List. I have been using shorewall for sometime on a single interface with multiple Virtual interfaces. I just updated system from WBEL 3 to CentOS 4.2. I have been using the following actions to allow a irc oper the fine priveledge if pinging his only allowed ip. AllowPing net $FW:<ip> the previous version of shorewall was 2.4*, I basically copied the /etc/shorewall/rules over to the new 3.0.1 setup. Now during startup I get an error with that rule. ERROR: Invalid Action in rule "AllowPing net fw:<ip> " Any ideas as to my error? Brian
On Wednesday 23 November 2005 07:03, Brian wrote:> List. > > I have been using shorewall for sometime on a single interface with > multiple > Virtual interfaces. I just updated system from WBEL 3 to CentOS 4.2. I > have been > using the following actions to allow a irc oper the fine priveledge if > pinging his > only allowed ip. > > AllowPing net $FW:<ip> > > the previous version of shorewall was 2.4*, I basically copied the > /etc/shorewall/rules over to the new 3.0.1 setup. Now during startup I > get an > error with that rule. > > ERROR: Invalid Action in rule "AllowPing net fw:<ip> " > > Any ideas as to my error?Yes. a) You didn''t read the release notes. b) You didn''t read the release notes. c) You didn''t read the release notes. From the release notes under "Migration Considerations": 5) Most of the standard actions have been replaced by parametrized macros (see below). So for example, the action.AllowSMTP and action.DropSMTP have been removed an a parametrized macro macro.SMTP has been added to replace them. In order that current users don''t have to immediately update their rules and user-defined actions, Shorewall can substitute an invocation of the a new macro for an existing invocation of one of the old actions. So if your rules file calls AllowSMTP, Shorewall will replace that call with SMTP/ACCEPT. Because this substitution is expensive, it is conditional based on the setting of MAPOLDACTIONS in shorewall.conf. If this option is set to YES or if it is not set (such as if you are using your old shorewall.conf file) then Shorewall will perform the substitution. Once you have converted to use the new macros, you can set MAPOLDACTIONS=No and invocations of those actions will go much quicker during ''shorewall [re]start''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> AllowPing net $FW:<ip> > > the previous version of shorewall was 2.4*, I basically copied the > /etc/shorewall/rules over to the new 3.0.1 setup. Now during startup I > get an > error with that rule. > > ERROR: Invalid Action in rule "AllowPing net fw:<ip> " > > Any ideas as to my error?I believe the former Action "AllowPing" is a Macro named "Ping" since 3.0.0. -Karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
On Wednesday 23 November 2005 07:23, Tom Eastep wrote:> On Wednesday 23 November 2005 07:03, Brian wrote: > > > > ERROR: Invalid Action in rule "AllowPing net fw:<ip> " > > > > Any ideas as to my error? > > Yes. > > a) You didn''t read the release notes. > b) You didn''t read the release notes. > c) You didn''t read the release notes. > > From the release notes under "Migration Considerations":For more information about upgrading Shorewall, please see: http://www.shorewall.net/Install.htm#id2460288 That section provides background and gives guidance about handling the shorewall.conf file during an upgrade. This is important any time that you are upgrading from one major release to another. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key