Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even though I get no warnings running shorewall check ? Do I have to be worried about the upgrade not being succesful ? thanks, Peter
Peter van Eck wrote:> > Hi, > > I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz > > I followed the instructions for upgrade > and got a warning when running shorewall check > on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" > while that has changed to DropNotSyn . > > I manually copied over action.DROP from the source tree. >Where did you copy the file to? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I replaced the "old" action.DROP and action.Reject in /usr/share/shorewall with the new 2.2.1 ones. rgds, Peter Tom Eastep wrote:>Peter van Eck wrote: > > >>Hi, >> >>I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz >> >>I followed the instructions for upgrade >>and got a warning when running shorewall check >>on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" >>while that has changed to DropNotSyn . >> >>I manually copied over action.DROP from the source tree. >> >> >> > >Where did you copy the file to? > >-Tom > >
Peter van Eck wrote:> I replaced the "old" action.DROP and action.Reject in /usr/share/shorewall > with the new 2.2.1 ones. >Ok -- the installer script is broken for upgrade of the /usr/share/shorewall/''action.*'' files. It doesn''t replace existing files when it should. I''ll fix for 2.2.2 which will be out within the week. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok thanks, I have taken a closer look after the install had run and found out that the following files in /etc/shorewall were backed up but didn''t get replaced either see the timestamps.. -rw------- 1 root root 3369 May 18 2004 masq -rw------- 1 root root 3519 Apr 28 2004 policy -rw------- 1 root root 814 Apr 28 2004 routestopped -rwxr--r-- 1 root root 634 Apr 28 2004 zones -rw------- 1 root root 1053 Apr 28 2004 actions -rw------- 1 root root 2282 Apr 28 2004 accounting -rw------- 1 root root 691 Apr 28 2004 ecn -rw------- 1 root root 220 Apr 28 2004 stop -rw------- 1 root root 224 Apr 28 2004 stopped -rw------- 1 root root 626 Apr 28 2004 modules -rw------- 1 root root 1423 Apr 28 2004 tos -rw------- 1 root root 3162 Apr 28 2004 tunnels -rw------- 1 root root 590 Apr 28 2004 maclist -rw------- 1 root root 684 Apr 28 2004 params -rw------- 1 root root 1696 Apr 28 2004 proxyarp -rw------- 1 root root 1741 Apr 28 2004 hosts -rw------- 1 root root 1830 Apr 28 2004 nat Peter Tom Eastep wrote:>Peter van Eck wrote: > > >>I replaced the "old" action.DROP and action.Reject in /usr/share/shorewall >>with the new 2.2.1 ones. >> >> >> > >Ok -- the installer script is broken for upgrade of the >/usr/share/shorewall/''action.*'' files. It doesn''t replace existing files >when it should. > >I''ll fix for 2.2.2 which will be out within the week. > >-Tom > >
Peter van Eck wrote:> Ok thanks, > > I have taken a closer look after the install had run > and found out that the following files in /etc/shorewall were backed up > but didn''t get replaced either > see the timestamps..That is as designed -- Shorewall NEVER overwrites a file in /etc/shorewall. The backup is so that a subsequent ''fallback.sh'' will reverse any changes that you make to the files after the upgrade. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok. So does that mean that if you want to use the new 2.2.1 shorewall.conf you have to copy it over manually to /etc/shorewall after the upgrade. Likewise for anyother file in /etc/shorewall. thanks, Peter <http://lists.shorewall.net/pipermail/shorewall-announce/2004-December/000451.html> Tom Eastep wrote:>Peter van Eck wrote: > > >>Ok thanks, >> >>I have taken a closer look after the install had run >>and found out that the following files in /etc/shorewall were backed up >>but didn''t get replaced either >>see the timestamps.. >> >> > >That is as designed -- Shorewall NEVER overwrites a file in >/etc/shorewall. The backup is so that a subsequent ''fallback.sh'' will >reverse any changes that you make to the files after the upgrade. > >-Tom > >
Peter van Eck wrote:> Ok. > > So does that mean that if you want to use the new 2.2.1 shorewall.conf > you have to copy it over manually to /etc/shorewall after the upgrade. > > Likewise for anyother file in /etc/shorewall.Yes -- if you use the install.sh script. I don''t claim that little script can take the place of a real package manager like rpm or dpkg; it should be used only when you can''t use those. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key