On Sun, 29 Jul 2018 20:35:15 -0700
Tom Eastep wrote:
> On 07/29/2018 02:40 PM, Steven Jan Springl wrote:
> > Tom
> >
> > The attached minimal config. produces the following message:
> >
> > Applying Policies...
> > Use of uninitialized value in h
Tom
The attached minimal config. produces the following message:
Applying Policies...
Use of uninitialized value in hash element
at /usr/share/shorewall/Shorewall/Chains.pm line 2776.
Steven.
shorewall210.tar.gz
Description: application/gzip
On Tue, 17 Jul 2018 13:46:27 -0700
Tom Eastep wrote:
> On 07/17/2018 11:02 AM, Tom Eastep wrote:
>
> >
> > This is just the tip of an iceberg. The implementation of providers
> > sharing an interface is completely incompatible with
> > 'load=. I will work on a fix as time allows.
> >
>
> St
Tom
In the attached config. the providers file produces the following error
message:
ERROR: Internal error in Shorewall::Chains::new_chain
at /usr/share/shorewall/Shorewall/Chains.pm line 2654
at /usr/share/shorewall/Shorewall/Config.pm line 1565.
Shorewall::Config::fatal_error("Internal error i
On Sun, 15 Jul 2018 08:18:10 -0700
Tom Eastep wrote:
> On 07/14/2018 06:33 AM, Steven Jan Springl wrote:
> > Tom
> >
> > In the attached config. policy rule:
> >
> > lan $FW ACCEPT warn 1/min:2
> >
> > Generates iptables rule:
> >
&g
Tom
Config. attached.
Steven
shorewall209.tar.gz
Description: application/gzip
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Tom
In the attached config. policy rule:
lan $FW ACCEPT warn 1/min:2
Generates iptables rule:
-A @lan2fw -m limit --limit 1/min --limit-burst 2
--hashlimit-htable-expire 6 -j RETURN
Which produces error:
iptables-restore v1.4.21: unknown option "--hashlimit-htable-expire"
Steven.
--
On Fri, 10 Mar 2017 11:16:18 -0800
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 03/10/2017 09:30 AM, Steven Jan Springl wrote:
>
> > Rule:
> >
> > REDIRECT lan 100 tcp:!syn 200 - 10.1.1.2
> >
> > Prod
Tom
Rule:
REDIRECT lan 100 tcp:!syn 200 - 10.1.1.2
Produces the following iptables rule:
-A PREROUTING -i eth0 -p 6 ! --syn--dport 200 -d 10.1.1.2 -j REDIRECT
--to-port 100 -m comment --comment "@@@ /etc/shorewall207/rules:13 @@@"
Which produces the following error:
iptables-restore v1.
On Mon, 6 Mar 2017 15:30:15 -0800
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 03/06/2017 01:45 PM, Steven Jan Springl wrote:
> > On Mon, 6 Mar 2017 13:15:41 -0800
>
> > After applying the patch I get the following error:
&g
On Mon, 6 Mar 2017 13:15:41 -0800
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 03/06/2017 12:15 PM, Steven Jan Springl wrote:
>
> > The following rule:
> >
> > rejNotSyn:info lan fw tcp
> >
> > Produces the f
Tom
The following rule:
rejNotSyn:info lan fw tcp
Produces the following error:
Compiling /usr/share/shorewall/action.rejNotSyn for chain rejNotSyn...
ERROR: Invalid REJECT option (--reject-with
tcp-reset) /usr/share/shorewall/action.rejNotSyn (line 37)
from /etc/shorewall206/rules (
On Wed, 21 Dec 2016 08:33:09 -0800
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 12/21/2016 07:30 AM, Steven Jan Springl wrote:
> > Tom
> >
> > Mangle file entry:
> >
> > CHECKSUM 14.14.14.14 vif1:12.12.12.12 - -
Tom
Mangle file entry:
CHECKSUM 14.14.14.14 vif1:12.12.12.12 - - - - - - - - - -
- RELATED:NEW - mangle3
Generates iptables rule:
-A tcpost -s 14.14.14.14 -d 12.12.12.12 -m conntrack --ctstate
RELATED,NEW -o vif1 -j CHECKSUM --checksum-fill -m comment --comment
"-XSUM1"
There is
On Sun, 18 Dec 2016 18:38:48 -0800
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 12/18/2016 02:27 PM, Steven Jan Springl wrote:
> > Tom
> >
> > In the attached config. rule
> >
> > DNSAmp:info lan fw udp 555,666
Tom
In the attached config. rule
DNSAmp:info lan fw udp 555,666 ,
Generates the following iptables rule:
-A lan2fw -p 17 -m multiport --dports 555,666 -m multiport --sports
, --dport 53 -m u32 --u32 "0>>22&0x3C@8&0x=0x0100 &&
0>>22&0x3C@12&0x=0x0001" -j ~log
On Thu, 3 Nov 2016 08:50:31 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/03/2016 08:32 AM, Tom Eastep wrote:
>
> >
> > I'm going to be away until late afternoon Seattle time, but I will
> > look at this when I return.
> >
>
> Took a quick look whil
On Wed, 2 Nov 2016 19:27:17 -0700
Tom Eastep wrote:
>
> >
> >
> > Snat rule:
> >
> > SNAT(0) 10.1.2.0/24 eth0tcp
> >
> > produces error message:
> >
> > iptables-restore v1.4.21: Port '0' not valid
> >
> > Similarly snat r
On Wed, 2 Nov 2016 15:26:50 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 03:03 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Snat rule:
> >
> > SNAT+(:)10.1.2.0/24 eth0tcp
> >
Tom
Snat rule:
SNAT+(:)10.1.2.0/24 eth0tcp
Generates iptables-restore rule:
-A SHOREWALL -o eth0 -p 6 -s 10.1.2.0/24 -j SNAT --to-source :
Which produces error message:
iptables-restore v1.4.21: Port `' not valid
Steven
---
On Wed, 2 Nov 2016 14:36:23 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 02:12 PM, Steven Jan Springl wrote:
>
> > The snat rule in the attached config. generates the following
> > iptables rule:
> >
> >
Tom
The snat rule in the attached config. generates the following iptables
rule:
-A ~excl0 -j MASQUERADE --to-ports 101-201
Which produces the following error message:
iptables-restore v1.4.21: Need TCP, UDP, SCTP or DCCP with port
specification
Steven.
shorewall96.tar.gz
Description: applica
On Wed, 2 Nov 2016 12:27:00 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 12:05 PM, Steven Jan Springl wrote:
>
> >
> > I have installed your copy of Rules.pm, but not the additional
> > patch.
> >
> &g
On Wed, 2 Nov 2016 09:46:01 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/02/2016 05:20 AM, Steven Jan Springl wrote:
> > On Tue, 1 Nov 2016 18:37:04 -0700 Tom Eastep
> > wrote:
> >
> >> -BEGIN PGP SIGNED MES
On Tue, 1 Nov 2016 18:37:04 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/01/2016 05:39 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Issuing a "shorewall update" converts the following masq file:
> >
>
Tom
Issuing a "shorewall update" converts the following masq file:
eth0 10.11.11.0/24 :10-20 tcp
To snat file:
MASQUERADE(:10-20) 10.11.11.0/24 eth0 tcp
Which produces the following error message:
ERROR: Invalid/Unknown tcp port/service (0:10) /etc/shorewall96/snat
(line 13)
St
On Tue, 1 Nov 2016 16:50:27 -0700
Tom Eastep wrote:
> >
> >
> > -
> >
> > Snat entry:
> >
> > SNAT(:10-20)10.11.11.0/24 eth0 tcp
> >
> > Generates iptables-restore rule:
> >
> > -A SHOREWALL -
On Tue, 1 Nov 2016 12:58:40 -0700
Tom Eastep wrote:
> >
>
> This patch corrects the issue in the snat file; I believe that it also
> corrects the same defect in the masq file.
>
> Thanks Steven,
>
> - -Tom
> - --
Tom
Confirmed, the patch fixes the issue in both masq and snat files.
--
On Tue, 1 Nov 2016 11:22:09 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 11/01/2016 09:32 AM, Steven Jan Springl wrote:
>
> > Snat entry:
> >
> > SNAT(10.1.1.1:80:) 10.11.11.0/24 eth0tcp
> >
Tom
Snat entry:
SNAT(10.1.1.1:80:) 10.11.11.0/24 eth0tcp
Generates the iptables-restore rule:
-A SHOREWALL -o eth0 -p 6 -s 10.11.11.0/24 -j SNAT --to-source
10.1.1.1:80: -m comment --comment "masq."
Which produces the following error:
iptables-restore v1.4.21: Invalid port:port
On Mon, 31 Oct 2016 15:03:52 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/31/2016 03:08 PM, Steven Jan Springl wrote:
> > On Mon, 31 Oct 2016 14:42:33 -0700 Tom Eastep
> > wrote:
> >
> >> -BEGIN PGP SIGNED
On Mon, 31 Oct 2016 14:42:33 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/31/2016 01:37 PM, Steven Jan Springl wrote:
> > Tom
> >
> > The snat rule in the attached config. generates the following
> > iptables rule:
Tom
The snat rule in the attached config. generates the following iptables
rule:
-A SHOREWALL -o br0 -p 6 -s 10.11.11.0/11 ! -d 1.1.1.1 -m multiport
--dports 110,1,2,34,5,6,0:2,65000:65535,200:210 -j SNAT --to-source
10.1.1.1-10.1.1.4 --to-source 10.2.1.1 --to-source
10.3.1.1-10.3.1.255:500-600 -
On Sun, 30 Oct 2016 16:23:19 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/30/2016 01:18 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Sorry, I forgot include the original masq file entry:
> >
> > eth0,eth1,br
Tom
Sorry, I forgot include the original masq file entry:
eth0,eth1,br0::!1.1.1.1 10.11.11.0/11
10.1.1.1-10.1.1.4:500-600:persistenttcp
110,1,2,34,5,6,:2,65000:,200:210
Steven.
--
The Command Line:
Tom
In the attached minimal config. SNAT rule:
SNAT(10.1.1.1-10.1.1.4:500-600:persistent) 10.11.11.0/11
eth0,eth1,br0::!1.1.1.1 tcp
110,1,2,34,5,6,:2,65000:,200:210
Generates the following iptables rule:
-A SHOREWALL -o br0 -p 6 -s 10.11.11.0/11 ! -d 1.1.1.1 -m multiport
--dports 110,1,2,3
On Thu, 27 Oct 2016 12:06:22 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/27/2016 11:56 AM, Tom Eastep wrote:
>
> >
> > Please disregard -- I'll have to dig a bit deeper.
> >
>
> This simple patch seems to handle update correctly with both INLINE
>
Tom
Masq file entry:
+INLINE(eth20,vif1) vif19.1.9.1
Is converted to snat file entry:
SNAT+(9.1.9.1) vif1INLINE(eth20,vif1)
Which produces the following error message:
ERROR: Unknown interface (INLINE(eth20) /etc/shorewall200/snat (line 34)
Steven.
On Wed, 26 Oct 2016 16:05:47 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/26/2016 04:00 PM, Tom Eastep wrote:
> > On 10/26/2016 03:44 PM, Steven Jan Springl wrote:
> >
> >
> >&g
On Wed, 26 Oct 2016 14:40:00 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/26/2016 02:35 PM, Tom Eastep wrote:
> > On 10/26/2016 01:19 PM, Steven Jan Springl wrote:
> >> Tom
> >
> >> Issuing a "shorew
Tom
Issuing a "shorewall update" command converts the following masq file
entry
+br1::!192.168.23.0/27
10.1.2.0/24!10.1.2.1,10.1.1.4-10.1.1.8 - icmp
4/3,8,12
to snat file entry:
MASQUERADE+ 10.1.2.0/24!10.1.2.1,10.1.1.4-10.1.1.8
br1::!192.168.23.0/27 icmp4/3,8,12
Which produc
On Sun, 16 Oct 2016 13:14:27 -0700
Tom Eastep wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/16/2016 12:49 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Rule
> >
> > ACCEPTlanfwtcptacacs-ds:krb_prop
>
Tom
Rule
ACCEPTlanfwtcptacacs-ds:krb_prop
Produces the following error message:
ERROR: Invalid port range (tacacs-ds:krb_prop)
This worked in previous releases.
Steven.
--
Check out the vibrant tech
On Sun, 16 Oct 2016 12:27:01 -0700
Tom Eastep wrote:
>
> The attached patch eliminates the problem.
>
> Thanks Steven.
>
> - -Tom
> - --
Hi Tom
Confirmed, the patch fixes the issue.
Thanks.
Steven.
--
Check out t
Tom
The ecn file in the attached config. produces the following error
messages:
Compiling /etc/shorewall90/ecn...
ERROR: Internal error in Shorewall::Chains::push_matches
at /usr/share/shorewall/Shorewall/Chains.pm line 1524
at /usr/share/shorewall/Shorewall/Config.pm line 1466.
Shorewall::Confi
On Sat, 2 Apr 2016 17:32:31 -0700
Tom Eastep wrote:
> On 04/02/2016 04:29 PM, Tom Eastep wrote:
>
> > Steven,
> >
> > Can you send me a test case -- I don't see these errors in my simple
> > test case.
> >
>
> Before you do that, please try the attached patch.
>
> Thanks,
> -Tom
Tom
Confir
On Sat, 2 Apr 2016 11:43:00 -0700
Tom Eastep wrote:
> On 04/02/2016 11:32 AM, Steven Jan Springl wrote:
>
> >
> > Confirmed, the patch fixes the issues.
> >
>
> Thanks for the configuration Steven,
>
> -Tom
Tom
Another physical interface issue.
When
On Sat, 2 Apr 2016 09:14:00 -0700
Tom Eastep wrote:
> On 04/01/2016 04:14 PM, Steven Jan Springl wrote:
> > On Fri, 1 Apr 2016 15:03:49 -0700
> > Tom Eastep wrote:
> >
> >> On 04/01/2016 02:05 PM, Steven Jan Springl wrote:
> >>> On Fri, 1 Apr 2
On Fri, 1 Apr 2016 15:03:49 -0700
Tom Eastep wrote:
> On 04/01/2016 02:05 PM, Steven Jan Springl wrote:
> > On Fri, 1 Apr 2016 13:06:06 -0700
> > Tom Eastep wrote:
> >
> >>
> >>
> >> 1) If a physical interface name was used in the INTERFACE colu
On Fri, 1 Apr 2016 13:06:06 -0700
Tom Eastep wrote:
>
>
> 1) If a physical interface name was used in the INTERFACE column of
> an entry in /etc/shorewall/masq, then previously a Perl diagnostic was
> issued as the masq rule was being processed and the iptables rule
> and its containing
Tom
The attached minimal config. produces the following error message:
Compiling /etc/shorewall202/action.mangle2 for chain mangle2...
Can't use string ("0") as a HASH ref while "strict refs" in use
at /usr/share/shorewall/Shorewall/Rules.pm line 4474, <$currentfile>
line 6.
Steven.
shorewall2
On Fri, 18 Mar 2016 15:23:18 -0700
Tom Eastep wrote:
> On 03/18/2016 02:27 PM, Steven Jan Springl wrote:
> > Tom
> >
> > The attached minimal config. produces the following error message:
> >
> > Compiling /etc/shorewall202/action.mangle2 for chain mangle2...
&
On Wed, 24 Feb 2016 14:28:41 -0800
Tom Eastep wrote:
> On 02/24/2016 10:49 AM, Steven Jan Springl wrote:
> > Tom
> >
> > Rules file entry:
> >
> > allowBcast:NFLOG(2,3,4) all all all
> >
> > Produces the following error messages:
> >
&
Tom
Rules file entry:
allowBcast:NFLOG(2,3,4) all all all
Produces the following error messages:
Odd number of elements in hash assignment
at /usr/share/shorewall/Shorewall/Chains.pm line 6394, <$currentfile>
line 13.
ERROR: Internal error in Shorewall::Chains::push_matches
at /usr/sh
On Wed, 24 Feb 2016 09:34:48 -0800
Tom Eastep wrote:
> On 02/24/2016 07:49 AM, Steven Jan Springl wrote:
> > Hi Tom
> >
> > The following entry in the ecn file:
> >
> > eth01.1.1.1
> >
> > Produces the following error messages:
> &
Hi Tom
The following entry in the ecn file:
eth01.1.1.1
Produces the following error messages:
ERROR: Internal error in Shorewall::Chains::push_matches
at /usr/share/shorewall/Shorewall/Chains.pm line 1463
at /usr/share/shorewall/Shorewall/Config.pm line 1394.
Shorewall::Config::fatal_
On Fri, 29 May 2015 17:28:03 -0700
Tom Eastep wrote:
> On 5/29/2015 4:33 PM, Steven Jan Springl wrote:
> > The following rules file entry:
> >
> > NFQUEUE(,bypass) lan fw icmp 8
> >
> > produces the following messages:
> >
> > Use of unin
Tom
The following rules file entry:
NFQUEUE(,bypass) lan fw icmp 8
produces the following messages:
Use of uninitialized value $_[0] in lc
at /usr/share/shorewall/Shorewall/Config.pm line 1401, <$currentfile>
line 23.
Use of uninitialized value $queue1 in concatenation (.) or
string at /us
On Fri, 29 May 2015 14:38:33 -0700
Tom Eastep wrote:
> On 5/29/2015 1:31 PM, Steven Jan Springl wrote:
> > On Thu, 28 May 2015 08:32:57 -0700
> > Tom Eastep wrote:
> >
> > Tom
> >
> > The attached minimal config. produces the following error messages:
&g
On Thu, 28 May 2015 08:32:57 -0700
Tom Eastep wrote:
Tom
The attached minimal config. produces the following error messages:
Use of uninitialized value $queue in string eq
at /usr/share/shorewall/Shorewall/Rules.pm line 483, <$currentfile>
line 5.
Use of uninitialized value $queue in split
at
On Monday 16 Mar 2015 22:10:30 Tom Eastep wrote:
> On 3/16/2015 1:58 PM, Steven Jan Springl wrote:
> > On Monday 16 Mar 2015 17:48:23 Tom Eastep wrote:
> >> Beta 2 is now available for testing.
> >
> > Tom
> >
> > Command:
> >
> >
On Monday 16 Mar 2015 17:48:23 Tom Eastep wrote:
> Beta 2 is now available for testing.
Tom
Command:
shorewall open 192.168.100.1 192.168.200.1 icmp 8
produces error message:
iptables v1.4.14: multiport only works with TCP, UDP, UDPLITE, SCTP and DCCP
Should it be possible to specify an
On Sunday 04 Jan 2015 19:08:57 Tom Eastep wrote:
> On 1/4/2015 10:09 AM, Steven Jan Springl wrote:
> > Rule:
> >
> > TARPIT() lan fw tcp 25
> >
> > produces the following error message:
> >
> > iptables-restore v1.4.14: Couldn't lo
Tom
Rule:
TARPIT() lan fw tcp 25
produces the following error message:
iptables-restore v1.4.14: Couldn't load target `TARPIT()':No such file or
directory.
Similarly, Rule:
TARPIT(0) lan fw tcp 25
produces the following error message:
iptables-restore v1.4.14: Couldn't load target
On Tuesday 07 Oct 2014 15:52:55 Tom Eastep wrote:
> On 10/7/2014 6:09 AM, Steven Jan Springl wrote:
> > On Monday 06 Oct 2014 23:57:55 Tom Eastep wrote:
> > Tom
> >
> > The following line in /var/lib/shorewall/.start section save_ipsets()
> >
> > $IPSET
On Monday 06 Oct 2014 23:57:55 Tom Eastep wrote:
Tom
The following line in /var/lib/shorewall/.start section save_ipsets()
$IPSET -S brd2_br2 >> >> ${VARDIR}/ipsets.tmp
produces the following error message:
Shorewall configuration compiled to /var/lib/shorewall/.start
/var/lib/shorewall/.st
> >
> > produces the following error message:
> >
> > /var/lib/shorewall/.start: 1929: Syntax error: ")" unexpected (expecting
> > "fi")
>
> The attached patch seems to correct the problem.
>
> Thanks Steven,
> -Tom
Tom
Confirmed, the patch fixes the issue.
Thanks.
Steven.
On Monday 03 Feb 2014 22:55:48 Tom Eastep wrote:
> On 2/3/2014 12:58 PM, Steven Jan Springl wrote:
> > On Monday 03 Feb 2014 20:00:22 Tom Eastep wrote:
> >> On 2/3/2014 10:44 AM, Steven Jan Springl wrote:
> >>> Tom
> >>>
> >>> Output from com
On Monday 03 Feb 2014 20:00:22 Tom Eastep wrote:
> On 2/3/2014 10:44 AM, Steven Jan Springl wrote:
> > Tom
> >
> > Output from command "shorewall show -f capabilities" does not include
> > BASIC_EMATCH.
>
> Oops -- patch attached.
>
> Thanks St
Tom
Output from command "shorewall show -f capabilities" does not include
BASIC_EMATCH.
Steven.
--
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfal
On Tuesday 10 Sep 2013 15:20:01 Tom Eastep wrote:
>
> No. But rather than try to correct this problem, I think I'll just force
> the REJECT_ACTION to be inline.
>
> Patch attached.
>
> Thanks Steven,
> -Tom
Tom
That's fixed the issue.
Thanks.
Steven.
On Thursday 05 Sep 2013 20:15:05 Tom Eastep wrote:
>
> New Features:
>
> REJECT_ACTION=
>
> where is the name of an action that implements your
> alternative handling. The 'nolog' option is automatically assumed
> for the named and it is recommended that the 'inline'
> opt
On Friday 05 Jul 2013 22:28:30 Tom Eastep wrote:
> On Jul 5, 2013, at 1:42 PM, Steven Jan Springl wrote:
> > Tom
> >
> > In the attached config. rule:
> >
> > allowBcast:warn lan net
> >
> > Produces the follow message:
> >
> > A
Tom
In the attached config. rule:
allowBcast:warn lan net
Produces the follow message:
Argument "\x{e0}\x{0}..." isn't numeric in division (/) at
/usr/share/shorewall/Shorewall/Rules.pm line 1532, <$currentfile> line 18.
Steven.
shorewall2A32.tar.gz
Description: application/compressed-tar
On Friday 26 Apr 2013 23:55:56 Tom Eastep wrote:
> RC 2 is now available for testing.
>
> This version corrects a problem with INLINE handling in the accounting
> and tcrules files as well as centralizing the validation and
> registration of nfacct object names.
>
> Thank you for testing,
> -Tom
Tom
Accounting file entry:
INLINE - eth1 eth0 tcp 99 ; -m length --length 255
Generates iptables rule:
-A accounting -p 6 --dport 99 -m length --length 255-i eth1 -o eth0
Which produces error message:
iptables-restore v1.4.18: length: Argument to "--length" has unexpected
characters nea
On Sunday 21 Apr 2013 22:45:12 Tom Eastep wrote:
> On 4/21/13 2:43 PM, "Tom Eastep" wrote:
> >This one-liner seems to correct the problem.
> >
> >Thanks Steven,
>
> -Tom
> You do not need a parachute to skydive. You only need a parachute to
> skydive twice.
Tom
Confirmed, the patch fixes the is
Tom
The attached config. produces the following messages:
Optimizing Ruleset...
Use of uninitialized value $value in substitution (s///) at
/usr/share/shorewall/Shorewall/Chains.pm line 973.
Use of uninitialized value $value in substitution (s///) at
/usr/share/shorewall/Shorewall/Chains.pm l
On Thursday 11 Apr 2013 22:13:28 Tom Eastep wrote:
> On 04/11/2013 01:59 PM, Steven Jan Springl wrote:
> > Tom
> >
> > Rule:
> >
> > INLINE:warn lan all tcp 99
> >
> > produces the following messages:
> >
> > Use of uninitialized
Tom
Rule:
INLINE:warn lan all tcp 99
produces the following messages:
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2127, <$currentfile> line 19.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Cha
On Thursday 11 Apr 2013 21:36:32 Tom Eastep wrote:
> On 04/11/2013 01:23 PM, Steven Jan Springl wrote:
> > On Thursday 11 Apr 2013 18:03:55 Tom Eastep wrote:
> >> Beta 3 is now available for testing
> >
> > Rule:
> >
> > A_ACCEPT! lan all tcp 99
>
On Thursday 11 Apr 2013 18:03:55 Tom Eastep wrote:
> Beta 3 is now available for testing.
>
> It corrects several problems reported by Steven Springl. It also
> re-implements the INLINE action to resolve the many issues raised by Mr
> Dash Four.
>
> One thing to keep in mind; in INLINE rules that
On Thursday 11 Apr 2013 17:34:54 Tom Eastep wrote:
> On 04/11/2013 09:16 AM, Steven Jan Springl wrote:
> > The attached minimal config. produces the following error message:
> >
> > Generating Rule Matrix...
> >
> >ERROR: Unknown rule target (NONE)
>
On Thursday 11 Apr 2013 14:22:02 Tom Eastep wrote:
> On 04/11/2013 04:53 AM, Steven Jan Springl wrote:
> > Confirmed, the patch fixes the issue.
>
> Thanks.
>
> > -
> >
On Thursday 11 Apr 2013 00:08:33 Tom Eastep wrote:
> On 04/10/2013 02:27 PM, Steven Jan Springl wrote:
> > In the attached config. blrules entry:
> >
> > blacklog lan:1.1.1.0/24 all icmp 8
> >
> > Produces the following error message:
> >
>
Tom
In the attached config. blrules entry:
blacklog lan:1.1.1.0/24 all icmp 8
Produces the following error message:
ERROR: Unknown rule target (A_DROP) /etc/shorewall2A25/blrules (line 16)
Note, this worked in 4.5.16-Beta1 and prior releases.
Steven.
shorewall2A25.tar.gz
Description: ap
On Friday 08 Mar 2013 15:29:24 Tom Eastep wrote:
> On 03/08/2013 05:49 AM, Steven Jan Springl wrote:
> > Rule:
> >
> > ACCEPT fw lan tcp 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 =
> >
> > Generates the following iptables rule:
> >
Tom
Rule:
ACCEPT fw lan tcp 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 =
Generates the following iptables rule:
-A fw-lan -p 6 -m multiport --ports 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 -j
ACCEPT
Which produces the following error message:
iptables-restore v1.4.18: too many ports specified
On Friday 08 Mar 2013 01:50:24 Tom Eastep wrote:
> On 3/7/13 5:30 PM, "Steven Jan Springl" wrote:
> >On Friday 08 Mar 2013 01:25:39 Tom Eastep wrote:
> >> On 3/7/13 5:13 PM, "Steven Jan Springl"
> >>
> >>wrote:
> >> >On Thurs
On Friday 08 Mar 2013 01:25:39 Tom Eastep wrote:
> On 3/7/13 5:13 PM, "Steven Jan Springl" wrote:
> >On Thursday 07 Mar 2013 16:27:21 Tom Eastep wrote:
> >> The first bug fix below should receive wider testing. So I have uploaded
> >> 4.5.14 RC 2. I went ah
On Thursday 07 Mar 2013 16:27:21 Tom Eastep wrote:
> The first bug fix below should receive wider testing. So I have uploaded
> 4.5.14 RC 2. I went ahead and included a simple new feature (see below),
> but I neglected to include the change that allows generating '-m
> multiport --ports ' by placin
Tom
The following bug is back:
Both shorewall rules:
DNAT wan lan tcp 80
DNAT wan lan:0.0.0.0/0 tcp 80
Generate the following iptables rule:
-A wan_dnat -p 6 --dport 80 -j DNAT --to-destination 0.0.0.0/0
Which produces the following error message:
iptables-restore v1.4.17: Bad IP ad
On Saturday 02 Mar 2013 17:07:33 Tom Eastep wrote:
> On 03/02/2013 08:58 AM, Tom Eastep wrote:
> > On 03/02/2013 08:15 AM, Steven Jan Springl wrote:
> >> Shorewall rules:
> >>
> >> DNAT wan lan tcp 80
> >>
> >> DNAT wan lan:0.0.0.0/0 t
Tom
Shorewall rules:
DNAT wan lan tcp 80
DNAT wan lan:0.0.0.0/0 tcp 80
Both generate the following iptables rule:
-A wan_dnat -p 136 -m multiport --dports 80 -j DNAT --to-destination 0.0.0.0/0
Which produce the following error message:
iptables-restore v1.4.17: Bad IP address "0.0.0.
On Saturday 02 Mar 2013 00:44:06 Tom Eastep wrote:
> >After the application of this patch both of the following rules:
> >
> >REDIRECT wan 3128 tcp 80
> >REDIRECT wan fw::8080 tcp 800
> >
> >Produce the following error message:
> >
> >ERROR: A server IP address (:3128) may not be specified
On Friday 01 Mar 2013 15:37:02 Tom Eastep wrote:
> > --
> >
> > Shorewall6 rule:
> >
> > DNAT wan lan:[2001:77:77::77] tcp 90
> >
> > Produces the following error message:
> >
> > ERROR: Invalid/Unknown tcp port/service (77]) /etc/shorewall6A1/rules
> > (line 19)
>
> The attached patc
Test.
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Shore
Tom
Shorewall6 rule:
DNAT wan lan:[2001:77:77::77]:85 tcp 90
generates the following ip6tables rule:
-A PREROUTING -p 6 --dport 90 -i eth1 -j DNAT --to-destination
[2001:77:77::77]:85
Which produces error message:
ip6tables-restore v1.4.17: unknown option "--to-destination"
On Thursday 28 Feb 2013 14:26:04 Tom Eastep wrote:
> On 02/28/2013 04:21 AM, Steven Jan Springl wrote:
> > Shorewall6 masq entry:
> >
> > eth0 2001:33:33::/56 - udplite 99
> >
> > Produces the following error message:
> >
> > ERROR: Using a port
Tom
Shorewall6 masq entry:
eth0 2001:33:33::/56 - udplite 99
Produces the following error message:
ERROR: Using a port ( 99 ) requires PROTO TCP, UDP, SCTP or DCCP
/etc/shorewall6A1/masq (line 16)
The man page states that ports can be specified with protocol udplite.
Steven.
---
1 - 100 of 791 matches
Mail list logo
