On 11/1/2014 4:07 PM, Tom Eastep wrote: > Shorewall 4.6.5 Beta 3 is now available for testing. > > New Features since Beta 2: > > 1) Previously, /bin/sh was used unconditionally to process the helper > script 'getparams'. That shell script reads the params file and > passes back the (variable,value) pairs to the compiler. Beginning > with this release, $SHOREWALL_SHELL is used to process that script, > unless the compilation is for export, in which case /bin/sh is > still used. > > Note that the default value of $SHOREWALL_SHELL is /bin/sh, so > unless your configuration sets that variable, this enhancement will > have no effect. Similarly, on an administrative system, this > enhancement has no effect on the processing of the 'compile -e', > 'load', 'reload' and 'export' commands. > > 2) A -C option has been added to several commands to allow the > ip[6]tables packet and byte counters to be preserved. > > - save command > > Causes the packet and byte counters to be saved along with the > chains and rules. > > - restore command > > Causes the packet and byte counters (if saved) to be restored > along with the chains and rules. > > - start command > > With Shorewall and Shorewall6, the -C option only has an effect > if the -f option is also specified. If a previously-saved > configuration is restored, then the packet and byte counters (if > saved) will be restored along with the chains and rules. > > - restart command > > If an existing compiled script is used (no recompilation > required) and if that script generated the current running > configuration, then the current netfilter configuration is > reloaded as is so as to preserve the current packet and byte > counters. > > If you wish to (approximately) preserve the counters over a > possibly unexpected reboot, then: > > - Create a cron job that periodically does 'shorewall save -C' > > - Specify the -C and -f option in the STARTOPTIONS variable in > either /etc/default/shorewall[6][-lite] or > /etc/sysconfig/shorewall[6][-lite], whichever is supported by your > distribution. Note that some distributions do not distribute these > files so you may have to create the one(s) you need (such as > /etc/sysconfig/shorewall). > > Thank you for testing,
I've discovered a defect in Beta 3 that is corrected by the attached patch.
. /usr/share/shorewall/shorewallrc
patch $PERLLIBDIR/Shorewall/Chains.pm < OPTION.patch
Symptom of the defect is that iptables-restore fails.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index 6d59dc9..79bb2e2 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -8265,7 +8265,7 @@ sub create_netfilter_load( $ ) {
save_progress_message "Preparing $utility input...";
- emit '';
+ emit "\noption=\n";
emit "exec 3>\${VARDIR}/.${utility}-input";
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
