c13b21ddf19407f8f2  shorewall-4.0.0-Beta1.tar.bz2
0e9a8d52c2561ed0c86321b1e5a27948  shorewall-4.0.0-Beta1.tgz
78b70fb9f7f4b83825f0959796a8d9ea  shorewall-docs-html-4.0.0-Beta1.tar.bz2
95c444e51f7de8ccf18b86e266da6935  shorewall-docs-html-4.0.0-Beta1.tgz
02cb62f851aed4e9dbaa7e753e408e16  shorewall-docs-xml-4.0.0-Beta1.tar.bz2
3a5db8638f7b904e30828abd2794092d  shorewall-docs-xml-4.0.0-Beta1.tgz
a1132f73de5559090b548e1989201b4a  shorewall-lite-4.0.0-Beta1.tar.bz2
a1c5f73a5b826ba373f028405784aec8  shorewall-lite-4.0.0-Beta1.tgz
9c2895911ab236c2473887d3d433b417  shorewall-perl-4.0.0-Beta1.tar.bz2
640c738e64f0d90794e139198c74e45a  shorewall-perl-4.0.0-Beta1.tgz
a5b2782558949593fcd28226e49ea3e8  shorewall-shell-4.0.0-Beta1.tar.bz2
21547945fb595b3f6b00ef9a8d792e0a  shorewall-shell-4.0.0-Beta1.tgz

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom

Testing a script to compare the iptables rules generated by shorewall-shell 
and shorewall-perl has hightlighted the following discrepancy:
 
Rule:

	REDIRECT  lan  3128  tcp  443  -  10.1.1.1,10.1.1.2


when compiled with shorewall-shell generates:

	-A lan2fw -p tcp -m tcp --dport 3128 -j ACCEPT


when compiled with shorewall-perl generates:

	-A lan2fw -p tcp -m tcp --dport 3128 -m conntrack --ctorigdst 10.1.1.1 -j
	ACCEPT
	-A lan2fw -p tcp -m tcp --dport 3128 -m conntrack --ctorigdst 10.1.1.2 -j
	ACCEPT

Steven.




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> Testing a script to compare the iptables rules generated by shorewall-shell
> and shorewall-perl has hightlighted the following discrepancy:
>  
> Rule:
> 
> 	REDIRECT  lan  3128  tcp  443  -  10.1.1.1,10.1.1.2
> 
> 
> when compiled with shorewall-shell generates:
> 
> 	-A lan2fw -p tcp -m tcp --dport 3128 -j ACCEPT
> 
> 
> when compiled with shorewall-perl generates:
> 
> 	-A lan2fw -p tcp -m tcp --dport 3128 -m conntrack --ctorigdst 10.1.1.1 -j
> 	ACCEPT
> 	-A lan2fw -p tcp -m tcp --dport 3128 -m conntrack --ctorigdst 10.1.1.2 -j
> 	ACCEPT
> 
Shorewall-perl is actually the more correct.

Roberto: This might be a good project for you to get your feet wet with
designing and coding a bug fix on your own. It is a non-critical bug so
it''s
not anything that needs to be changed ASAP.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom

Masq entry:

	eth0  eth0

and proxyarp entry:

	192.168.10.3  eth0  eth0  No  No

when compiled with shorewall-shell generates:

-A eth0_masq -s 192.168.10.3 -m policy --dir out --pol none -j MASQUERADE 
-A eth0_masq -s 192.168.0.0/255.255.255.0 -m policy --dir out --pol none -j 
MASQUERADE 

but when compiled with shorewall-perl generates:

-A eth0_masq -s 192.168.0.0/255.255.255.0 -j MASQUERADE 

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> Masq entry:
> 
> 	eth0  eth0
> 
> and proxyarp entry:
> 
> 	192.168.10.3  eth0  eth0  No  No
> 
> when compiled with shorewall-shell generates:
> 
> -A eth0_masq -s 192.168.10.3 -m policy --dir out --pol none -j MASQUERADE 
> -A eth0_masq -s 192.168.0.0/255.255.255.0 -m policy --dir out --pol none -j
> MASQUERADE 
> 
> but when compiled with shorewall-perl generates:
> 
> -A eth0_masq -s 192.168.0.0/255.255.255.0 -j MASQUERADE 
> 
This is a consequence of the difference in the order of operations in
the two compilers. Shorewall-shell processes the proxyarp file before
the masq file while shorewall-perl does the opposite. Since it is a
configuration error to masquerade proxy-arped hosts at all, I don''t
believe this difference is a problem.

Thanks, Steven

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom Eastep wrote:
> Steven Jan Springl wrote:
>> Tom
>>
>> Masq entry:
>>
>> 	eth0  eth0
>>
>> and proxyarp entry:
>>
>> 	192.168.10.3  eth0  eth0  No  No
>>
>> when compiled with shorewall-shell generates:
>>
>> -A eth0_masq -s 192.168.10.3 -m policy --dir out --pol none -j
MASQUERADE
>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -m policy --dir out --pol
none -j
>> MASQUERADE 
>>
>> but when compiled with shorewall-perl generates:
>>
>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -j MASQUERADE 
>>
> 
> This is a consequence of the difference in the order of operations in
> the two compilers. Shorewall-shell processes the proxyarp file before
> the masq file while shorewall-perl does the opposite. Since it is a
> configuration error to masquerade proxy-arped hosts at all, I
don''t
> believe this difference is a problem.
Note that in the real-world case where the ADDRESS column of the
proxyarp entry is an external IP:

/etc/shorewall/proxyarp

206.124.146.177	eth1	eth0	No	No

/etc/shorewall/masq:

eth0	eth1

Shorewall shell generates an unwanted MASQUERADE rule:

A eth0_masq -s 206.124.146.177/255.255.255.0 -m policy --dir out --pol
none -j MASQUERADE

This problem is avoided by changing the processing order as I did in
Shorewall-perl.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom Eastep wrote:
> Tom Eastep wrote:
>> Steven Jan Springl wrote:
>>> Tom
>>>
>>> Masq entry:
>>>
>>> 	eth0  eth0
>>>
>>> and proxyarp entry:
>>>
>>> 	192.168.10.3  eth0  eth0  No  No
>>>
>>> when compiled with shorewall-shell generates:
>>>
>>> -A eth0_masq -s 192.168.10.3 -m policy --dir out --pol none -j
MASQUERADE
>>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -m policy --dir out --pol
none -j
>>> MASQUERADE 
>>>
>>> but when compiled with shorewall-perl generates:
>>>
>>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -j MASQUERADE 
>>>
>> This is a consequence of the difference in the order of operations in
>> the two compilers. Shorewall-shell processes the proxyarp file before
>> the masq file while shorewall-perl does the opposite. Since it is a
>> configuration error to masquerade proxy-arped hosts at all, I
don''t
>> believe this difference is a problem.
> 
> Note that in the real-world case where the ADDRESS column of the
> proxyarp entry is an external IP:
> 
> /etc/shorewall/proxyarp
> 
> 206.124.146.177	eth1	eth0	No	No
> 
> /etc/shorewall/masq:
> 
> eth0	eth1
> 
> Shorewall shell generates an unwanted MASQUERADE rule:
> 
> A eth0_masq -s 206.124.146.177/255.255.255.0 -m policy --dir out --pol
> none -j MASQUERADE
> 
> This problem is avoided by changing the processing order as I did in
> Shorewall-perl.
Hmmmm -- just looked at this again and the order in the two compilers is
the same. I''ll take a closer look.

Please stand by.....

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom Eastep wrote:
> Tom Eastep wrote:
>> Tom Eastep wrote:
>>> Steven Jan Springl wrote:
>>>> Tom
>>>>
>>>> Masq entry:
>>>>
>>>> 	eth0  eth0
>>>>
>>>> and proxyarp entry:
>>>>
>>>> 	192.168.10.3  eth0  eth0  No  No
>>>>
>>>> when compiled with shorewall-shell generates:
>>>>
>>>> -A eth0_masq -s 192.168.10.3 -m policy --dir out --pol none -j
MASQUERADE
>>>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -m policy --dir out
--pol none -j
>>>> MASQUERADE 
>>>>
>>>> but when compiled with shorewall-perl generates:
>>>>
>>>> -A eth0_masq -s 192.168.0.0/255.255.255.0 -j MASQUERADE 
>>>>
>>> This is a consequence of the difference in the order of operations
in
>>> the two compilers. Shorewall-shell processes the proxyarp file
before
>>> the masq file while shorewall-perl does the opposite. Since it is a
>>> configuration error to masquerade proxy-arped hosts at all, I
don''t
>>> believe this difference is a problem.
>> Note that in the real-world case where the ADDRESS column of the
>> proxyarp entry is an external IP:
>>
>> /etc/shorewall/proxyarp
>>
>> 206.124.146.177	eth1	eth0	No	No
>>
>> /etc/shorewall/masq:
>>
>> eth0	eth1
>>
>> Shorewall shell generates an unwanted MASQUERADE rule:
>>
>> A eth0_masq -s 206.124.146.177/255.255.255.0 -m policy --dir out --pol
>> none -j MASQUERADE
>>
>> This problem is avoided by changing the processing order as I did in
>> Shorewall-perl.
> 
> Hmmmm -- just looked at this again and the order in the two compilers is
> the same. I''ll take a closer look.
> 
> Please stand by.....
Okay. I found one anomaly; the masq entry that you were seeing with
Shorewall-shell also appeared after a "shorewall restart" with
Shorewall-perl. I fixed that in revision 6427.

The reason that the extra masq entry appears in Shorewall-shell and not
in Shorewall-perl is that Shorewall-perl captures the routes through
eth0 as one of its early steps (before proxy arp is set up); the bug I
fixed was because it was being captured *too* early (before the contents
of /var/lib/shorewall/proxyarp had been processed).

Thanks again, Steven.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom

If interface eth0 has options dhcp and routeback set, the following iptables 
rule is generated by shorewall-perl but not by shorewall-shell:

-A eth0_fwd -o eth0 -p udp -m udp --dport 67:68 -j ACCEPT

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> If interface eth0 has options dhcp and routeback set, the following
iptables
> rule is generated by shorewall-perl but not by shorewall-shell:
> 
> -A eth0_fwd -o eth0 -p udp -m udp --dport 67:68 -j ACCEPT
>
Shorewall-shell generates that rule if it determines that the device is
a bridge. The Shorewall-shell code is broken when using Shorewall-lite
since it occurs during compilation.

Shorewall-perl makes no special provisions for bridges (it doesn''t
support BRIDGING=Yes) and since a bridge must have ''routeback''
with
Shorewall-perl, Shorewall-perl conditions that rule on
''routeback''
rather than on bridging.

So this difference is expected,

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Tom

When a rule contains:

:       # This daft rule contains just a colon in the action field

the following errors are produced:

Use of uninitialized value in pattern match (m//) 
at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1196, <$currentfile> 
line 34.

Use of uninitialized value in hash element 
at /usr/share/shorewall-perl/Shorewall/Rules.pm line 879, <$currentfile>
line
34.

Use of uninitialized value in concatenation (.) or string 
at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56, <$currentfile>
line
34.

  
Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> Tom
> 
> When a rule contains:
> 
> :       # This daft rule contains just a colon in the action field
> 
> the following errors are produced:
> 
> Use of uninitialized value in pattern match (m//) 
> at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1196,
<$currentfile>
> line 34.
> 
> Use of uninitialized value in hash element 
> at /usr/share/shorewall-perl/Shorewall/Rules.pm line 879,
<$currentfile> line
> 34.
> 
> Use of uninitialized value in concatenation (.) or string 
> at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56,
<$currentfile> line
> 34.
Fixed in revision 6433.

Thanks, Steven.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Monday 21 May 2007 20:50, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > When a rule contains:
> > :       # This daft rule contains just a colon in the action field
> >
> > the following errors are produced:
> >
> > Use of uninitialized value in pattern match (m//)
> > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1196,
<$currentfile>
> > line 34.
> >
> > Use of uninitialized value in hash element
> > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 879,
<$currentfile>
> > line 34.
> >
> > Use of uninitialized value in concatenation (.) or string
> > at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56,
<$currentfile>
> > line 34.
>
> Fixed in revision 6433.
>
> Thanks, Steven.
>
> -Tom
Tom

Placing the same rule in a macro produces the following errors:

Use of uninitialized value in hash element 
at /usr/share/shorewall-perl/Shorewall/Rules.pm line 812, <$currentfile>
line
367.

Use of uninitialized value in concatenation (.) or string 
at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56, <$currentfile>
line
367.

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Monday 21 May 2007 20:50, Tom Eastep wrote:
> Steven Jan Springl wrote:
> > Tom
> >
> > When a rule contains:
> > :       # This daft rule contains just a colon in the action field
> >
> > the following errors are produced:
> >
> > Use of uninitialized value in pattern match (m//)
> > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 1196,
<$currentfile>
> > line 34.
> >
> > Use of uninitialized value in hash element
> > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 879,
<$currentfile>
> > line 34.
> >
> > Use of uninitialized value in concatenation (.) or string
> > at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56,
<$currentfile>
> > line 34.
>
> Fixed in revision 6433.
>
> Thanks, Steven.
>
> -Tom
Tom

Placing the same rule in an action produces the following errors:

Use of uninitialized value in concatenation (.) or string 
at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56, <$currentfile>
line
8.

Use of uninitialized value in concatenation (.) or string 
at /usr/share/shorewall-perl/Shorewall/Actions.pm line 329, <$currentfile>
line 8.

Steven.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Steven Jan Springl wrote:
> 
> Placing the same rule in an action produces the following errors:
> 
> Use of uninitialized value in concatenation (.) or string 
> at /usr/share/shorewall-perl/Shorewall/Macros.pm line 56,
<$currentfile> line
> 8.
> 
> Use of uninitialized value in concatenation (.) or string 
> at /usr/share/shorewall-perl/Shorewall/Actions.pm line 329,
<$currentfile>
> line 8.
Both macros and actions are fixed in 6434.

Thanks, Steven

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/