I''ve uploaded Beta 5.
Problems corrected in 4.0.0 Beta 5.
1) With Shorewall-perl, if a bridge port was used to qualify the SOURCE
in a rule where there was also a DEST interface, then the following
diagnostic was produced:
Undefined subroutine &Shorewall::Chains::source_port_to_bridge called
at /usr/share/shorewall-perl/Shorewall/Chains.pm line 1521,
<$currentfile> line 363.
2) ''shorewall dump'', ''shorewall show log''
and ''shorewall logwatch''
work again.
3) The ''mss'' zone option and the CLAMPMSS=<number>
option in
shorewall.conf could previously *increase* the MSS in a
packet; this possibility has been eliminated.
Other changes in Shorewall 4.0.0 Beta 5.
1) The Perl compiler is now externalized. Both the compiler.pl program
and the Perl Module interface are documented.
The compiler program is /usr/share/shorewall-perl/compiler.pl:
compiler.pl [ <option> ... ] [ <filename> ]
If a <filename> is given, then the configuration will be compiled
output placed in the named file. If <filename> is not given, then
the configuration will simply be syntax checked.
Options are:
-v <verbosity>
--verbosity=<verbosity>
The <verbosity> is a number between 0 and 2 and corresponds to
the VERBOSITY setting in shorewall.conf. This setting controls
the verbosity of the compiler itself.
-e
--export
If given, the configuration will be compiled for export to
another system.
-d <directory>
--directory=<directory>
If this option is omitted, the configuration in /etc/shorewall
is compiled/checked. Otherwise, the configuration in the named
directory will be compiled/checked.
-t
--timestamp
If given, each progress message issued by the compiler and by
the compiled program will be timestamped.
Example (compiles the configuration in the current directory
generating a script named ''firewall'' and using
VERBOSITY
2).
/usr/share/shorewall-perl/compiler.pl -v 2 -d . firewall
Note: For compatibility with Shorewall 3.4.2 and later 3.4
releases, options not passed on the run-line get their values from
environmental variables:
Option Variable
--verbosity VERBOSE
--export EXPORT
--directory SHOREWALL_DIR
--timestamp TIMESTAMP
The Perl Module is externalized as follows:
use lib ''/usr/share/shorewall-perl'';
use Shorewall::Compiler;
compiler $filename, $directory, $verbose, $options
The arguments to the compiler function are as follows:
$filename - Name of the compiled script to be created.
If the arguments evaluates to false, the
configuration is syntax checked
$directory - The directory containing the configuration.
If passed as '''', then /etc/shorewall/ is
assumed.
$verbose - The verbosity level (0-2).
$options - A bitmap of options. Shorewall::Compiler
exports two constants to help building this
argument:
EXPORT = 0x01
TIMESTAMP = 0x02
The compiler raises an exception with ''die'' if it
encounters an
error; $@ contains the ''ERROR'' messages describing the
problem.
The compiler function can be called repeatedly with different
inputs.
2) When TC_ENABLED=Internal, Shorewall-perl now validates classids in
the MARK/CLASSIFY column of /etc/shorewall/tcrules against the
classes generated by /etc/shorewall/tcclasses.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
Tom Maclist entry: LOG br0 00:40:F4:4D:76:A2 192.168.0.0/24,!192.168.0.5-192.168.0.8 produces the following error messages: Use of uninitialized value in concatenation (.) or string at /usr/share/shorewall-perl/Shorewall/Rules.pm line 754, <$currentfile> line 11. Use of uninitialized value in concatenation (.) or string at /usr/share/shorewall-perl/Shorewall/Rules.pm line 754, <$currentfile> line 11. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > Maclist entry: > > LOG br0 00:40:F4:4D:76:A2 192.168.0.0/24,!192.168.0.5-192.168.0.8 > > produces the following error messages: > > Use of uninitialized value in concatenation (.) or string > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 754, <$currentfile> line > 11. > > Use of uninitialized value in concatenation (.) or string > at /usr/share/shorewall-perl/Shorewall/Rules.pm line 754, <$currentfile> line > 11. > >Good afternoon, Steven I get the following: gateway:~/bridge # shorewall check . Checking... ERROR: Invalid DISPOSITION ( LOG) : /root/bridge//maclist ( line 10 ) gateway:~/bridge # Guess I''ll need the entire config (with capabilities file). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> > I get the following: > > gateway:~/bridge # shorewall check . > Checking... > ERROR: Invalid DISPOSITION ( LOG) : /root/bridge//maclist ( line 10 ) > gateway:~/bridge # > > Guess I''ll need the entire config (with capabilities file).Nevermind -- it was my MACLIST_CHAIN setting... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Tom Eastep wrote: > >> I get the following: >> >> gateway:~/bridge # shorewall check . >> Checking... >> ERROR: Invalid DISPOSITION ( LOG) : /root/bridge//maclist ( line 10 ) >> gateway:~/bridge # >> >> Guess I''ll need the entire config (with capabilities file). > > Nevermind -- it was my MACLIST_CHAIN setting...Fixed in r6560. Thanks! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep escribió:> I''ve uploaded Beta 5. >I Have some time to test this stuff this weekend.. so, I migrated my systems to this beta. Found so far... shorewall safe-restart does not work shorewall safe-restart Compiling... usage: compiler.pl [ --export ] [ --directory=<directory> ] [ --verbose={0-2} ] [ --timestamp ] [ <filename> ] but "shorewall restart" do work ;) anyway.. this looks very promising.. great work Tom !! ;) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Cristian Rodriguez R. wrote:> Tom Eastep escribió: >> I''ve uploaded Beta 5. >> > > I Have some time to test this stuff this weekend.. so, I migrated my > systems to this beta. > > Found so far... > > shorewall safe-restart does not work > > shorewall safe-restart > Compiling... > usage: compiler.pl [ --export ] [ --directory=<directory> ] [ > --verbose={0-2} ] [ --timestamp ] [ <filename> ]Thanks, Cristian Will be fixed in 3.4.4 and I''ll put the same change into Beta 6. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Cristian Rodriguez R. wrote: >> Tom Eastep escribió: >>> I''ve uploaded Beta 5. >>> >> I Have some time to test this stuff this weekend.. so, I migrated my >> systems to this beta. >> >> Found so far... >> >> shorewall safe-restart does not work >> >> shorewall safe-restart >> Compiling... >> usage: compiler.pl [ --export ] [ --directory=<directory> ] [ >> --verbose={0-2} ] [ --timestamp ] [ <filename> ] > > Thanks, Cristian > > Will be fixed in 3.4.4 and I''ll put the same change into Beta 6.Or, you can replace /sbin/shorewall from SVN trunk/Shorewall-common. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom After the application of r6581, trying to run the shorewall-shell compiler produces the following error: ERROR: SHOREWALL_COMPILER=shell requires the shorewall-shell package which is not installed. Setting "SHELLSHAREDIR=/usr/share/shorewall-shell" in "lib.base" seems resolves the issue. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > After the application of r6581, trying to run the shorewall-shell compiler > produces the following error: > > ERROR: SHOREWALL_COMPILER=shell requires the shorewall-shell package which is > not installed. > > Setting "SHELLSHAREDIR=/usr/share/shorewall-shell" in "lib.base" seems > resolves the issue.Thanks, Steven I messed up resolving a merge conflict. Fixed in r6590. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Routestopped entry: br0 192.168.0.0-192.168.0.100,192.168.0.110 is accepted by shorewall-shell, but shorewall-perl produces the following message: ERROR: Unknown Host (192.168.0.0-192.168.0.100,192.168.0.110) Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > Routestopped entry: > > br0 192.168.0.0-192.168.0.100,192.168.0.110 > > is accepted by shorewall-shell, but shorewall-perl produces the following > message: > > ERROR: Unknown Host (192.168.0.0-192.168.0.100,192.168.0.110) >Fixed in 6591. Thanks, Steven -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom The "shorewall version" command no longer lists the versions of the installed compilers. Is this expected? Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > The "shorewall version" command no longer lists the versions of the installed > compilers. Is this expected?Yes -- use the ''-a'' option -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Monday 18 June 2007 22:43, Tom Eastep wrote:> Steven Jan Springl wrote: > > Tom > > > > Routestopped entry: > > > > br0 192.168.0.0-192.168.0.100,192.168.0.110 > > > > is accepted by shorewall-shell, but shorewall-perl produces the following > > message: > > > > ERROR: Unknown Host (192.168.0.0-192.168.0.100,192.168.0.110) > > Fixed in 6591. > > Thanks, Steven > > -TomTom That works now. However if the "critical" option is added, the error is still produced. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> On Monday 18 June 2007 22:43, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> Tom >>> >>> Routestopped entry: >>> >>> br0 192.168.0.0-192.168.0.100,192.168.0.110 >>> >>> is accepted by shorewall-shell, but shorewall-perl produces the following >>> message: >>> >>> ERROR: Unknown Host (192.168.0.0-192.168.0.100,192.168.0.110) >> Fixed in 6591. >> >> Thanks, Steven >> >> -Tom > > Tom > > That works now. However if the "critical" option is added, the error is still > produced.Should have known that I would have copied and pasted the type. Fixed in 6592. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Steven Jan Springl wrote: >> On Monday 18 June 2007 22:43, Tom Eastep wrote: >>> Steven Jan Springl wrote: >>>> Tom >>>> >>>> Routestopped entry: >>>> >>>> br0 192.168.0.0-192.168.0.100,192.168.0.110 >>>> >>>> is accepted by shorewall-shell, but shorewall-perl produces the following >>>> message: >>>> >>>> ERROR: Unknown Host (192.168.0.0-192.168.0.100,192.168.0.110) >>> Fixed in 6591. >>> >>> Thanks, Steven >>> >>> -Tom >> Tom >> >> That works now. However if the "critical" option is added, the error is still >> produced. > > Should have known that I would have copied and pasted the type.---- I''m a hopeless typist -- now I''m mistyping the word ''typo''.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Routestopped entry: br0:192.168.21.21 - critical while not documented as valid, is accepted by shorewall start/restart commands and generates the same iptables rules as entry: br0 192.168.21.21 critical However, shorewall stop/clear commands produce the following error message: iptables v1.3.7: interface name `br0:192.168.21.21'' must be shorter than IFNAMSIZ (15) Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Tom > > Routestopped entry: > > br0:192.168.21.21 - critical > > while not documented as valid, is accepted by shorewall start/restart commands > and generates the same iptables rules as entry: > > br0 192.168.21.21 critical > > However, shorewall stop/clear commands produce the following error message: > > iptables v1.3.7: interface name `br0:192.168.21.21'' must be shorter than > IFNAMSIZ (15)Sorry -- I can''t reproduce this result. I''ll need the entire test directory. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Tuesday 19 June 2007 01:39, Tom Eastep wrote:> Steven Jan Springl wrote: > > Tom > > > > Routestopped entry: > > > > br0:192.168.21.21 - critical > > > > while not documented as valid, is accepted by shorewall start/restart > > commands and generates the same iptables rules as entry: > > > > br0 192.168.21.21 critical > > > > However, shorewall stop/clear commands produce the following error > > message: > > > > iptables v1.3.7: interface name `br0:192.168.21.21'' must be shorter than > > IFNAMSIZ (15) > > Sorry -- I can''t reproduce this result. > > I''ll need the entire test directory. > > Thanks, > -TomTom The directory is attached. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> On Tuesday 19 June 2007 01:39, Tom Eastep wrote: >> Steven Jan Springl wrote: >>> Tom >>> >>> Routestopped entry: >>> >>> br0:192.168.21.21 - critical >>> >>> while not documented as valid, is accepted by shorewall start/restart >>> commands and generates the same iptables rules as entry: >>> >>> br0 192.168.21.21 critical >>> >>> However, shorewall stop/clear commands produce the following error >>> message: >>> >>> iptables v1.3.7: interface name `br0:192.168.21.21'' must be shorter than >>> IFNAMSIZ (15) >> Sorry -- I can''t reproduce this result. >> >> I''ll need the entire test directory. >> >> Thanks, >> -Tom > Tom > > The directory is attached. >When I compile the configuration in that directory, I get no instance of br0:192.168.21.21 in the generated script. Please send your compiled script. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Mon, 2007-06-18 at 18:55 -0700, Tom Eastep wrote:> Steven Jan Springl wrote:> > The directory is attached. > > > > When I compile the configuration in that directory, I get no instance of > br0:192.168.21.21 in the generated script. Please send your compiled script.Never mind -- this problem is independent of which compiler is used. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> On Mon, 2007-06-18 at 18:55 -0700, Tom Eastep wrote: >> Steven Jan Springl wrote: > >>> The directory is attached. >>> >> When I compile the configuration in that directory, I get no instance of >> br0:192.168.21.21 in the generated script. Please send your compiled script. > > Never mind -- this problem is independent of which compiler is used.Up to now, when the full version of Shorewall is used (as opposed to Shorewall Lite), the ''stop'' and ''clear'' commands continue to be handled by /usr/share/shorewall/firewall. That script parses and executes the commands in one pass. So for stop/clear, it really doesn''t make any sense to carefully edit the /etc/shorewall/routestopped file for correctness; the code just makes a best-faith effort to do what the user asked. Given that the same code parses the routestopped file for the Shorewall-shell compiler, that compiler currently doesn''t edit the file carefully either. I''ve modified /sbin/shorewall in the 4.0 path to use /var/lib/shorewall/.restore for executing these commands (if it exists) and I''ve modified Shorewall-perl to validate the contents of the INTERFACE column. I''ll ask Roberto to take a look at Shorewall-shell when he returns from vacation. Fix is in r6597. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Good morning Tom. After the application of r6612, rule: ACCEPT p2 all tcp http:pop3 produces the following errors: Argument "pop3" isn''t numeric in numeric lt (<) at /usr/share/shorewall-perl/Shorewall/Chains.pm line 789, <$currentfile> line 28. Argument "http" isn''t numeric in numeric lt (<) at /usr/share/shorewall-perl/Shorewall/Chains.pm line 789, <$currentfile> line 28. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Good morning Tom. > > After the application of r6612, rule: > > ACCEPT p2 all tcp http:pop3 > > produces the following errors: > > Argument "pop3" isn''t numeric in numeric lt (<) > at /usr/share/shorewall-perl/Shorewall/Chains.pm line 789, <$currentfile> > line 28. > > Argument "http" isn''t numeric in numeric lt (<) > at /usr/share/shorewall-perl/Shorewall/Chains.pm line 789, <$currentfile> > line 28.Good afternoon, Steven. Missing line of code restored in r6613. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Good morning Tom. As the shorewall-perl compiler now validates the tcp/udp port, is it also worth validating the icmp type? Currently if the value falls outside of the range 0 - 255, iptables-restore produces an error. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Steven Jan Springl wrote:> Good morning Tom. > > As the shorewall-perl compiler now validates the tcp/udp port, is it also > worth validating the icmp type? Currently if the value falls outside of the > range 0 - 255, iptables-restore produces an error.Hi Steven, Good idea -- it''s currently validating the icmp type names but it isn''t range-checking the numbers. We''ll have to wait until Beta 7 since I just uploaded Beta 6. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Steven Jan Springl wrote: >> Good morning Tom. >> >> As the shorewall-perl compiler now validates the tcp/udp port, is it also >> worth validating the icmp type? Currently if the value falls outside of the >> range 0 - 255, iptables-restore produces an error. > > Hi Steven, > > Good idea -- it''s currently validating the icmp type names but it isn''t > range-checking the numbers. We''ll have to wait until Beta 7 since I just > uploaded Beta 6.Added in r6645. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/