RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized Drop and Reject actions are now available in Shorewall6. They were overlooked in the previous RCs. Thank you for testing. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
Tom If shorewall6 rules file contains: ACCEPT lan:eth0:+set3 wan The following message is produced: ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line 24) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Fri, 2011-07-08 at 23:37 +0100, Steven Jan Springl wrote:> If shorewall6 rules file contains: > > ACCEPT lan:eth0:+set3 wan > > The following message is produced: > > ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line 24)This should fix you up, Steven Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Friday 08 July 2011 23:55:23 Tom Eastep wrote:> On Fri, 2011-07-08 at 23:37 +0100, Steven Jan Springl wrote: > > If shorewall6 rules file contains: > > > > ACCEPT lan:eth0:+set3 wan > > > > The following message is produced: > > > > ERROR: Invalid ipset name (eth0:+set3) : /etc/shorewall66/rules (line 24) > > This should fix you up, Steven > > Thanks, > -TomTom Confirmed, that''s fixed it. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
Tom If shorewall6 rules file contains: ACCEPT lan:eth0:!+set3 wan The following message is produced: ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
On Jul 8, 2011, at 4:09 PM, Steven Jan Springl wrote:> If shorewall6 rules file contains: > > ACCEPT lan:eth0:!+set3 wan > > The following message is produced: > > ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24) >This seems to fix it. Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Saturday 09 July 2011 00:29:29 Tom Eastep wrote:> On Jul 8, 2011, at 4:09 PM, Steven Jan Springl wrote: > > If shorewall6 rules file contains: > > > > ACCEPT lan:eth0:!+set3 wan > > > > The following message is produced: > > > > ERROR: Unknown Host (eth0:) : /etc/shorewall66/rules (line 24) > > This seems to fix it. > > Thanks, Steven > > -TomTom Confirmed, the patch has fixed the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 8, 2011, at 4:01 PM, Steven Jan Springl wrote:> > Confirmed, that''s fixed it. Thanks. >Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 8, 2011, at 4:39 PM, Steven Jan Springl wrote:> > Confirmed, the patch has fixed the issue. Thanks. >Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
Tom Shorewall6 rule: ACCEPT wan lan:!+set4 produces the following error message: ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 9, 2011, at 2:43 PM, Steven Jan Springl wrote:> > Shorewall6 rule: > > ACCEPT wan lan:!+set4 > > produces the following error message: > > ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25)This patch seems to fix the problem. Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Saturday 09 July 2011 23:35:07 Tom Eastep wrote:> On Jul 9, 2011, at 2:43 PM, Steven Jan Springl wrote: > > Shorewall6 rule: > > > > ACCEPT wan lan:!+set4 > > > > produces the following error message: > > > > ERROR: Unknown Interface (!+set4) : /etc/shorewall66/rules (line 25) > > This patch seems to fix the problem. > > Thanks, Steven > > -TomTom Confirmed, that''s fixed it. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 9, 2011, at 3:43 PM, Steven Jan Springl wrote:> > Confirmed, that''s fixed it. Thanks.Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
Tom If shorewall6 hosts contains: abc eth2:+set1 The following message is produced: ERROR: Invalid HOST(S) column contents: eth2:+set1 : /etc/shorewall66/hosts (line 15) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Jul 9, 2011, at 3:54 PM, Steven Jan Springl wrote:> If shorewall6 hosts contains: > > abc eth2:+set1 > > The following message is produced: > > ERROR: Invalid HOST(S) column contents: eth2:+set1 : /etc/shorewall66/hosts > (line 15)This patch works for me. Thanks, Steven -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sunday 10 July 2011 00:15:07 Tom Eastep wrote:> On Jul 9, 2011, at 3:54 PM, Steven Jan Springl wrote: > > If shorewall6 hosts contains: > > > > abc eth2:+set1 > > > > The following message is produced: > > > > ERROR: Invalid HOST(S) column contents: eth2:+set1 : > > /etc/shorewall66/hosts (line 15) > > This patch works for me. > > Thanks, Steven > > -TomTom Confirmed, the patch fixes the problem. If the entry is changed to: abc eth2:!+set1 the following message is produced: ERROR: Invalid HOST(S) column contents: eth2:!+set1 : /etc/shorewall66/hosts (line 15) Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sun, 2011-07-10 at 00:39 +0100, Steven Jan Springl wrote:> > If the entry is changed to: > > abc eth2:!+set1 > > the following message is produced: > > ERROR: Invalid HOST(S) column contents: eth2:!+set1 : /etc/shorewall66/hosts > (line 15)I don''t believe that is allowed in IPv4 either, is it? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sunday 10 July 2011 01:07:15 Tom Eastep wrote:> On Sun, 2011-07-10 at 00:39 +0100, Steven Jan Springl wrote: > > If the entry is changed to: > > > > abc eth2:!+set1 > > > > the following message is produced: > > > > ERROR: Invalid HOST(S) column contents: eth2:!+set1 : > > /etc/shorewall66/hosts (line 15) > > I don''t believe that is allowed in IPv4 either, is it? > > -TomTom I have just tried it with IPv4 and shorewall accepts it. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sun, 2011-07-10 at 01:10 +0100, Steven Jan Springl wrote:> On Sunday 10 July 2011 01:07:15 Tom Eastep wrote: > > I don''t believe that is allowed in IPv4 either, is it? > > I have just tried it with IPv4 and shorewall accepts it.Okay -- Shorewall has been mis-handling that. Patch attached. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sunday 10 July 2011 01:26:17 Tom Eastep wrote:> On Sun, 2011-07-10 at 01:10 +0100, Steven Jan Springl wrote: > > On Sunday 10 July 2011 01:07:15 Tom Eastep wrote: > > > I don''t believe that is allowed in IPv4 either, is it? > > > > I have just tried it with IPv4 and shorewall accepts it. > > Okay -- Shorewall has been mis-handling that. > > Patch attached. > > Thanks, Steven > > -TomTom The patch does not apply. Hunk one fails. This patch is IPSET8 the previous was IPSET6. Should there be an IPSET7? Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sun, 2011-07-10 at 01:47 +0100, Steven Jan Springl wrote:> The patch does not apply. Hunk one fails. > > This patch is IPSET8 the previous was IPSET6. Should there be an IPSET7?Steven, I''m not sure what happened. Please verify the patches against the Git repository at Sourceforge (branch 4.4.21). A quick look at the last two patches suggests that they are the same as the last two I sent you. -Tom PS -- It might help if you sent me the .rej -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sat, 2011-07-09 at 17:55 -0700, Tom Eastep wrote:> On Sun, 2011-07-10 at 01:47 +0100, Steven Jan Springl wrote: > > > The patch does not apply. Hunk one fails. > > > > This patch is IPSET8 the previous was IPSET6. Should there be an IPSET7? > > Steven, > > I''m not sure what happened. Please verify the patches against the Git > repository at Sourceforge (branch 4.4.21). > > A quick look at the last two patches suggests that they are the same as > the last two I sent you.See if this helps. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
> > See if this helps.Or simply replace the entire module with this one. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sunday 10 July 2011 13:22:31 Tom Eastep wrote:> > See if this helps. > > Or simply replace the entire module with this one. > > -TomTom That''s fixed the issue. Thanks. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
On Sun, 2011-07-10 at 14:38 +0100, Steven Jan Springl wrote:> That''s fixed the issue. Thanks.Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2