It seems that on a shorewall system that drives a number of shorewall-lite systems, the $LITEDIR needs to be per shorewall-lite system specific, no? There doesn''t seem to be a way per system that I can see to alter that though. I''ve tried the shorewall.conf specific to the ruleset for the shorewall-lite system I''m trying to load but that doesn''t work as it seems that LITEDIR is needed before the per-system shorewall.conf is loaded. Thots? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Brian J. Murrell wrote:> It seems that on a shorewall system that drives a number of > shorewall-lite systems, the $LITEDIR needs to be per shorewall-lite > system specific, no? There doesn''t seem to be a way per system that I > can see to alter that though. I''ve tried the shorewall.conf specific to > the ruleset for the shorewall-lite system I''m trying to load but that > doesn''t work as it seems that LITEDIR is needed before the per-system > shorewall.conf is loaded. > > Thots?That is true in Shorewall 3.2.6, yes. See the 3.2.9 release notes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sat, 2007-07-04 at 15:56 -0700, Tom Eastep wrote:> > That is true in Shorewall 3.2.6, yes. See the 3.2.9 release notes.Ahhh. Nice. Seems I need to push Ubuntu to getting at least 3.2.9 into feisty, if not 3.4 I guess. Maybe too late though as it''s frozen for release. Worth a try I suppose. Thanx! b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Brian J. Murrell wrote:> On Sat, 2007-07-04 at 15:56 -0700, Tom Eastep wrote: >> That is true in Shorewall 3.2.6, yes. See the 3.2.9 release notes. > > Ahhh. Nice. Seems I need to push Ubuntu to getting at least 3.2.9 into > feisty, if not 3.4 I guess. Maybe too late though as it''s frozen for > release. Worth a try I suppose.The tarball should always work well on Ubuntu (given that I develop Shorewall under Ubuntu ;-) ) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sun, 2007-08-04 at 09:59 -0700, Tom Eastep wrote:> > The tarball should always work well on Ubuntu (given that I develop > Shorewall under Ubuntu ;-) )I have a pretty strict "no make install" rule here though, and might end up rolling by own 3.2.10 .deb because of it. In the meanwhile, is there any way to solve the situation where the shorewall-lite machine keeps it''s modules somewhere other than: /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter If not yet, do you want to just keep glomming directories onto $MODULESDIR to cover all of the possibilities or make MODULESDIR per-lite-target configurable? b. BTW: are you interested in what my patch to shorewall-lite looks like for openwrt when I am done? -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Mon, 2007-09-04 at 08:29 -0400, Brian J. Murrell wrote:> In the meanwhile, is there any way to solve the situation where the > shorewall-lite machine keeps it''s modules somewhere other than:NM. I found it in shorewall.conf. Although having to include the output of the lite target''s $(uname -r) is less than optimal, it works. Running through the xtrace output of all of this is very interesting. :-) b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV