Hi, I''m returning to Shorewall after a 4 year absence. In my new job, I''m in the process of upgrading our router. It currently has Shorewall 3.* running on it. I''ve downloaded and install 4.4 on the new system> Configuring Shorewall 4.4 on an Ubuntu system. Have a problem with the TOS file. I have a number of zones defined (zones file and tos file are below). One of the zones is called LAN. When the source zone is LAN, I get the following error:> ERROR: Unknown Interface (LAN) : /etc/shorewall/tos (line 9)When I replace the LAN with "eth0", it works. According to the manual, it should accept any zone declared in the Zones file. Instead, it is requiring an interface. This is still in a test environment. Any ideas? Thanks in advance. JBB> # > # Shorewall version 4 - Zones File > # > # For information about this file, type "man shorewall-zones" > # > # The manpage is also online at > # http://www.shorewall.net/manpages/shorewall-zones.html > # > ############################################################################### > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > VPN ipv4 > LAN ipv4 > DMZ ipv4 > DMZ2 ipv4 > WAN0 ipv4 > WAN1 ipv4 > WAN2 ipv4 > WAN3 ipv4 > WAN4 ipv4 > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE> # > # Shorewall version 4 - Tos File > # > # For information about entries in this file, type "man shorewall-tos" > # > ############################################################################### > #SOURCE DEST PROTOCOL SOURCE DEST TOS MARK > # PORTS PORTS > eth0 all tcp - 443 8 > eth0 all tcp - 80 8 > eth0 all tcp - 443 16 > eth0 all tcp - 80 16 > #LAST LINE -- Add your entries above -- DO NOT REMOVE------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Jonathan Bayer wrote:> Hi, > > I''m returning to Shorewall after a 4 year absence. In my new job, I''m > in the process of upgrading our router. It currently has Shorewall 3.* > running on it. > > I''ve downloaded and install 4.4 on the new system> > > Configuring Shorewall 4.4 on an Ubuntu system. > > Have a problem with the TOS file. I have a number of zones defined > (zones file and tos file are below). One of the zones is called LAN. > When the source zone is LAN, I get the following error: > > >> ERROR: Unknown Interface (LAN) : /etc/shorewall/tos (line 9) > > When I replace the LAN with "eth0", it works. According to the manual, > it should accept any zone declared in the Zones file. Instead, it is > requiring an interface.Which manual are you reading? The perl-based rules compiler (which is the only one included in 4.4) has never supported zone names. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Tom Eastep wrote:> > Which manual are you reading? The perl-based rules compiler (which is > the only one included in 4.4) has never supported zone names. >Ah -- I see your confusion. The tos manpage still includes both the Shorewall-shell and Shorewall-perl syntax. You were looking at the Shorewall-shell syntax. I''ve deleted the obsolete syntax from the manpage for Beta 2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org