Hi Tom, I believe there is a bug in the compiler errata file for 3.2.4 (ftp://shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/Shorewall/ compiler). When it encounters my /etc/tcrules file it outputs the following: ... Checking /etc/shorewall/tos... Checking /etc/shorewall/ecn... Checking Traffic Control Rules... /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2581: process_tc_rule: command not found /usr/share/shorewall/compiler: line 2609: setup_traffic_shaping: command not found Checking Rule Activation... Shorewall configuration verified ... I reverted back to the original distribution file and applied the patch (ftp://shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/patches/pa tch-3.2.4-1.diff) instead which worked. Regards, - Craig. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Tue, 2006-10-03 at 19:30 +0200, Craig M. Nicholson wrote:> Hi Tom, > > I believe there is a bug in the compiler errata file for 3.2.4 > (ftp://shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/Shorewall/ > compiler). When it encounters my /etc/tcrules file it outputs the > following: >Hi Craig, Ooops -- please try the one at: ftp://ftp1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/Shorewall/ Sorry for the screwup, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hi Tom,
I''ve already applied the patch file against
/usr/share/shorewall/compiler and it works.
However I did a quick diff against compiler file you put in the errata
and it''s different, so which one is the right one?
<snip>
--- /usr/share/shorewall/compiler 2006-10-03 19:19:13.000000000
+0200
+++ compiler 2006-10-03 19:43:52.000000000 +0200
@@ -6017,6 +6017,7 @@
proto ports policy+
detectinterface
[ -n "$nomasq" ] && source="$source
except $nomasq"
;;
@@ -6060,6 +6061,7 @@
proto ports policy+
detectinterface source="$source except $nomasq"
fi
</snip>
Regards,
- Craig.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> > Sorry for the screwup, >I had uploaded the 3.3 compiler by mistake. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Craig M. Nicholson wrote:> Hi Tom, > > I''ve already applied the patch file against > /usr/share/shorewall/compiler and it works. > > However I did a quick diff against compiler file you put in the errata > and it''s different, so which one is the right one?Both fix the problem -- the compiler file has a further optimization that removes some redundant rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> Craig M. Nicholson wrote: >> Hi Tom, >> >> I''ve already applied the patch file against >> /usr/share/shorewall/compiler and it works. >> >> However I did a quick diff against compiler file you put in the errata >> and it''s different, so which one is the right one? > > Both fix the problem -- the compiler file has a further optimization that > removes some redundant rules.I''ve uploaded patch-3.2.4-2 which implements the optimization. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks Tom. :) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV