heriyanto
2012-Jun-06 06:12 UTC
Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards, ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Tom Eastep
2012-Jun-06 14:35 UTC
Re: Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
On 06/05/2012 11:12 PM, heriyanto wrote:> Dear All, > > I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, > after upgrade i can''t start shorewall with this message: > > "/Shorewall: Address Ranges require the Multiple Match capability in > your kernel and iptables/" > > I try to search on the net about this, but no still no light. Somebody > can help me?The attached patch should allow you to work around the problem: patch /usr/share/shorewall/Shorewall/Chains.pm < IPRANGE.patch -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
heriyanto
2012-Jun-07 06:35 UTC
Re: Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
Patch is work thank you very much. There is any release for this version? On 06/06/2012 09:35 PM, Tom Eastep wrote:> On 06/05/2012 11:12 PM, heriyanto wrote: >> Dear All, >> >> I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, >> after upgrade i can''t start shorewall with this message: >> >> "/Shorewall: Address Ranges require the Multiple Match capability in >> your kernel and iptables/" >> >> I try to search on the net about this, but no still no light. Somebody >> can help me? > > The attached patch should allow you to work around the problem: > > patch /usr/share/shorewall/Shorewall/Chains.pm < IPRANGE.patch > > -Tom > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Tom Eastep
2012-Jun-07 13:27 UTC
Re: Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
On 06/06/2012 11:35 PM, heriyanto wrote:> Patch is work thank you very much. There is any release for this version? >A cleaner patch is included in 4.5.5 RC 1 which was uploaded yesterday. It will also be included in 4.5.4.2 which will be released shortly. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
heriyanto
2012-Jul-30 03:43 UTC
Re: Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
in version 4.4.13-3 i using format dmz 192.168.0.1-192.168.0.99 for content hosts file. after i upgrade to 4.5.2.3-1 its cannot do restart, show error message like on bellow. With patch that you attach, error message disappear. But when i try to test my network, but now new issue come sfilter always drop my packet that list on host file. even i try to modify using dmz 192.168.0.1,192.168.0.2,192.168.0.3,etc in hosts file. sfilter:DROP:IN=br0 OUT=br0 PHYSIN=tap0 PHYSOUT=eth1 sfilter:DROP:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0 Thanks Best regards, Heriyanto On 06/06/2012 09:35 PM, Tom Eastep wrote:> On 06/05/2012 11:12 PM, heriyanto wrote: >> Dear All, >> >> I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, >> after upgrade i can''t start shorewall with this message: >> >> "/Shorewall: Address Ranges require the Multiple Match capability in >> your kernel and iptables/" >> >> I try to search on the net about this, but no still no light. Somebody >> can help me? > > The attached patch should allow you to work around the problem: > > patch /usr/share/shorewall/Shorewall/Chains.pm < IPRANGE.patch > > -Tom > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today''s security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Tom Eastep
2012-Jul-30 13:51 UTC
Re: Error when upgrade from shorewall-4.4.13-3 to shorewall-4.5.2.3-1
On 07/29/2012 08:43 PM, heriyanto wrote:> in version 4.4.13-3 i using format dmz 192.168.0.1-192.168.0.99 for > content hosts file. > after i upgrade to 4.5.2.3-1 its cannot do restart, show error message > like on bellow. > With patch that you attach, error message disappear. But when i try to > test my network, > but now new issue come sfilter always drop my packet that list on host file. > even i try to modify using dmz 192.168.0.1,192.168.0.2,192.168.0.3,etc > in hosts file. > > sfilter:DROP:IN=br0 OUT=br0 PHYSIN=tap0 PHYSOUT=eth1 > sfilter:DROP:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap0 > >Set the ''routeback'' option on br0 in /etc/shorewall/interfaces. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/