Problems Corrected in 3.2.11
1) The CHAIN variable is now set correctly before the maclog extension
script is called.
2) When ROUTE_FILTER=Yes in shorewall.conf, Shorewall no longer clears
the rp_filter flag for all interfaces.
3) When LOG_MARTIANS=Yes in shorewall.conf, Shorewall no longer clears
the log_martians flag for all interfaces.
4) Previously, using a port list in the DEST PORT(S) column of the
rules file or in an action file caused an invalid iptables command
to be generated.
5) A bug prevented proper handling of PREROUTING marks when
HIGH_ROUTE_MARKS=No and the track option was specified in
/etc/shorewall/providers.
Other Changes in 3.2.11
1) A LOCKFILE option has been added to shorewall.conf. This file is
used to serialize updates to the active firewall configuration.
If not specified, the defaults are:
Shorewall - /var/lib/shorewall/lock
Shorewall Lite - /var/lib/shorewall-lite/lock
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Tom Eastep > Sent: Wednesday, August 22, 2007 8:07 AM > To: shorewall-users; Shorewall Announcements > Subject: [Shorewall-users] Shorewall 3.2.11 > > Problems Corrected in 3.2.11 > > 1) The CHAIN variable is now set correctly before the maclog extension > script is called. > > 2) When ROUTE_FILTER=Yes in shorewall.conf, Shorewall no longer clears > the rp_filter flag for all interfaces. > > 3) When LOG_MARTIANS=Yes in shorewall.conf, Shorewall no longer clears > the log_martians flag for all interfaces. > > 4) Previously, using a port list in the DEST PORT(S) column of the > rules file or in an action file caused an invalid iptables command > to be generated. > > 5) A bug prevented proper handling of PREROUTING marks when > HIGH_ROUTE_MARKS=No and the track option was specified in > /etc/shorewall/providers. > > Other Changes in 3.2.11 > > 1) A LOCKFILE option has been added to shorewall.conf. This file is > used to serialize updates to the active firewall configuration. > > If not specified, the defaults are: > > Shorewall - /var/lib/shorewall/lock > Shorewall Lite - /var/lib/shorewall-lite/lock > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.keyI get this on a firewall I just upgraded via RPM from 3.2.10 when I run shorewall check: /usr/share/shorewall/compiler: line 7125: syntax error near unexpected token `fi '' /usr/share/shorewall/compiler: line 7125: ` fi'' Is this a bug or just me? :^) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Wed, 2007-08-22 at 15:12 -0700, List Receiver wrote:> > I get this on a firewall I just upgraded via RPM from 3.2.10 when I run shorewall check: > > /usr/share/shorewall/compiler: line 7125: syntax error near unexpected token `fi > '' > /usr/share/shorewall/compiler: line 7125: ` fi'' > > Is this a bug or just me? :^)Bug -- there is an obvious typo at line 7117; ''THEN'' should be ''then''. Making that change will get you going -- I''ll release corrected packages. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Wed, 2007-08-22 at 15:21 -0700, Tom Eastep wrote:> On Wed, 2007-08-22 at 15:12 -0700, List Receiver wrote: > > > > > I get this on a firewall I just upgraded via RPM from 3.2.10 when I run shorewall check: > > > > /usr/share/shorewall/compiler: line 7125: syntax error near unexpected token `fi > > '' > > /usr/share/shorewall/compiler: line 7125: ` fi'' > > > > Is this a bug or just me? :^) > > Bug -- there is an obvious typo at line 7117; ''THEN'' should be ''then''. > > Making that change will get you going -- I''ll release corrected > packages.Corrected packages are available at: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/ ftp://ftp1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/ md5sums of the corrected packages are: 1981d7a6463e042056dd4704ffeaa326 shorewall-3.2.11-1.noarch.rpm 48a868365ee15f6926df2f83a961771b shorewall-3.2.11.tar.bz2 ce0dc5195a42a81b31395f1f337a4a9c shorewall-3.2.11.tgz 75143113f024da876dcc5d510a84b21f shorewall-docs-html-3.2.11.tar.bz2 503ef9cab7f2d8cf8366aa80b6079e3c shorewall-docs-html-3.2.11.tgz 173d24091c6b57d41aa0b49effde23b9 shorewall-docs-xml-3.2.11.tar.bz2 4cf914e5835b30bb1e57539de7807cdb shorewall-docs-xml-3.2.11.tgz a261f88ed1f821e3ab804d56663b108a shorewall-lite-3.2.11-1.noarch.rpm c3c90239e18594081e23396998171fd3 shorewall-lite-3.2.11.tar.bz2 e415fa54a0e70f24b76f84828c9e9334 shorewall-lite-3.2.11.tgz -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Tom Eastep > Sent: Wednesday, August 22, 2007 3:30 PM > To: Shorewall Users; Shorewall Announcements > Subject: Re: [Shorewall-users] Shorewall 3.2.11 > > On Wed, 2007-08-22 at 15:21 -0700, Tom Eastep wrote: > > On Wed, 2007-08-22 at 15:12 -0700, List Receiver wrote: > > > > > > > > I get this on a firewall I just upgraded via RPM from 3.2.10 when I > run shorewall check: > > > > > > /usr/share/shorewall/compiler: line 7125: syntax error near > > > unexpected token `fi '' > > > /usr/share/shorewall/compiler: line 7125: ` fi'' > > > > > > Is this a bug or just me? :^) > > > > Bug -- there is an obvious typo at line 7117; ''THEN'' should be > ''then''. > > > > Making that change will get you going -- I''ll release corrected > > packages. > > Corrected packages are available at: > > http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/ > ftp://ftp1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/ > > md5sums of the corrected packages are: > > 1981d7a6463e042056dd4704ffeaa326 shorewall-3.2.11-1.noarch.rpm > 48a868365ee15f6926df2f83a961771b shorewall-3.2.11.tar.bz2 > ce0dc5195a42a81b31395f1f337a4a9c shorewall-3.2.11.tgz > 75143113f024da876dcc5d510a84b21f shorewall-docs-html-3.2.11.tar.bz2 > 503ef9cab7f2d8cf8366aa80b6079e3c shorewall-docs-html-3.2.11.tgz > 173d24091c6b57d41aa0b49effde23b9 shorewall-docs-xml-3.2.11.tar.bz2 > 4cf914e5835b30bb1e57539de7807cdb shorewall-docs-xml-3.2.11.tgz > a261f88ed1f821e3ab804d56663b108a shorewall-lite-3.2.11-1.noarch.rpm > c3c90239e18594081e23396998171fd3 shorewall-lite-3.2.11.tar.bz2 > e415fa54a0e70f24b76f84828c9e9334 shorewall-lite-3.2.11.tgz > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.keyThanks Tom! I hate the obvious ones... I rsynced our server to your site, so they''re available on the primary Seattle mirror immediately. Hopefully that will save someone a small headache. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Wed, 2007-08-22 at 15:33 -0700, List Receiver wrote:> Thanks Tom! > > I hate the obvious ones...I do too. I debated last night whether to boot up my 3.2 test system and try out 3.2.11 before release. Given that all of the patches had already been applied to 3.4, I didn''t do it. Turns out that one of the 3.4 patches was broken at the time of the merge. It got corrected in 3.4 but not in 3.2. Sigh.... FWIW, I did install the corrected RPM and gave it a spin before I uploaded it.> > I rsynced our server to your site, so they''re available on the primary > Seattle mirror immediately. Hopefully that will save someone a small headache.Thanks Ty! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/