[Shorewall-users] after upgrade of distro-shorewall 4.6.2.4-144.1 -> 4.6.2.4-146.1, compile "ERROR: Invalid/Unknown leaf-1 port/service (tcp) "

Wed, 13 Aug 2014 14:32:44 -0700 

After an upgrade from Opensuse_13.1-packaged shorewall 4.6.2.4-144.1 -> 
4.6.2.4-146.1

        grep "shorewall|" * | tail -n 2
                2014-08-08 
07:30:05|install|shorewall|4.6.2.4-144.1|noarch||Netfilter|8a7f834d22683013aba57ba4548d97fc53eb64e0b562cbdf65e716544aba45ba|
                2014-08-12 
11:09:47|install|shorewall|4.6.2.4-146.1|noarch||Netfilter|d7401c67c1d548fdcacde9ab9b3de94a7d87ed45e248aeef49a02e6b40da7193|

When I simply recompile my previously working rulesets etc, I now get an error

   ERROR: Invalid/Unknown leaf-1 port/service (tcp) 
/usr/local/etc/shorewall/IPv4/masq (line 20)

where

        cat /masq
                ...
20                      EXTIF  $MX_INT  $MX_EXT  tcp  25,587
                ...

This works prior to the upgrade.

The recent local changelog includes,

        rpm -q --changelog shorewall
                * Mon Aug 11 2014 tog...@opensuse.org
                - Backported PHYSICALNAME.patch
                
                * Fri Aug 08 2014 tog...@opensuse.org
                - Update to version 4.6.2.4 For more details see changelog.txt 
and
                  releasenotes.txt
                  + Previously, inline matches were not allowed in action 
files, even
                    though the documentation stated that they were allowed.
                
                * Tue Jul 29 2014 tog...@opensuse.org
                - Update to version 4.6.2.3 For more details see changelog.txt 
and
                  releasenotes.txt
                  * Previously, the compiler would fail with a Perl diagnostic 
if:
                    + Optimize Level 8 was enabled.
                    + Perl 5.20 was being used. This is the current Perl 
version on
                    Arch Linux.
                    The diagnostic was:
                    Can't use string ("nat") as a HASH ref while "strict refs" 
in
                    use at /usr/share/shorewall/Shorewall/Chains.pm line 3486.
                
                * Fri Jul 25 2014 tog...@opensuse.org
                - Update to version 4.6.2.2 For more details see changelog.txt 
and
                  releasenotes.txt
                  * The compiler now correctly detects the IPv6 "Header Match"
                    capability when LOAD_MODULES_ONLY=No.
                  * The compiler now correctly detects the IPv6 "Ipset Match"
                    capability on systems running a 3.14 or later kernel.
                  * The compiler now correctly detects "Arptables JF" capability
                    when LOAD_MODULES_ONLY=No.
                  * The tcfilter manpages previously failed to mention that
                    BASIC_FILTERS=Yes is required to use ipsets in the tcfilters
                    files.
                ...


I've not see this error before, and haven't yet found it online.

How/what can I troubleshoot to determine/identify the specific source of the 
problem -- shorewall or packaging?


------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to