Beta 1 is now available for testing.
Problems Corrected:
1) When ipset version 5 or later was installed, the ''shorewall show
dynamic <zone>'' command produced no output, and the
''add'' command
failed with this error message:
Zone <zone>, interface <interface> does not have a dynamic
host list"
2) When generating ipset names for dynamic zones, the compiler was
dropping dashes (''-'') from the interface name and adding
a
unique suffix. For example the chain for zone ''foo'' and
interface
''bar-if'' might be ''foo_barif_1''. Dashes
are now retained so the
generated name in this example will be ''foo_bar-if''. This
also
allows the ''add'' and ''delete'' commands
to work correctly when the
interface name contains one or more dashes.
Although dash is documented as being an accepted character in ipset
names, names containing a dash were not accepted in all
contexts. That has been corrected.
New Features:
1) In most contexts, Shorewall6 has required IPv6 addresses to be
enclosed in either angled brackets ( <....> , deprecated) or in
square brackets ([....]). This includes network addresses, where
both the IPv6 address and the VLSM are required to be within the
brackets (e.g., [2001;470:b:787::/64]). This is different from the
industry-standard network form which encloses the IPv6 address in
square brackets, with the VLSM following the closing bracket (e.g.,
[2001:470:b:787::]/64). Beginning with this release, the
industry-standard representation is also accepted by Shorewall6.
Note: Those of you who read the patches will have probably
noticed that this change was actually in 4.5.8; because the change
was commited late in the 4.5.8 release cycle, we chose not to
document it until this release to allow for adequate Beta testing.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Don''t let slow site performance ruin your business. Deploy New Relic
APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
Tom The following Shorewall6 hosts file entry: abc eth2:<2001::-2001:1::!2001::4-2001::8> routeback,........ Produces the following message: ERROR: Unknown Host (2001::-2001:1::) /etc/shorewall66/hosts (line 11) This worked in 4.5.8 RC2. Steven. ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 2:16 PM, Steven Jan Springl wrote:> Tom > > The following Shorewall6 hosts file entry: > > abc eth2:<2001::-2001:1::!2001::4-2001::8> routeback,........ > > Produces the following message: > > ERROR: Unknown Host (2001::-2001:1::) /etc/shorewall66/hosts (line 11) > > This worked in 4.5.8 RC2.Steven, This patch seems to correct the problem. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On Sunday 07 Oct 2012 23:50:40 Tom Eastep wrote:> On 10/7/12 2:16 PM, Steven Jan Springl wrote: > > Tom > > > > The following Shorewall6 hosts file entry: > > > > abc eth2:<2001::-2001:1::!2001::4-2001::8> routeback,........ > > > > Produces the following message: > > > > ERROR: Unknown Host (2001::-2001:1::) /etc/shorewall66/hosts (line 11) > > > > This worked in 4.5.8 RC2. > > Steven, > > This patch seems to correct the problem. > > Thanks, > -TomTom Confirmed, the patch corrects the problem. Thanks. Steven. ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 4:16 PM, Steven Jan Springl wrote:> On Sunday 07 Oct 2012 23:50:40 Tom Eastep wrote: >> On 10/7/12 2:16 PM, Steven Jan Springl wrote: >>> Tom >>> >>> The following Shorewall6 hosts file entry: >>> >>> abc eth2:<2001::-2001:1::!2001::4-2001::8> routeback,........ >>> >>> Produces the following message: >>> >>> ERROR: Unknown Host (2001::-2001:1::) /etc/shorewall66/hosts (line 11) >>> >>> This worked in 4.5.8 RC2. >> >> Steven, >> >> This patch seems to correct the problem. >> >> Thanks, >> -Tom > > Tom > > Confirmed, the patch corrects the problem. > > Thanks.Thanks, Steven This defect also affects IPv4 and is a rather serious regression. I will be releasing 4.5.8.2 in a day or two. Distribution maintainers may wish to skip 4.5.8.1 and wait for 4.5.8.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
Tom The following Shorewall6 hosts file entry: abc eth3:!+set1 Produces the following message: ERROR: Invalid HOST(S) column contents: eth3:!+set1 /etc/shorewall66/hosts (line 15) This worked in 4.5.8 RC2. Steven. ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 4:35 PM, Steven Jan Springl wrote:> Tom > > The following Shorewall6 hosts file entry: > > abc eth3:!+set1 > > Produces the following message: > > ERROR: Invalid HOST(S) column contents: eth3:!+set1 /etc/shorewall66/hosts > (line 15) > > This worked in 4.5.8 RC2. >Steven, This patch seems to fix it. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 4:35 PM, Steven Jan Springl wrote:> Tom > > The following Shorewall6 hosts file entry: > > abc eth3:!+set1 > > Produces the following message: > > ERROR: Invalid HOST(S) column contents: eth3:!+set1 /etc/shorewall66/hosts > (line 15) > > This worked in 4.5.8 RC2. > > Steven. > > ------------------------------------------------------------------------------ > Don''t let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > Shorewall-devel mailing list > Shorewall-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-devel >-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 5:24 PM, Tom Eastep wrote:> On 10/7/12 4:35 PM, Steven Jan Springl wrote: >> Tom >> >> The following Shorewall6 hosts file entry: >> >> abc eth3:!+set1 >> >> Produces the following message: >> >> ERROR: Invalid HOST(S) column contents: eth3:!+set1 /etc/shorewall66/hosts >> (line 15) >> >> This worked in 4.5.8 RC2. >> > > Steven, > > This patch seems to fix it. >Steven, Here is the complete patch. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On Monday 08 Oct 2012 01:27:13 Tom Eastep wrote:> On 10/7/12 5:24 PM, Tom Eastep wrote: > > On 10/7/12 4:35 PM, Steven Jan Springl wrote: > >> Tom > >> > >> The following Shorewall6 hosts file entry: > >> > >> abc eth3:!+set1 > >> > >> Produces the following message: > >> > >> ERROR: Invalid HOST(S) column contents: eth3:!+set1 > >> /etc/shorewall66/hosts (line 15) > >> > >> This worked in 4.5.8 RC2. > > > > Steven, > > > > This patch seems to fix it. > > Steven, > > Here is the complete patch. > > Thanks, > -TomTom Confirmed, the patch corrects the issue. Thanks. Steven. ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/7/12 5:36 PM, Steven Jan Springl wrote:> > Confirmed, the patch corrects the issue. >Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/08/2012 01:27 AM, Tom Eastep wrote:> > This defect also affects IPv4 and is a rather serious regression. I will > be releasing 4.5.8.2 in a day or two. > > Distribution maintainers may wish to skip 4.5.8.1 and wait for 4.5.8.2.In that case there is a problem also with the install of shorewall, shorewall6 and shorewall-init. When systemd is available then both the lite products skip installing the /etc/init.d scripts. But that is not the case with the above mentioned ones. Now for me as the maintainer for opensuse, I am working with 4 releases of opensuse and only in the Factory version sysv-init support will be dropped, two releases do have systemd and and sysv-init and one release is only sysv-init. I need to provide the flexibility to the end user who prefers one of the other and hence rather than me dancing around the install scripts, would it be possible to have install scripts to install both if systemd is present , maybe a parameter with Y/N Thanks Togan ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/07/2012 11:51 PM, Togan Muftuoglu wrote:> On 10/08/2012 01:27 AM, Tom Eastep wrote: >> >> This defect also affects IPv4 and is a rather serious regression. I will >> be releasing 4.5.8.2 in a day or two. >> >> Distribution maintainers may wish to skip 4.5.8.1 and wait for 4.5.8.2. > > In that case there is a problem also with the install of shorewall, > shorewall6 and shorewall-init. > > When systemd is available then both the lite products skip installing > the /etc/init.d scripts. But that is not the case with the above > mentioned ones. > > Now for me as the maintainer for opensuse, I am working with 4 releases > of opensuse and only in the Factory version sysv-init support will be > dropped, two releases do have systemd and and sysv-init and one release > is only sysv-init. > > I need to provide the flexibility to the end user who prefers one of the > other and hence rather than me dancing around the install scripts, would > it be possible to have install scripts to install both if systemd is > present , maybe a parameter with Y/NThere are currently SYSTEMD and INITFILE parameters in shorewallrc. Let''s just use those. If SYSTEMD is specified, then the .service file is installed. If INITFILE is installed, then the sysv-init script is installed. Does that work for you? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
On 10/08/2012 04:27 PM, Tom Eastep wrote:> On 10/07/2012 11:51 PM, Togan Muftuoglu wrote: >> On 10/08/2012 01:27 AM, Tom Eastep wrote: >>> >>> This defect also affects IPv4 and is a rather serious regression. I will >>> be releasing 4.5.8.2 in a day or two. >>> >>> Distribution maintainers may wish to skip 4.5.8.1 and wait for 4.5.8.2. >> >> In that case there is a problem also with the install of shorewall, >> shorewall6 and shorewall-init. >> >> When systemd is available then both the lite products skip installing >> the /etc/init.d scripts. But that is not the case with the above >> mentioned ones. >> >> Now for me as the maintainer for opensuse, I am working with 4 releases >> of opensuse and only in the Factory version sysv-init support will be >> dropped, two releases do have systemd and and sysv-init and one release >> is only sysv-init. >> >> I need to provide the flexibility to the end user who prefers one of the >> other and hence rather than me dancing around the install scripts, would >> it be possible to have install scripts to install both if systemd is >> present , maybe a parameter with Y/N > > There are currently SYSTEMD and INITFILE parameters in shorewallrc. > Let''s just use those. If SYSTEMD is specified, then the .service file is > installed. If INITFILE is installed, then the sysv-init script is installed. > > Does that work for you?Frankly the answer is no as opensuse 12.1 and 12.2 both provide sysv-init and systemd and the user can choose and I have to provide both options, with the Factory (the upcoming version) it is only systemd so life is easier. But on the other hand, it is neither fair to you nor to other maintainers to be affected by this thing and it''s better it is fixed for all rather then a specific case, hence your proposal makes sense. I''ll try to find a way to solve my builds :( Togan ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev