in the start
> function of the init script but in the past was missing from
> restart, reload e.t.c.
>
> It is _not_ a shorewall issue :-)
Thanks Erich!
- -Tom
- --
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his s
restart
>
> would be equivalent to $ svi serviceName stop ; svi serviceName
> start
>
Beginning with Shorewall 5, there is a RESTART configuration option
which may be set to 'reload' or 'restart'. Prior to Shorewall 5,
'shorewall restart' was not equivalent to 'shorewall stop &&
On 9/29/2015 11:58 PM, Erich Titl wrote:
> Hi Tom
>
> Am 30.09.2015 um 03:36 schrieb Tom Eastep:
>> On 9/29/2015 3:59 PM, Erich Titl wrote:
>>> Hi Tom
>>>
>>> Am 30.09.2015 um 00:34 schrieb Tom Eastep:
>>> ...
>>>
>>>>
>&
o shorewall is supposed to load helpers when needed.
>
> Any bright ideas welcome
AUTOHELPERS=Yes doesn't cause helpers to be loaded automatically, unless
module autoloading is enabled. It rather associates each helper with its
standard protocols and ports -- see the /etc/shorewall/conntrack fi
: Fehler beim Versenden einiger Referenzen nach
'ssh://et...@git.code.sf.net/p/leaf/bering-ucl
Hi Erich,
I'm seeing the same issue with the Shorewall Sourceforge Git repository.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his
On 4/23/12 12:20 PM, Andrew wrote:
-
Andrew -- check your system clock - you are 6 days ahead of the rest of
us :-)
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington
firewall builder on different hardware
to not have perl on my systems.
Do you package Shorewall-lite (and Shorewall6-lite) for Bering? Those
products were developed to meet the needs of small appliances.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline
On 11/21/10 8:16 AM, KP Kirchdoerfer wrote:
I understand right, they don't require perl on the router?
Correct.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all
not work with Shorewall Multi-ISP
support but there was a busybox developer working on the problem.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his
apologize for any inconvenience this
issue has caused you.
Note that my e-mail is typically signed, and I have not noticed any
issue with sending mails to the list. ?!?
Same here
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully
=1 /var/lib/shorewall/firewall version
The patch at
http://shorewall.git.sourceforge.net/git/gitweb.cgi?p=shorewall/shorewall;a=commitdiff;h=8758d3a834a4377669517372168c0bdd55eb37c5
should allow this to work regardless of whether VERBOSITY is exported or
not.
-Tom
--
Tom Eastep\ When I die
On 10/28/10 2:03 PM, KP Kirchdoerfer wrote:
Thx for quick response!
Am Donnerstag, 28. Oktober 2010, 22:03:31 schrieb Tom Eastep:
On 10/28/10 12:28 PM, KP Kirchdoerfer wrote:
The difference is the latest value for temp, as you may see.
Let me know, if more info is needed.
The problem
On 10/28/10 2:13 PM, Tom Eastep wrote:
On 10/28/10 2:03 PM, KP Kirchdoerfer wrote:
Thx for quick response!
Am Donnerstag, 28. Oktober 2010, 22:03:31 schrieb Tom Eastep:
On 10/28/10 12:28 PM, KP Kirchdoerfer wrote:
The difference is the latest value for temp, as you may see.
Let me know
On 10/28/10 3:07 PM, Tom Eastep wrote:
On 10/28/10 3:03 PM, KP Kirchdoerfer wrote:
Am Donnerstag, 28. Oktober 2010, 23:16:04 schrieb Tom Eastep:
How about capturing the output of 'env' when starting Shorewall at boot?
Here it is:
USER=root
HOME=/
TERM=linux
SHOREWALL_INIT_SCRIPT=0
.
Hi KP,
Let me know if there is anything I can help with.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net
/pub/shorewall/3.4/shorewall-3.4.4/errata/Shorewall/lib.tc
And yes, it will work with Shorewall 3.4.3.
Bering team: There's a patch in the errata/patches/Shorewall sub-directory.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
---BeginMessage---
Taso Hatzi's post this evening has brought it home to me that I need
0.0.0.0/0 -d
0.0.0.0/0 --dport 21 -j MARK --set-mark 2 Failed
Processing /etc/shorewall/stop ...
You cannot specify a port number with protocol = 'all'; the protocol
must be either 'tcp' or 'udp'
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
---BeginMessage---
While there are a couple of bug fixes here, the main reason
This is the first development release of the new Perl-based compiler.
It may be downloaded from:
http://www1.shorewall.net/pub/shorewall/development/3.9/shorewall-perl-3.9.0/
ftp://ftp1.shorewall.net/pub/shorewall/development/3.9/shorewall-perl-3.9.0/
Release notes are attached.
-Tom
--
Tom
I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under
Cygwin on this Windows XP system. I downloaded the two-interface sample
and modified shorewall.conf by adding SHOREWALL_COMPILER=perl. I
copied a capabilities file from my desktop and:
[EMAIL PROTECTED] ~/Configs/test
$
Simon Hobson wrote:
Tom Eastep wrote:
Eventually, I might break Shorewall into three pieces:
- shorewall-common
- shorewall-shell
- shorewall-perl
Now that does make sense.
As such time as I do this (maybe as early as Shorewall 4.0.0), I will be
looking for someone else to take over
,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-
Take
as a testbed for the new compiler
as I've done above (e.g., cd to that directory and specify . in your
'shorewall' commands).
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
Tom Eastep wrote:
My experimentation with a Perl-based compiler for Shorewall is beginning
to bear fruit. Here is a timing from the main firewall at shorewall.net
using the Perl-based compiler. That compiler generates a script that
uses iptables-restore to configure Netfilter.
[EMAIL
Tom Eastep wrote:
I forgot one step:
e) Create a symbolic link /usr/share/shorewall/Shorewall which points to the
Directory containing the trunk/New files. On my system, I have:
[EMAIL PROTECTED]:~/shorewall# ll /usr/share/shorewall/Shorewall
lrwxrwxrwx 1 root root 33 2007-03-15 09:37
Natanael Copa wrote:
Looks like you will need some modolues too, like File::Basename etc. (so
a compiled microperl binary is not enough)
The current code has very modest standard module requirements:
File::Basename
File::Temp
Cwd
Exporter
-Tom
--
Tom Eastep\ Nothing is foolproof
enthusiasm for learning yet
one more programming language to add to the dozen or so that I already
speak is quite low.
Thanks,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key
it.
But it would be another compatibility issue.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
important, especially to those whose Shorewall-based
firewalls require several minutes to restart.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net
so that the output of dump cannot be used to breach IPSEC
security.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
will be
minimal). So those who are happy with the current state of the package can
continue to use it.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net
Mike Noyes wrote:
I'd worry when distributions start dropping Shorewall. That's an
indication of decline.
Good point.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key
, it
is getting more and more difficult to extend the code to do new things without
breaking old things.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net
denominator.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
in C or C++ but writing C/C++ code is
what I've done for a living for years. I look at Shorewall as an
opportunity to do something other than what I do in my professional life.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-
Take Surveys. Earn
http://www1.shorewall.net/manpages/Manpages.html
They will be replicated to the main site and other mirrors shortly.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
on the shorewall.net pages?
I'll try to do that over the weekend.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
of. The string 'orig' doesn't appear in install.sh
and there are no .orig files in the tarballs.
How is buildtool installing Shorewall?
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP
made to routing as a result
of entries in /etc/shorewall/providers and /etc/shorewall/route_rules and
reverses those changes when appropriate.
Happy Beta Testing,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington
For those of you who use Shorewall SVN, please note that SF have implemented a
new connection method. See:
https://sourceforge.net/docs/E09#notice
The makeshorewall script in SVN has been updated to use this new method.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-
Using Tomcat
Mostly bug fixes in this one. The shorewall-lite footprint has become smaller as
a result of splitting the former 'functions' file into two libraries: lib.base
and lib.config. See the release notes for details.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
-30 23:14 shorewall.conf
-rw-r--r-- 1 teastep users 20835 2006-08-30 15:55 lib.actions
-rw-r--r-- 1 teastep users 16895 2006-05-18 11:05 rules
-rwxr-xr-x 1 teastep users 15556 2006-08-27 10:27 help
[EMAIL PROTECTED]:~/ShorewallBuild/3.3
-Tom
--
Tom Eastep\ Nothing is foolproof
in as much as I don't believe that the average
non-embedded Shorewall user is the least bit sensitive to the footprint issue.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
teastep 13174 2006-06-21 16:51 macro.template
[EMAIL PROTECTED]:~/shorewall/tags/3.0.8/Shorewall$
I have experimented with modularizing Shorewall so that features like traffic
shaping, accounting, etc. can be made optional and I will continue to pursue
that approach for Shorewall 3.4.
-Tom
--
Tom
release Shorewall, all you release is source.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
3.2.0 are available at the main download site and
at mirrors world wide.
-Tom
PS -- there are two release notes attached -- the first is for Shorewall; the
second is for Shorewall Lite.
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgpVHD1Y6gt37.pgp
Description: PGP signature
mature alternative. There is a 2.4
backport of the 2.6 ipsec stack available.
NAT Traversal *is* supported.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
Thanks to the work of Cristian Rodriguez, the Shorewall source repository at
Sourceforge has been migrated from CVS to SVN.
http://sourceforge.net/svn/?group_id=22587
Thanks Cristian!
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
Can I assume the presence of the 'awk' utility on LEAF/Bering systems? I'm
trying to fix a bug and the fix is much easier and more robust if I use awk
rather than a combination of other tools.
Thanks,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline
.
I'll use the less elegant fix then.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
---
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
pgp4enOuOFCOB.pgp
Description: PGP
Paul Gear wrote:
BTW, if anyone from the LRP side of things can tell me what i should be
doing with Lrp* at the top of CVS, i'd be grateful.
Paul,
The .lrp is now built from the standard CVS tree -- you don't need to do
anything special to accommodate LEAF going forward.
-Tom
--
Tom
-- that will keep folks busy coding for a while :-)
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
the
possiblilty that I would walk in front of a bus.
... and you have to admit that the price was right :-)
Shorewall will always be a part of my life that I look back on with fondness.
As always,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
the list settings
shouldn't need much tweaking.
Ok -- I appreciate the offer to help. Let's wait until SF have upgraded
then hopefully we can move the lists pretty much intact over there.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
Mike Noyes wrote:
On Wed, 2005-05-18 at 09:22, Tom Eastep wrote:
Mike Noyes wrote:
I don't mind continuing to
host the mailing lists here for a while until mailing lists can be
reestablished at SF (they were there once upon a time).
The SF staff will even import your pipermail archive, so
that it is always available.
-Tom
PS -- I've subscribed myself to the leaf-devel list again so I can help
with this transition.
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
Cristian Rodriguez wrote:
2005/5/18, Tom Eastep [EMAIL PROTECTED]:
- We need to look at the big issues and make sure we've got a good
handle on them. For me, these include (in rough order of priority from
my perspective):
* Multiple ISPs load balancing
* Features to enable building
.
Ok -- I think I have a place where we can host an rsync server for the
mirrors; I'll continue this thought in another thread.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key
out from here, the better.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
K.-P. Kirchdörfer wrote:
Am Dienstag, 3. Mai 2005 00:53 schrieb Tom Eastep:
I'm about to start development on Shorewall 2.3. Given that Paul
has integrated Shorewall into the Bering buildtool environment, I
propose that beginning with Shorewall 2.3, I no longer provide
Bering packages.
Any
I'm about to start development on Shorewall 2.3. Given that Paul has
integrated Shorewall into the Bering buildtool environment, I propose
that beginning with Shorewall 2.3, I no longer provide Bering packages.
Any thoughts?
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently
-- here is a patch that
reflects what I think they should be.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
diff -au /home
in sync with the
/Shorewall2 project on a daily basis so if you need that project
updated, please let me know.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https
Tom Eastep wrote:
All this having been said, I haven't yet started using the LrpN project
again since 2.2.0 as I haven't officially opened a 2.3 development
release. Also, I don't maintain the LrpN/ project in sync with the
/Shorewall2 project on a daily basis so if you need that project
the directory tree. That's what is done when I build the
.rpm. Note the PREFIX environmental variable -- allows installing in a
directory other than /.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL
configuration for two-interface firewall (standard has no
default config -- uses sample configurations which are overloaded).
b) start.d and stop.d for scripts owned by other packages.
c) shorewall.conf has different defaults.
e) start and stop run all scripts in start.d and stop.d respectively.
-Tom
--
Tom
Paul Traina wrote:
Tom Eastep wrote:
Paul Traina wrote:
Tom Eastep wrote:
Would you be willing to refresh the lrp version /etc files to match what
you believe they should be?
The files in LrpN/etc/shorewall are what I think that the files should
look like as of today's development
Tom Eastep wrote:
Thanks -- I note that KP had added another change to the rules file in
LrpN which I hadn't included in my patch. Something to do with dnsmasq...
Ok -- I took a look at that and it has to do with DHCP -- I personally
think that a better approach is to set the 'dhcp' option
.
Welcome, Andrea!
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
---
SF email
On Mon, 2004-11-29 at 11:31 -0800, Mike Noyes wrote:
On Mon, 2004-11-29 at 11:10, Tom Eastep wrote:
In case you are unaware, the current SPF configuration of
lists.sourceforge.net is hosed. As a result, SPF-aware MTAs are
rejecting all list traffic. There are many open trouble reports
On Mon, 2004-11-29 at 12:32 -0800, Mike Noyes wrote:
On Mon, 2004-11-29 at 11:33, Tom Eastep wrote:
At http://sourceforge.net/tracker/index.php, I see SPF mentioned 6 times
(including my own report).
Tom,
Thanks for the aid. I'll monitor it.
https://sourceforge.net/support
On Mon, 2004-11-29 at 12:32 -0800, Mike Noyes wrote:
Either way, your SR should
be attended to by one of the SF staff members shortly.
No particular hurry -- I've turned off SPF screening in my MTA until the
problem is resolved.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently
The 1.4 rfc1918 file and 2.x bogons file are maintained in parallel but users
still need to download and install the updates.
See the top of http://shorewall.net/errata.htm
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington
On Tuesday 21 September 2004 13:14, Tom Eastep wrote:
So I think the above link is in error. Unless there is a different UDP
traceroute that I don't know of... ?
The 'traceroute' program on any *nix system. The 'tracert' thingy on
Windoze systems uses ICMP echo-request (ping
but will enhance the chance to
use different interpreters.
So which constructs do you propose that we do away with?
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED
; nevertheless, I'll try to follow the discussion.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
---
This SF.Net email sponsored by Black Hat Briefings
that Shorewall works with it.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
---
This SF.Net email sponsored by Black Hat Briefings Training.
Attend
requires people to do something differently.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
---
This SF.Net email sponsored by Black Hat
Ray Olszewski wrote:
It is important, I think, to keep these two sets of issues distinct, not
to bounce from one to the other arbitrarily.
You're right Ray -- I'll go back in my cave.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
know who I think would mistakenly get blamed.
If we would just admit that .lrp files are nothing more than stylized
gzip-compressed tar files and change their extension to .tgz, we
wouldn't have this problem.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline
Ray Olszewski wrote:
At 06:58 PM 7/2/2004 -0700, Tom Eastep wrote:
The .lrp extension isn't the problem. It requires only a 1-line addition
to an Apache config file. No big deal to do, and we get the same order
of magnitude improvement.
Ray, it is the dozens of 1-line differences
the
nav bar stand out for you.
Given that it is both dark and tiny, it does not stand out at all. Under
Firefox on my 19 monitor, Bering uClibc is only about 2/3 wide and
is almost unreadable. Lince *is* unreadable.
I agree with KP that the Releases/Branches menu should return.
-Tom
--
Tom Eastep
know if it is acceptable now.
New navbar: http://leaf.steinkuehler.net/
Old navbar: http://leaf.steinkuehler.net/bering/
*Much* better, Mike
Thanks!
-Tom
PS -- I'm not using the Bitstream Vera fonts.
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline
K.-P. Kirchdörfer wrote:
it's readable with Mozilla (anyway my Mozilla fonts are ugly)
When you download Mozilla (or Firefox), be sure to download the GTK2/Xft
version; with the standard version, the fonts suck...
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
0
ide-detect 144 0 (unused)
ide-core 89424 0 [ide-disk ide-detect]
What am I missing?
The error message refers to the iptables TOS module, not the kernel module.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
to the swconf.lrp package.
If only shorewall.lrp is installed then the file will go to shorewall.lrp.
Ok -- now I understand. Thanks,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED
/shorewalluser get populated initially?
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
---
This SF.Net email is sponsored by: IBM Linux Tutorials
way for me to add a new config file in the
future and have it reflected in the Shorewall configuration menu.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED
).
- I don't have a lot of time for development (8 month old twins!)
- I don't want to pull the rug out from under the new configuration
scheme and hopefully a more full-featured packaging system.
Nod.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http
$CONFIG_PATH] || CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
changed it to:
[ -n $CONFIG_PATH ] || CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
Maybe it has to do with the version of sh/bash:
Just a plain ordinary bug -- thanks. I've updated CVS with the correction.
-Tom
--
Tom Eastep\ Nothing
Tom Eastep wrote:
Stijn Jonker wrote:
It works fine here after a small modification in firewall on line 5757:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
/usr/share/shorewall/firewall: line 5757: [: missing
on
the heals of 2.0 (it's a *big* change in the documentation so it would
have to be a major releae). I'd also be willing to wave the 2 major
release support rule and continue to support 1.4 until 2.2 is released.
Opinions?
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
:
For compatibilty, the default value is:
$SHOREWALL_DIR:/etc/shorewall/:/usr/share/shorewall
SHOREWALL_DIR is the configuration directory specified by the -c command
option or named explicitly in the 'try' command.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline
Tom Eastep wrote:
Ok -- how about a CONFIG_SEARCH option in shorewall.conf:
For compatibilty, the default value is:
$SHOREWALL_DIR:/etc/shorewall/:/usr/share/shorewall
SHOREWALL_DIR is the configuration directory specified by the -c command
option or named explicitly in the 'try' command
Tom Eastep wrote:
The nice thing about this proposal is that I could implement it now in a
minor release and we could hold off until next year to implement the
more radical proposal (no files released directly to /etc/shorewall).
The code in CVS (Shorewall2/) supports this notion. Be sure
1 - 100 of 168 matches
Mail list logo
