4.5.5 Beta 1 is now available for testing.
The problem corrected below is a rather serious one and I would like to
get the fix into Debian Wheezy prior to the freeze. I could put the fix
into 4.5.4 directly but the fix is large and affects three packages
(Shorewall, Shorewall-core and Shorewall-init); so I would like it to
get some testing done before merging it into the 4.5.4 branch.
Problems Corrected:
1) A number of defects in Shorewall-init have been corrected. Among
them:
a) The installer now enables startup at boot on Debian.
b) Interface up/down handling was using the ''restart''
command; if an
interface was disabled, ''restart'' didn''t
bring it up. Interface
up/down handling now uses the ''enable'' and
''disable'' commands
when an optional provider interface goes up or down.
New Features:
1) It is now possible to include additional information in netfilter
messages when using plain log levels (debug, info, ...). This is
done by following the level with a parenthesized comma-separated
list of "log options".
Valid log options are:
ip_options
Log messages will include the option settings from the IP
header.
macdecode
Decode the MAC address and protocol.
tcp_sequence
Include TCP sequence numbers.
tcp_options
Include options from the TCP header.
uid
Include the UID of the sending program; only effective for
packets originating on the firewall itself.
Example: info(tcp_options,tcp_sequence)
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/01/2012 01:54 PM, Tom Eastep wrote:> 4.5.5 Beta 1 is now available for testing. > > The problem corrected below is a rather serious one and I would like to > get the fix into Debian Wheezy prior to the freeze. I could put the fix > into 4.5.4 directly but the fix is large and affects three packages > (Shorewall, Shorewall-core and Shorewall-init); so I would like it to > get some testing done before merging it into the 4.5.4 branch. > > Problems Corrected: > > 1) A number of defects in Shorewall-init have been corrected. Among > them: > > a) The installer now enables startup at boot on Debian. > > b) Interface up/down handling was using the ''restart'' command; if an > interface was disabled, ''restart'' didn''t bring it up. Interface > up/down handling now uses the ''enable'' and ''disable'' commands > when an optional provider interface goes up or down.I neglected to include one last fix. The attached patch is best applied before installing Shorewall-init. patch shorewall-init-4.5.5-Beta1/ifupdown.sh < IFUPDOWN.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 06/01/2012 02:08 PM, Tom Eastep wrote:> I neglected to include one last fix. > > The attached patch is best applied before installing Shorewall-init. > > patch shorewall-init-4.5.5-Beta1/ifupdown.sh < IFUPDOWN.patch >Note also that this patch is only needed on Debian and derivatives. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 6/1/12 2:08 PM, Tom Eastep wrote:> On 06/01/2012 01:54 PM, Tom Eastep wrote: >> 4.5.5 Beta 1 is now available for testing. >> >> The problem corrected below is a rather serious one and I would like to >> get the fix into Debian Wheezy prior to the freeze. I could put the fix >> into 4.5.4 directly but the fix is large and affects three packages >> (Shorewall, Shorewall-core and Shorewall-init); so I would like it to >> get some testing done before merging it into the 4.5.4 branch. >> >> Problems Corrected: >> >> 1) A number of defects in Shorewall-init have been corrected. Among >> them: >> >> a) The installer now enables startup at boot on Debian. >> >> b) Interface up/down handling was using the ''restart'' command; >> if an >> interface was disabled, ''restart'' didn''t bring it up. Interface >> up/down handling now uses the ''enable'' and ''disable'' commands >> when an optional provider interface goes up or down. > > > I neglected to include one last fix. > > The attached patch is best applied before installing Shorewall-init. > > patch shorewall-init-4.5.5-Beta1/ifupdown.sh < IFUPDOWN.patch >Here''s a Shorewall patch that corrects another problem with Shorewall-init-4.5.5-Beta1. . ~/.shorewallrc patch ${PERLLIBDIR}/Shorewall/Providers.pm < STATUS.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On Saturday 02 Jun 2012 00:56:37 Tom Eastep wrote:> > Here''s a Shorewall patch that corrects another problem with > Shorewall-init-4.5.5-Beta1. > > . ~/.shorewallrc > patch ${PERLLIBDIR}/Shorewall/Providers.pm < STATUS.patch > > -TomTom The patch is not attached. Steven. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 6/2/12 12:15 PM, Steven Jan Springl wrote:> On Saturday 02 Jun 2012 00:56:37 Tom Eastep wrote: > >> >> Here''s a Shorewall patch that corrects another problem with >> Shorewall-init-4.5.5-Beta1. >> >> . ~/.shorewallrc >> patch ${PERLLIBDIR}/Shorewall/Providers.pm < STATUS.patch >> >> -Tom > > Tom > > The patch is not attached.Oops -- try again. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/