Beta 5 is now available for testing.
Problems corrected since Beta 4:
1) The generated script now correctly deletes Traffic Control
configurations when CLEAR_TC=Yes. Previously, the configurations on
interfaces with an ''@xxxxxx'' suffix in their names were
not cleared.
New Features since Beta 4
1) Protocol lists are now supported in the PROTO columns of the
following additional files:
accounting
conntrack
masq
secmarks
stoppedrules
tcfilters
tcpri
tcrules
2) When a terminating rule is added to the end of a chain, the
Compiler now marks that chain as ''complete'' and inhibits
the
appending of any additional rules.
A terminating rule is one that has no matches and either uses
''-g''
(goto) or is a jump to one of the following:
ACCEPT
DROP
RETURN
QUEUE
CLASSIFY
CT
DNAT
MASQUERADE
NETMAP
NFQUEUE
NOTRACK
REDIRECT
RAWDNAT
RAWSNAT
REJECT
SAME
SNAT
TPROXY
A chain with no RETURN statements and whose last rule is
terminating.
Additionally, when optimize level 4 is selected, chains that
contain a single RETURN rule are optimized away.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
On 01/10/2013 01:47 PM, Tom Eastep wrote:> Beta 5 is now available for testing. >Please apply the attached patch before trying to use Beta 5. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
On 01/10/2013 03:21 PM, Tom Eastep wrote:> On 01/10/2013 01:47 PM, Tom Eastep wrote: >> Beta 5 is now available for testing. >> > > Please apply the attached patch before trying to use Beta 5. >And if this email arrived too late and your loopback interface is already unusable, use this command to re-enable it: ip neigh replace 0.0.0.0 lladdr 00:00:00:00:00:00 nud noarp dev lo -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
Tom Eastep
2013-Jan-11 01:40 UTC
Fwd: Re: [Shorewall-devel] [PATCH] Re: Shorewall 4.5.12 Beta 5
-------- Original Message -------- Subject: Re: [Shorewall-devel] [PATCH] Re: Shorewall 4.5.12 Beta 5 Date: Thu, 10 Jan 2013 15:33:53 -0800 From: Tom Eastep <teastep@shorewall.net> Reply-To: shorewall-devel@lists.sourceforge.net To: shorewall-devel@lists.sourceforge.net On 01/10/2013 03:21 PM, Tom Eastep wrote:> On 01/10/2013 01:47 PM, Tom Eastep wrote: >> Beta 5 is now available for testing. >> > > Please apply the attached patch before trying to use Beta 5. >And if this email arrived too late and your loopback interface is already unusable, use this command to re-enable it: ip neigh replace 0.0.0.0 lladdr 00:00:00:00:00:00 nud noarp dev lo -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
Tom In the attached config. host file entry: lan eth0:!0.0.0.0/0 - generates the following iptables rule: -A PREROUTING -i eth0 -j ~excl0 which produces the following error message: iptables-restore v1.4.17: Couldn''t load target `~excl0'':No such file or directory Steven. ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On 01/11/2013 01:03 PM, Steven Jan Springl wrote:> In the attached config. host file entry: > > lan eth0:!0.0.0.0/0 - > > generates the following iptables rule: > > -A PREROUTING -i eth0 -j ~excl0 > > which produces the following error message: > > iptables-restore v1.4.17: Couldn''t load target `~excl0'':No such file or > directoryThe attached patch seems to eliminate the problem. I''m rather surprised that you haven''t run into this one before; there were similar cases is three of your large configurations that I have in my regression suite. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On 01/11/2013 01:50 PM, Tom Eastep wrote:> On 01/11/2013 01:03 PM, Steven Jan Springl wrote: > >> In the attached config. host file entry: >> >> lan eth0:!0.0.0.0/0 - >> >> generates the following iptables rule: >> >> -A PREROUTING -i eth0 -j ~excl0 >> >> which produces the following error message: >> >> iptables-restore v1.4.17: Couldn''t load target `~excl0'':No such file or >> directory > > The attached patch seems to eliminate the problem. I''m rather surprised > that you haven''t run into this one before; there were similar cases is > three of your large configurations that I have in my regression suite. >Here''s a better patch; that one has a serious defect. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On Friday 11 Jan 2013 22:07:34 Tom Eastep wrote:> On 01/11/2013 01:50 PM, Tom Eastep wrote: > > On 01/11/2013 01:03 PM, Steven Jan Springl wrote: > >> In the attached config. host file entry: > >> > >> lan eth0:!0.0.0.0/0 - > >> > >> generates the following iptables rule: > >> > >> -A PREROUTING -i eth0 -j ~excl0 > >> > >> which produces the following error message: > >> > >> iptables-restore v1.4.17: Couldn''t load target `~excl0'':No such file or > >> directory > > > > The attached patch seems to eliminate the problem. I''m rather surprised > > that you haven''t run into this one before; there were similar cases is > > three of your large configurations that I have in my regression suite. > > Here''s a better patch; that one has a serious defect. > > -TomTom Confirmed, the patch fixes the bug. I have reinstalled Beta4 and can confirm the bug did not exist in that release. Steven. ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On 01/11/2013 02:31 PM, Steven Jan Springl wrote:> > Confirmed, the patch fixes the bug. > > I have reinstalled Beta4 and can confirm the bug did not exist in that release. >Thanks Steven. This particular defect was there in earlier releases but Beta5 makes it much easier to trigger. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
Tom During the compilation of action.Drop in the attached config. the following error message is produced: Can''t use an undefined value as a symbol reference at /usr/share/shorewall/Shorewall/Config.pm line 1132. Steven ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On 01/11/2013 03:01 PM, Steven Jan Springl wrote:> During the compilation of action.Drop in the attached config. the following > error message is produced: > > Can''t use an undefined value as a symbol reference at > /usr/share/shorewall/Shorewall/Config.pm line 1132.The attached patch eliminates that diagnostic. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On Friday 11 Jan 2013 23:18:15 Tom Eastep wrote:> On 01/11/2013 03:01 PM, Steven Jan Springl wrote: > > During the compilation of action.Drop in the attached config. the > > following error message is produced: > > > > Can''t use an undefined value as a symbol reference at > > /usr/share/shorewall/Shorewall/Config.pm line 1132. > > The attached patch eliminates that diagnostic. > > Thanks Steven, > -TomTom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
On 01/11/2013 03:42 PM, Steven Jan Springl wrote:> > Confirmed, the patch fixes the issue. >Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812
Tom The attached config. generates the following iptables rule: -A fw2lan -p 17 -m conntrack --ctstate ESTABLISHED-o eth0 -j ACCEPT Which produces the following error message: iptables-restore v1.4.17: Bad ctstate "ESTABLISHED-o" The following iptables rules are also generated: -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-g ~log0 -m comment -- comment "ALLOW" -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-j Limit -m comment -- comment "ALLOW" Steven. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
On 1/11/13 5:20 PM, Steven Jan Springl wrote:> Tom > > The attached config. generates the following iptables rule: > > -A fw2lan -p 17 -m conntrack --ctstate ESTABLISHED-o eth0 -j ACCEPT > > Which produces the following error message: > > iptables-restore v1.4.17: Bad ctstate "ESTABLISHED-o" > > The following iptables rules are also generated: > > -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-g ~log0 -m comment -- > comment "ALLOW" > > -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-j Limit -m comment -- > comment "ALLOW"Thanks Steven, I have meetings tonight so it will be morning before I can respond. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
On Saturday 12 Jan 2013 01:39:18 Tom Eastep wrote:> On 1/11/13 5:20 PM, Steven Jan Springl wrote: > > Tom > > > > The attached config. generates the following iptables rule: > > > > -A fw2lan -p 17 -m conntrack --ctstate ESTABLISHED-o eth0 -j ACCEPT > > > > Which produces the following error message: > > > > iptables-restore v1.4.17: Bad ctstate "ESTABLISHED-o" > > > > The following iptables rules are also generated: > > > > -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-g ~log0 -m comment -- > > comment "ALLOW" > > > > -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-j Limit -m comment -- > > comment "ALLOW" > > Thanks Steven, > > I have meetings tonight so it will be morning before I can respond. > > -TomTom No problem, I''m off to bed now anyway. Steven. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
On 01/11/2013 05:52 PM, Steven Jan Springl wrote:> On Saturday 12 Jan 2013 01:39:18 Tom Eastep wrote: >> On 1/11/13 5:20 PM, Steven Jan Springl wrote: >>> The attached config. generates the following iptables rule: >>> >>> -A fw2lan -p 17 -m conntrack --ctstate ESTABLISHED-o eth0 -j ACCEPT >>> >>> Which produces the following error message: >>> >>> iptables-restore v1.4.17: Bad ctstate "ESTABLISHED-o" >>> >>> The following iptables rules are also generated: >>> >>> -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-g ~log0 -m comment -- >>> comment "ALLOW" >>> >>> -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-j Limit -m comment -- >>> comment "ALLOW" >>The attached patch corrects this issue and should be applied by all of you who are testing Beta 5. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
On Saturday 12 Jan 2013 14:36:35 Tom Eastep wrote:> On 01/11/2013 05:52 PM, Steven Jan Springl wrote: > > On Saturday 12 Jan 2013 01:39:18 Tom Eastep wrote: > >> On 1/11/13 5:20 PM, Steven Jan Springl wrote: > >>> The attached config. generates the following iptables rule: > >>> > >>> -A fw2lan -p 17 -m conntrack --ctstate ESTABLISHED-o eth0 -j ACCEPT > >>> > >>> Which produces the following error message: > >>> > >>> iptables-restore v1.4.17: Bad ctstate "ESTABLISHED-o" > >>> > >>> The following iptables rules are also generated: > >>> > >>> -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-g ~log0 -m comment > >>> -- comment "ALLOW" > >>> > >>> -A lan2fw -p 17 -m conntrack --ctstate ESTABLISHED-j Limit -m comment > >>> -- comment "ALLOW" > > The attached patch corrects this issue and should be applied by all of > you who are testing Beta 5. > > Thanks Steven, > -TomTom Confirmed, the patch fixes the issue. Thanks. Steven. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912
On 1/12/13 9:17 AM, "Steven Jan Springl" <steven@springl.ukfsn.org> wrote:> >Confirmed, the patch fixes the issue. >Thanks Steven, -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912