Brian J. Murrell
2009-Dec-06 05:06 UTC
shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the first line of the determine_capabilities() function in lib.base is: qt $IP6TABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED which is followed somewhat further down in the function with: [ -n "$IP6TABLES" ] || IP6TABLES=$(mywhich ip6tables) But shouldn''t the test for the mangle table come after the conditional setting of IP6TABLES? FWIW, the difference in shorecap output when I make the shorewall-lite -> shorewall6-lite changes and fix the IP6TABLES bug above is: @@ -1,7 +1,6 @@ # -# Shorewall 4.2.8 detected the following iptables/netfilter capabilities - Sat Dec 5 23:32:07 EST 2009 +# Shorewall6 4.2.8 detected the following ip6tables/netfilter capabilities - Sun Dec 6 00:04:48 EST 2009 # -NAT_ENABLED=Yes MANGLE_ENABLED=Yes MULTIPORT=Yes XMULTIPORT=Yes @@ -16,7 +15,7 @@ IPRANGE_MATCH=Yes RECENT_MATCH=Yes OWNER_MATCH-IPSET_MATCH=Yes +IPSET_MATCH CONNMARK=Yes XCONNMARK=Yes CONNMARK_MATCH=Yes Cheers, b. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Tom Eastep
2009-Dec-06 06:14 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
Brian J. Murrell wrote:> Hey all, > > Just a sanity check, but should the shorecap script in shorewall6-lite > be sourcing /usr/share/shorewall6-lite/lib.base rather > than /usr/share/shorewall-lite/lib.base like it does currently? > > In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ > in shorecap in shorewall6-lite? Maybe there is more of that lurking > about as well. > > Also, the first line of the determine_capabilities() function in > lib.base is: > > qt $IP6TABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED> > which is followed somewhat further down in the function with: > > [ -n "$IP6TABLES" ] || IP6TABLES=$(mywhich ip6tables) > > But shouldn''t the test for the mangle table come after the conditional > setting of IP6TABLES? >I''ll fix these in the next 4.4 release; think I''ll wait on 4.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Brian J. Murrell
2009-Dec-06 13:46 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
On Sat, 2009-12-05 at 22:14 -0800, Tom Eastep wrote:> > I''ll fix these in the next 4.4 release; think I''ll wait on 4.2.OK. I will patch OpenWRT''s package then. Any thoughts on any (in-)compatibilities that might arise trying to load a 4.4 shorewall[6]-lite from a 4.2 shorewall[6] machine? b. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Tom Eastep
2009-Dec-06 18:10 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
Brian J. Murrell wrote:> On Sat, 2009-12-05 at 22:14 -0800, Tom Eastep wrote: >> I''ll fix these in the next 4.4 release; think I''ll wait on 4.2. > > OK. I will patch OpenWRT''s package then. > > Any thoughts on any (in-)compatibilities that might arise trying to load > a 4.4 shorewall[6]-lite from a 4.2 shorewall[6] machine?None -- I never test anything like that. But I''ve uploaded 4.2.11.2 and 4.4.4.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Simon Matter
2009-Dec-07 07:54 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
> Brian J. Murrell wrote: >> On Sat, 2009-12-05 at 22:14 -0800, Tom Eastep wrote: >>> I''ll fix these in the next 4.4 release; think I''ll wait on 4.2. >> >> OK. I will patch OpenWRT''s package then. >> >> Any thoughts on any (in-)compatibilities that might arise trying to load >> a 4.4 shorewall[6]-lite from a 4.2 shorewall[6] machine? > > None -- I never test anything like that. > > But I''ve uploaded 4.2.11.2 and 4.4.4.2.Hi Tom, Somehow the 4.4.4.2 patches are not the way they should be. You may want to check your build scripts I think. Thanks, Simon ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Tuomo Soini
2009-Dec-07 10:19 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
Simon Matter wrote:> Somehow the 4.4.4.2 patches are not the way they should be. You may want > to check your build scripts I think.patch-6-4.4.4.2 and patch-6-lite-4.4.4.2 seem to be wrong. That''s propably because 4.4.4.1 was skipped so there was no 4.4.4.1 to compare against. -- Tuomo Soini <tis@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Tom Eastep
2009-Dec-07 15:05 UTC
Re: shorewall6-lite''s shorecap sourcing /usr/share/shorewall-lite/lib.base?
Simon Matter wrote:>> Brian J. Murrell wrote: >>> On Sat, 2009-12-05 at 22:14 -0800, Tom Eastep wrote: >>>> I''ll fix these in the next 4.4 release; think I''ll wait on 4.2. >>> OK. I will patch OpenWRT''s package then. >>> >>> Any thoughts on any (in-)compatibilities that might arise trying to load >>> a 4.4 shorewall[6]-lite from a 4.2 shorewall[6] machine? >> None -- I never test anything like that. >> >> But I''ve uploaded 4.2.11.2 and 4.4.4.2. > > Hi Tom, > > Somehow the 4.4.4.2 patches are not the way they should be. You may want > to check your build scripts I think.When I built shorewall-4.4.4.2, my build script overwrite the correct 4.4.4.2 patches for Shorewall6 and Shorewall6-lite. The patches on my web/ftp site (www1/ftp1) should now be correct. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev