Shorewall devel - Jul 2011 - Shorewall 4.4.21 RC 3

RC 3 is now available for testing.

Problems corrected:

1)  The Shorewall and Shorewall6 ''load'' and
''reload'' commands
    previously used the setting of RSH_COMMAND and RCP_COMMAND from
    /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf).

    These commands now use the .conf file in the current working
    directory.

2)  The new parameterized Drop and Reject actions are now available
    in Shorewall6. They were overlooked in the previous RCs.

Thank you for testing.

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

Tom

If shorewall6 rules file contains:

ACCEPT  lan:eth0:+set3  wan

The following message is produced:

ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line 24)

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Fri, 2011-07-08 at 23:37 +0100, Steven Jan Springl wrote:
> If shorewall6 rules file contains:
> 
> ACCEPT  lan:eth0:+set3  wan
> 
> The following message is produced:
> 
> ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line 24)
This should fix you up, Steven

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Friday 08 July 2011 23:55:23 Tom Eastep wrote:
> On Fri, 2011-07-08 at 23:37 +0100, Steven Jan Springl wrote:
> > If shorewall6 rules file contains:
> >
> > ACCEPT  lan:eth0:+set3  wan
> >
> > The following message is produced:
> >
> > ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line
24)
>
> This should fix you up, Steven
>
> Thanks,
> -Tom
Tom

Confirmed, that''s fixed it. Thanks.

Steven.



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

Tom

If shorewall6 rules file contains:

ACCEPT  lan:eth0:!+set3  wan

The following message is produced:

ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24)

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

On Jul 8, 2011, at 4:09 PM, Steven Jan Springl wrote:
> If shorewall6 rules file contains:
> 
> ACCEPT  lan:eth0:!+set3  wan
> 
> The following message is produced:
> 
> ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24)
> 
This seems to fix it.

Thanks, Steven

-Tom



Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Saturday 09 July 2011 00:29:29 Tom Eastep wrote:
> On Jul 8, 2011, at 4:09 PM, Steven Jan Springl wrote:
> > If shorewall6 rules file contains:
> >
> > ACCEPT  lan:eth0:!+set3  wan
> >
> > The following message is produced:
> >
> > ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24)
>
> This seems to fix it.
>
> Thanks, Steven
>
> -Tom
Tom

Confirmed, the patch has fixed the issue. Thanks.

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Jul 8, 2011, at 4:01 PM, Steven Jan Springl wrote:
> 
> Confirmed, that''s fixed it. Thanks.
> 
Thanks, Steven

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Jul 8, 2011, at 4:39 PM, Steven Jan Springl wrote:
> 
> Confirmed, the patch has fixed the issue. Thanks.
> 
Thanks, Steven

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

Tom

Shorewall6 rule:

ACCEPT  wan  lan:!+set4

produces the following error message:

ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25)

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Jul 9, 2011, at 2:43 PM, Steven Jan Springl wrote:
> 
> Shorewall6 rule:
> 
> ACCEPT  wan  lan:!+set4
> 
> produces the following error message:
> 
> ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25)
This patch seems to fix the problem.

Thanks, Steven

-Tom





Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Saturday 09 July 2011 23:35:07 Tom Eastep wrote:
> On Jul 9, 2011, at 2:43 PM, Steven Jan Springl wrote:
> > Shorewall6 rule:
> >
> > ACCEPT  wan  lan:!+set4
> >
> > produces the following error message:
> >
> > ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25)
>
> This patch seems to fix the problem.
>
> Thanks, Steven
>
> -Tom
Tom

Confirmed, that''s fixed it. Thanks.

Steven.


------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Jul 9, 2011, at 3:43 PM, Steven Jan Springl wrote:
> 
> Confirmed, that''s fixed it. Thanks.
Thanks, Steven

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

Tom

If shorewall6 hosts contains:

abc  eth2:+set1

The following message is produced:

ERROR: Invalid HOST(S) column contents: eth2:+set1 : /etc/shorewall66/hosts 
(line 15)

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Jul 9, 2011, at 3:54 PM, Steven Jan Springl wrote:
> If shorewall6 hosts contains:
> 
> abc  eth2:+set1
> 
> The following message is produced:
> 
> ERROR: Invalid HOST(S) column contents: eth2:+set1 : /etc/shorewall66/hosts
> (line 15)

This patch works for me.

Thanks, Steven

-Tom




Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sunday 10 July 2011 00:15:07 Tom Eastep wrote:
> On Jul 9, 2011, at 3:54 PM, Steven Jan Springl wrote:
> > If shorewall6 hosts contains:
> >
> > abc  eth2:+set1
> >
> > The following message is produced:
> >
> > ERROR: Invalid HOST(S) column contents: eth2:+set1 :
> > /etc/shorewall66/hosts (line 15)
>
> This patch works for me.
>
> Thanks, Steven
>
> -Tom
Tom

Confirmed, the patch fixes the problem.

If the entry is changed to:

abc  eth2:!+set1

the following message is produced:

ERROR: Invalid HOST(S) column contents: eth2:!+set1 : /etc/shorewall66/hosts 
(line 15)

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sun, 2011-07-10 at 00:39 +0100, Steven Jan Springl wrote:
> 
> If the entry is changed to:
> 
> abc  eth2:!+set1
> 
> the following message is produced:
> 
> ERROR: Invalid HOST(S) column contents: eth2:!+set1 :
/etc/shorewall66/hosts
> (line 15)
I don''t believe that is allowed in IPv4 either, is it?

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sunday 10 July 2011 01:07:15 Tom Eastep wrote:
> On Sun, 2011-07-10 at 00:39 +0100, Steven Jan Springl wrote:
> > If the entry is changed to:
> >
> > abc  eth2:!+set1
> >
> > the following message is produced:
> >
> > ERROR: Invalid HOST(S) column contents: eth2:!+set1 :
> > /etc/shorewall66/hosts (line 15)
>
> I don''t believe that is allowed in IPv4 either, is it?
>
> -Tom
Tom

I have just tried it with IPv4 and shorewall accepts it.

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sun, 2011-07-10 at 01:10 +0100, Steven Jan Springl
wrote:
> On Sunday 10 July 2011 01:07:15 Tom Eastep wrote:
> > I don''t believe that is allowed in IPv4 either, is it?
>
> I have just tried it with IPv4 and shorewall accepts it.
Okay -- Shorewall has been mis-handling that.

Patch attached.

Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sunday 10 July 2011 01:26:17 Tom Eastep wrote:
> On Sun, 2011-07-10 at 01:10 +0100, Steven Jan Springl wrote:
> > On Sunday 10 July 2011 01:07:15 Tom Eastep wrote:
> > > I don''t believe that is allowed in IPv4 either, is it?
> >
> > I have just tried it with IPv4 and shorewall accepts it.
>
> Okay -- Shorewall has been mis-handling that.
>
> Patch attached.
>
> Thanks, Steven
>
> -Tom
Tom

The patch does not apply. Hunk one fails.

This patch is IPSET8 the previous was IPSET6. Should there be an IPSET7?

Steven.



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sun, 2011-07-10 at 01:47 +0100, Steven Jan Springl wrote:
> The patch does not apply. Hunk one fails.
> 
> This patch is IPSET8 the previous was IPSET6. Should there be an IPSET7?
Steven,

I''m not sure what happened. Please verify the patches against the Git
repository at Sourceforge (branch 4.4.21).

A quick look at the last two patches suggests that they are the same as
the last two I sent you.

-Tom

PS -- It might help if you sent me the .rej

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sat, 2011-07-09 at 17:55 -0700, Tom Eastep wrote:
> On Sun, 2011-07-10 at 01:47 +0100, Steven Jan Springl wrote:
> 
> > The patch does not apply. Hunk one fails.
> > 
> > This patch is IPSET8 the previous was IPSET6. Should there be an
IPSET7?
> 
> Steven,
> 
> I''m not sure what happened. Please verify the patches against the
Git
> repository at Sourceforge (branch 4.4.21).
> 
> A quick look at the last two patches suggests that they are the same as
> the last two I sent you.

See if this helps.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

> 
> See if this helps.

Or simply replace the entire module with this one.

-Tom



Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sunday 10 July 2011 13:22:31 Tom Eastep wrote:
> > See if this helps.
>
> Or simply replace the entire module with this one.
>
> -Tom
Tom

That''s fixed the issue. Thanks.

Steven.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

On Sun, 2011-07-10 at 14:38 +0100, Steven Jan Springl wrote:
> That''s fixed the issue. Thanks.
Thanks, Steven

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2