Beta 1 is now available for testing.
One of the problems I''ve had with the Shorewall products is trying to
keep them all in sync. There have been two copies of each shell library and four
CLI programs.
To simplify maintenance, I have collapsed each of the library pairs into a
single library and have reduced the number of CLI programs from four to two (one
for the ''lite'' products and one for the full-blown products).
I have kept the same package structure for now, but I have begun work on
Shorewall 4.5 where I will change the structure to eliminate more duplication on
systems where the products are installed.
Beginning with this release, the following files are identical.
- /sbin/shorewall and /sbin/shorewall6
- /sbin/shorewall-lite and /sbin/shorewall6/lite
Since Shorewall6 requires Shorewall, /sbin/shorewall6 is now a symbolic link to
/sbin/shorewall.
/sbin/shorewall-lite and /sbin/shorewall6-lite are both installed so that
Shorewall6 Lite is not dependent on Shorewall Lite.
Shorewall and Shorewall6 share use of /usr/share/shorewall/lib.base
/usr/share/shorewall/lib.cli, and /usr/share/shorewall/lib.common.
/usr/share/shorewall6/lib.base is a small file that sets variables and then
sources /usr/share/shorewall/lib.base.
The programs in /sbin set variables based on their base name. Those variables
are then expanded within the common files.
Thank you for testing,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
Has the dynamic blacklisting gone away? I have DYNAMIC_BLACKLIST=Yes in shorewall.conf but when I enter /sbin/shorewall drop ip_address i get this: Dynamic blacklisting is not supported in the current Shorewall configuration thanks, neal ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Mon, 2011-12-05 at 09:13 -0500, Neal Thomsen wrote:> Has the dynamic blacklisting gone away? > > I have DYNAMIC_BLACKLIST=Yes in shorewall.conf > but when I enter > > /sbin/shorewall drop ip_address > > i get this: > > Dynamic blacklisting is not supported in the current Shorewall > configurationWorks for me: root@gateway:/etc/shorewall# fgrep DYNAM shorewall.conf DYNAMIC_BLACKLIST=Yes root@gateway:/etc/shorewall# shorewall drop 1.2.3.4 1.2.3.4 Dropped root@gateway:/etc/shorewall# shorewall allow 1.2.3.4 1.2.3.4 Allowed root@gateway:/etc/shorewall# -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
I don;t know then [root@cahp2 thomsen]# cd /etc/shorewall/ [root@cahp2 shorewall]# fgrep DYNAM shorewall.conf DYNAMIC_BLACKLIST=Yes [root@cahp2 shorewall]# /sbin/shorewall drop 1.2.3.4 Dynamic blacklisting is not supported in the current Shorewall configuration [root@cahp2 shorewall]# /sbin/shorewall allow 1.2.3.4 Dynamic blacklisting is not enabled in the current Shorewall configuration On Mon, Dec 5, 2011 at 9:27 AM, Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 2011-12-05 at 09:13 -0500, Neal Thomsen wrote: > > Has the dynamic blacklisting gone away? > > > > I have DYNAMIC_BLACKLIST=Yes in shorewall.conf > > but when I enter > > > > /sbin/shorewall drop ip_address > > > > i get this: > > > > Dynamic blacklisting is not supported in the current Shorewall > > configuration > > Works for me: > > root@gateway:/etc/shorewall# fgrep DYNAM shorewall.conf > DYNAMIC_BLACKLIST=Yes > root@gateway:/etc/shorewall# shorewall drop 1.2.3.4 > 1.2.3.4 Dropped > root@gateway:/etc/shorewall# shorewall allow 1.2.3.4 > 1.2.3.4 Allowed > root@gateway:/etc/shorewall# > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-devel > >-- (\(\ That''s odd. That''s very odd. (^.^) Wouldn''t you say that''s very odd? (")") -------- When the going gets weird, the weird turn pro. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Mon, 2011-12-05 at 09:31 -0500, Neal Thomsen wrote:> I don;t know then >I just realized that you were referring to Beta 1 -- dynamic blacklisting definitely looks broken there. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
On Mon, 2011-12-05 at 06:37 -0800, Tom Eastep wrote:> On Mon, 2011-12-05 at 09:31 -0500, Neal Thomsen wrote: > > I don;t know then > > > > I just realized that you were referring to Beta 1 -- dynamic > blacklisting definitely looks broken there.Here''s a patch. patch /usr/share/shorewall/lib.common < DYNAMIC.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
Works for me! Sorry I forget to mention the version I was using to begin with. [root@cahp2 temp]# /sbin/shorewall drop 1.2.3.4 1.2.3.4 Dropped [root@cahp2 temp]# /sbin/shorewall allow 1.2.3.4 1.2.3.4 Allowed [root@cahp2 temp]# Thanks! neal ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d