Morning Support, Any ideas as to why my firewall rules do not recognise any of the protocols I place within my rules example:- ======================================== ACTION SOURCE DEST PROTO DEST # ACCEPT net $FW tcp 22 ======================================= When I attempt to restart the firewall that''s when it throws up the unknown protocol error. Regards, Aziz Hauari Swift Computers Tel: 0870 748 1233 Fax: 0870 748 1244 azizh@swiftcomputers.co.uk <mailto:azizh@swiftcomputers.co.uk> technical@swiftcomputers.co.uk <mailto:technical@swiftcomputers.co.uk> Swift Computers Ltd Registered number No.3211543 (England & Wales) Registered office Unit 3,12 Trading Estate Road,London.NW10 7LU VAT number : GB678037310 ***************************************************************************************Information in this message is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed, and must not be used or copied by any other person. If you are not the intended recipient, please notify the sender, and delete the message from your system immediately. Opinions expressed are not necessarily those of the Swift Computers Limited, unless otherwise stated. This message is not guaranteed to be free from virus infections or data corruption, although care is taken in its preparation. It is not intended to serve as part of a legally binding contract. Reference made to any materials, goods or services carry the protection of copyright.*************************************************************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Bob Coffman - Info From Data Corp.
2008-Feb-06 14:28 UTC
Re: Unrecognised Protocol with 4.0.8.2
>Any ideas as to why my firewall rules do not recognise any of the protocolsI place within my rules example Rule looks fine, I can only speculate that $FW has something in it that is breaking it. Did you modify that in shorewall.conf? ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hi Bob, The only thing I changed was the "startup enabled" which I set to yes, I followed the following documentation as a basic guideline. http://www.shorewall.net/Introduction.html From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Bob Coffman - Info From Data Corp. Sent: 06 February 2008 14:28 To: ''Shorewall Users'' Subject: Re: [Shorewall-users] Unrecognised Protocol with 4.0.8.2>Any ideas as to why my firewall rules do not recognise any of theprotocols I place within my rules example Rule looks fine, I can only speculate that $FW has something in it that is breaking it. Did you modify that in shorewall.conf? This message has been scanned for viruses by MailController <http://www.mailcontroller.altohiway.com/> . Swift Computers Ltd Registered number No.3211543 (England & Wales) Registered office Unit 3,12 Trading Estate Road,London.NW10 7LU VAT number : GB678037310 ***************************************************************************************Information in this message is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed, and must not be used or copied by any other person. If you are not the intended recipient, please notify the sender, and delete the message from your system immediately. Opinions expressed are not necessarily those of the Swift Computers Limited, unless otherwise stated. This message is not guaranteed to be free from virus infections or data corruption, although care is taken in its preparation. It is not intended to serve as part of a legally binding contract. Reference made to any materials, goods or services carry the protection of copyright.*************************************************************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Aziz Hauari wrote:> Hi Bob, > > > > The only thing I changed was the “startup enabled” which I set to yes, I > followed the following documentation as a basic guideline. > > > > http://www.shorewall.net/Introduction.htmlYou should go on to follow the quickstart guide that matches your configuration: http://www.shorewall.net/shorewall_quickstart_guide.htm If you can''t get it running, then tar up your /etc/shorewall/ directory and send it to support@shorewall.net and I''ll take a look. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Apologies that is correct. I will forward the error message in regards to the unknown/invalid protocol -----Original Message----- From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Tom Eastep Sent: 06 February 2008 16:38 To: Shorewall Users Subject: Re: [Shorewall-users] Unrecognised Protocol with 4.0.8.2 Tom Eastep wrote:> > Given that Aziz calls out Shorewall version 4.0.8.2, I assume that > we''re talking about Shorewall-perl.I should also mention that there is no Shorewall version 4.0.8.2 so I assume that the version is actually 4.0.8.1? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Swift Computers Ltd Registered number No.3211543 (England & Wales) Registered office Unit 3,12 Trading Estate Road,London.NW10 7LU VAT number : GB678037310 ***************************************************************************************Information in this message is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed, and must not be used or copied by any other person. If you are not the intended recipient, please notify the sender, and delete the message from your system immediately. Opinions expressed are not necessarily those of the Swift Computers Limited, unless otherwise stated. This message is not guaranteed to be free from virus infections or data corruption, although care is taken in its preparation. It is not intended to serve as part of a legally binding contract. Reference made to any materials, goods or services carry the protection of copyright.************************* ************************************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Bob Coffman - Info From Data Corp. wrote:>>Any ideas as to why my firewall rules do not recognise any of the > protocols I place within my rules example > > Rule looks fine, I can only speculate that $FW has something in it that > is breaking it. Did you modify that in shorewall.conf?Given that Aziz calls out Shorewall version 4.0.8.2, I assume that we''re talking about Shorewall-perl. That compiler doesn''t support the pre-3.0 convention of setting FW in shorewall.conf. Bob''s conjecture about $FW can be confirmed by looking at the error message. ERROR: Invalid/Unknown protocol (xxx) ''xxx'' is what the compiler believes to be the contents of the PROTO column. If that isn''t the protocol that was specified in the rule, then $FW is certainly suspect. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:> > Given that Aziz calls out Shorewall version 4.0.8.2, I assume that we''re > talking about Shorewall-perl.I should also mention that there is no Shorewall version 4.0.8.2 so I assume that the version is actually 4.0.8.1? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Wed, Feb 06, 2008 at 08:32:49AM -0800, Tom Eastep wrote:> Bob''s conjecture about $FW can be confirmed by looking at the error message. > > ERROR: Invalid/Unknown protocol (xxx) > > ''xxx'' is what the compiler believes to be the contents of the PROTO > column. If that isn''t the protocol that was specified in the rule, then > $FW is certainly suspect.And about the only other thing I can think of is some kind of funky whitespace-that-isn''t-really-whitespace (unicode weirdness or something). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
People!!, I solved the issue, silly really I was inserting the rule on the wrong line (I blame being a beginner), however I probably will need more help later. Stay in touch and thank you for your help everyone. -----Original Message----- From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] On Behalf Of Andrew Suffield Sent: 06 February 2008 16:50 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Unrecognised Protocol with 4.0.8.2 On Wed, Feb 06, 2008 at 08:32:49AM -0800, Tom Eastep wrote:> Bob''s conjecture about $FW can be confirmed by looking at the errormessage.> > ERROR: Invalid/Unknown protocol (xxx) > > ''xxx'' is what the compiler believes to be the contents of the PROTO > column. If that isn''t the protocol that was specified in the rule,then> $FW is certainly suspect.And about the only other thing I can think of is some kind of funky whitespace-that-isn''t-really-whitespace (unicode weirdness or something). ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users This message has been scanned for viruses by MailController - www.MailController.altohiway.com Swift Computers Ltd Registered number No.3211543 (England & Wales) Registered office Unit 3,12 Trading Estate Road,London.NW10 7LU VAT number : GB678037310 ***************************************************************************************Information in this message is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed, and must not be used or copied by any other person. If you are not the intended recipient, please notify the sender, and delete the message from your system immediately. Opinions expressed are not necessarily those of the Swift Computers Limited, unless otherwise stated. This message is not guaranteed to be free from virus infections or data corruption, although care is taken in its preparation. It is not intended to serve as part of a legally binding contract. Reference made to any materials, goods or services carry the protection of copyright.************************* ************************************************************** ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Wed, Feb 06, 2008 at 04:49:57PM +0000, Andrew Suffield wrote:> And about the only other thing I can think of is some kind of funky > whitespace-that-isn''t-really-whitespace (unicode weirdness or > something).It might be a good idea to nip that in the bud before somebody actually does it. This should do the trick (in read_a_line, I think): fatal_error "Non-ASCII gunk in file" if /[^\s[:print:]]/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrew Suffield wrote:> On Wed, Feb 06, 2008 at 04:49:57PM +0000, Andrew Suffield wrote: >> And about the only other thing I can think of is some kind of funky >> whitespace-that-isn''t-really-whitespace (unicode weirdness or >> something). > > It might be a good idea to nip that in the bud before somebody > actually does it. This should do the trick (in read_a_line, I think): > > fatal_error "Non-ASCII gunk in file" if /[^\s[:print:]]/Done. Thanks, Andrew -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/