Shorewall users - Jun 2006 - Shorewall 3.0.8

This is just another bug-fix rollup.

Problems corrected in 3.0.8

1)  If the ''upnp'' interface option was specified on one or
more
    interfaces but no forwardUPnP rule was included, the following
    diagnostic messages were issued:

        WARNING:Missing forwardUPnP rule (required by ''upnp''
interface option on
                eth0)
        ERROR: Fatal error in find_logactionchain

    Given that the fatal error message is obscure if the first WARNING
    isn''t noticed, the ERROR message has been eliminated with the
    result that Shorewall now starts but won''t handle UPnP properly.

2)  If BRIDGING=No in shorewall.conf, then an entry in
    /etc/shorewall/hosts such as the following would result in an
    obscure failure of an iptables command:

    loc   br0:eth0

    Shorewall now detects this case and issues a more helpful error
    message:

    ERROR: BRIDGING=Yes is required for this zone definition: loc br0:eth0

3)  Users of the Multi-ISP feature may experience this error during startup:

    /usr/share/shorewall/firewall: line 1393: 20000 + (1 - 1) * 256 +
        $rulenum : syntax error: operand expected (error token is
        "$rulenum ")

4)  A more useful diagnostic is now given when a command fails during
    setup of traffic shaping.

5)  Shorewall now checks to see if devices in /etc/shorewall/tcdevices
    exist. If a device does not exist, a warning message is issued and
    that device''s entries in /etc/shorewall/tcclasses are ignored. This
    applies to "shorewall start", "shorewall restart" and
"shorewall
    refresh".

6)  It is now possible to exclude a single source MAC address using
    !<MAC address>. Previously, a startup error occurred.

7)  Shorewall would use the incorrect shell for compilation in the
    following case:

8)  Reporting of the "Mangle FORWARD Chain" capability was broken.
While
    Shorewall correctly detected and used the capability, the output of
    "shorewall show capabilities" and "shorewall dump"
showed the
    capability as "Not Available".

9)  Extension scripts for policy chains (chains with the word
''all'' in
    their name) were not being run previously.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642

On 21 Jun 2006 at 18:46, Tom Eastep wrote:
> 7)  Shorewall would use the incorrect shell for compilation in the
>     following case:
  nada zip  

Which means this was never a problem or who cares, since its
now fixed?   ;-)

-- 
______________________________________
John Andersen
NORCOM / Juneau, Alaska
http://www.screenio.com/
(907) 790-3386

.

All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642

John S. Andersen wrote:
> On 21 Jun 2006 at 18:46, Tom Eastep wrote:
> 
>> 7)  Shorewall would use the incorrect shell for compilation in the
>>     following case:
> 
>   nada zip  
> 
> Which means this was never a problem or who cares, since its
> now fixed?   ;-)
> 
7)  Shorewall would use the incorrect shell for compilation in the
    following case:

    a) /etc/shorewall/shorewall.conf specified
    SHOREWALL_SHELL=/bin/shell1.

    b) /foo/bar/shorewall.conf specified SHOREWALL_SHELL=/bin/shell2.

    c) The command "shorewall try /foo/bar" was executed. Compilation
    of the configuration in /foo/bar would be done using /bin/shell2
    rather than /bin/shell1.

    NOTE: The ''try'' command is deprecated and will be removed
in
    Shorewall version 3.4. "shorewall save && shorewall restart
    <directory>" is a faster way to accomplish the same thing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642