Levi Masterson
2003-Aug-28 09:39 UTC
[Shorewall-users] Shorewall 1.46b; new configs--command not found?
So I have been running Shorewall for about 2 years now and decided it was time to streamline my configs again. One question though: Where is this coming from? [levi@hcocntf shorewall]# shorewall try new 15 Loading /usr/share/shorewall/functions... Processing new/params ... : command not foundl/firewall: line 29: Processing new/shorewall.conf... Restarting Shorewall... Loading Modules... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc dmz Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth3:0.0.0.0/0 Local Zone: eth0:0.0.0.0/0 ppp+:0.0.0.0/0 DMZ Zone: eth2:0.0.0.0/0 {it finishes loading successfully and works as anticipated} Here is the sequence of events that led up to this: 1. Upgraded from 1.4.5 to 1.4.6c 2. Began rewriting all my config files, removing most of the places I used variables from params at one time or another. We don''t allow everyone net access here, so I have two sets of variables for classifying different people. FULL_INET1-FULL_INET5 and HTTP_INET1-HTTP_INET3. There are 6 comma separated IP''s in each list. Looks like this: FULL_INET1=10.100.4.108,10.100.4.111,10.100.4.195,10.100.4.100,10.100.4.109, 10.100.4.117 FULL_INET2=10.100.4.251,10.100.4.103,10.100.4.104,10.100.4.121,10.100.4.127, 10.100.4.125 FULL_INET3=10.100.4.6,10.100.4.7,10.100.4.12,10.100.4.13,10.100.4.36,10.100. 4.227 FULL_INET4=10.100.4.81,10.100.4.82,10.100.4.83,10.100.4.200,10.100.4.201,10. 100.4.226 FULL_INET5=10.100.4.222,10.100.4.223,10.100.4.225,10.100.4.221,10.100.4.228, 10.100.4.224 ## HTTP ONLY ## HTTP_INET1=10.100.4.175,10.100.4.119,10.100.4.112,10.100.4.114,10.100.4.115, 10.100.4.128 HTTP_INET2=10.100.4.133,10.100.4.199,10.100.4.241,10.100.4.136,10.100.4.192, 10.100.4.236 HTTP_INET3=10.100.4.102,10.100.4.150,10.100.4.230,10.100.4.35,10.100.4.32,10 .100.4.246 Before now, I had used many variables (around 30 or so) throughout the config, but since I realized most of it changes only for major revisions of shorewall, and hardly ever for my configuration, why use so many variables and have to cross reference something when I want to modify it? Now I have 8, and instead of covering ports, ip addresses, and interfaces, its just the ACLs. In addition, I went through and deleted all the comments from the other config files just for aesthetic reasons--and the fact I know most of it by heart by now. So it works... but that error bugs me and not knowing exactly whats causing it is bugging me more. I have gone through the config files looking for spaces out of place, lines that should be commented, etc, but I have come up empty handed so far. Does anyone have a guess where I screwed up? Thanks, Levi Masterson