Shorewall 4.4.27 Beta 3 is now ready for testing.
Problems Corrected:
1) The CT action in the notrack file now works.
2) Options in the shorewall.conf (shorewall6.conf) file may now be
used as shell variables in other configuration files.
3) The lib.cli-lite library content has been merged into lib.cli.
lib.cli-lite has been eliminated.
Thank you for testing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
Tom In the tcpri file, if a port number is appended to a helper module e.g.: 1 - - - - ftp-21 the following message is produced: WARNING: Unrecognized helper (ftp-21) : /etc/shorewallT9/tcpri (line 11) Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/17/11 4:38 PM, Steven Jan Springl wrote:> In the tcpri file, if a port number is appended to a helper module e.g.: > > 1 - - - - ftp-21 > > the following message is produced: > > WARNING: Unrecognized helper (ftp-21) : /etc/shorewallT9/tcpri (line 11) >The attached patch seems to resolve the issue. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sunday 18 Dec 2011 01:07:49 Tom Eastep wrote:> On 12/17/11 4:38 PM, Steven Jan Springl wrote: > > In the tcpri file, if a port number is appended to a helper module e.g.: > > > > 1 - - - - ftp-21 > > > > the following message is produced: > > > > WARNING: Unrecognized helper (ftp-21) : /etc/shorewallT9/tcpri (line 11) > > The attached patch seems to resolve the issue. > > Thanks, Steven > > -TomTom Confirmed, the patch corrects the issue. Thanks. Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
Tom Specifying the CT action in the notrack file as documented in the release notes: CT:helper:ftp 1.2.3.4 - tcp 2121 produces the following error message: ERROR: Unknown zone (1.2.3.4) : /etc/shorewallT9/notrack (line 11) ----------------------------------------------------------------------------------------------- When the following rule is specified in the notrack file: CT:helper:ftp lan:1.2.3.0/24!1.2.3.4 - tcp 2121 the following error messages are produced: iptables: No chain/target/match by that name. ERROR: Command "/usr/local/sbin/iptables -A ~excl0 -j CT --helper ftp" Failed Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/17/11 5:55 PM, Steven Jan Springl wrote:> Specifying the CT action in the notrack file as documented in the release > notes: > > CT:helper:ftp 1.2.3.4 - tcp 2121 > > produces the following error message: > > ERROR: Unknown zone (1.2.3.4) : /etc/shorewallT9/notrack (line 11) >That''s correct. The notrack file requires a zone name in the SOURCE and DEST columns. I''ll look at the other problem after dinner. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/17/11 6:48 PM, Tom Eastep wrote:> On 12/17/11 5:55 PM, Steven Jan Springl wrote: > >> Specifying the CT action in the notrack file as documented in the release >> notes: >> >> CT:helper:ftp 1.2.3.4 - tcp 2121 >> >> produces the following error message: >> >> ERROR: Unknown zone (1.2.3.4) : /etc/shorewallT9/notrack (line 11) >> > > That''s correct. The notrack file requires a zone name in the SOURCE and > DEST columns. >Check that -- only the SOURCE column requires a zone. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/17/11 5:55 PM, Steven Jan Springl wrote:> When the following rule is specified in the notrack file: > > CT:helper:ftp lan:1.2.3.0/24!1.2.3.4 - tcp 2121 > > the following error messages are produced: > > iptables: No chain/target/match by that name. > > ERROR: Command "/usr/local/sbin/iptables -A ~excl0 -j CT --helper ftp" Failed >Are you getting nonsensical messages like this in your system log? xt_CT: You must specify a L4 protocol, and not user inversions on it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sunday 18 Dec 2011 03:43:15 Tom Eastep wrote:> On 12/17/11 5:55 PM, Steven Jan Springl wrote: > > When the following rule is specified in the notrack file: > > > > CT:helper:ftp lan:1.2.3.0/24!1.2.3.4 - tcp 2121 > > > > the following error messages are produced: > > > > iptables: No chain/target/match by that name. > > > > ERROR: Command "/usr/local/sbin/iptables -A ~excl0 -j CT --helper ftp" > > Failed > > Are you getting nonsensical messages like this in your system log? > > xt_CT: You must specify a L4 protocol, and not user inversions > on it. > > -TomTom No, I am not seeing any relevant messages in the system log. Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/18/11 4:19 AM, Steven Jan Springl wrote:> > > No, I am not seeing any relevant messages in the system log. >Steven, Does this work on your system? iptables -t nat -N foo iptables -t nat -A foo -j CT --helper ftp Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sun, 2011-12-18 at 07:06 -0800, Tom Eastep wrote:> On 12/18/11 4:19 AM, Steven Jan Springl wrote: > > Does this work on your system? > > iptables -t nat -N foo > iptables -t nat -A foo -j CT --helper ftp >Right after I hit ''send'', I realized what the problem was. This patch should resolve the issue. -Tom PS -- One correction to an earlier post; a SOURCE zone is required in the notrack file but a DEST zone is neither required nor accepted. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sunday 18 Dec 2011 15:21:05 Tom Eastep wrote:> On Sun, 2011-12-18 at 07:06 -0800, Tom Eastep wrote: > > On 12/18/11 4:19 AM, Steven Jan Springl wrote: > > > > Does this work on your system? > > > > iptables -t nat -N foo > > iptables -t nat -A foo -j CT --helper ftp > > Right after I hit ''send'', I realized what the problem was. This patch > should resolve the issue. > > -Tom > > PS -- One correction to an earlier post; a SOURCE zone is required in > the notrack file but a DEST zone is neither required nor accepted.Tom Confirmed, the patch resolves the issue. Thanks. Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sun, 2011-12-18 at 17:08 +0000, Steven Jan Springl wrote:> > Confirmed, the patch resolves the issue. >Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
Tom Notrack entry: CT lan:1.2.3.4 - tcp 2121 Produces the following message: Use of uninitialized value $option in string eq at /usr/share/shorewall/Shorewall/Raw.pm line 72, <$currentfile> line 11. Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/18/11 9:17 AM, Steven Jan Springl wrote:> Notrack entry: > > CT lan:1.2.3.4 - tcp 2121 > > Produces the following message: > > Use of uninitialized value $option in string eq at > /usr/share/shorewall/Shorewall/Raw.pm line 72, <$currentfile> line 11. >The attached patch corrects the problem. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On Sunday 18 Dec 2011 18:37:10 Tom Eastep wrote:> On 12/18/11 9:17 AM, Steven Jan Springl wrote: > > Notrack entry: > > > > CT lan:1.2.3.4 - tcp 2121 > > > > Produces the following message: > > > > Use of uninitialized value $option in string eq at > > /usr/share/shorewall/Shorewall/Raw.pm line 72, <$currentfile> line 11. > > The attached patch corrects the problem. > > Thanks, Steven > > -TomTom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure
On 12/18/11 10:57 AM, Steven Jan Springl wrote:> Confirmed, the patch fixes the issue.Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure