[Shorewall-users] Shorewall 1.2.11 bugs

Magnus Hyllander magnus.hyllander@jaczone.com
Wed, 17 Apr 2002 15:54:52 +0200


I believe I have found a typo in the shorewall script. I couldn't run the
"shorewall try" command, every time I tried it it just printed out the usage
instructions (which doesn't list the new timeout parameter by the way). In
the script there is a line:

[ $# -lt 2 -o $# -gt 3 ] || usage 1

about 13 lines form the end. If you change '||' to '&&' it works better :-).

Another "bug" I found today was that if I insert a '-' as the LOG LEVEL in
the policy file (like the instructions in the file say I can do), shorewall
will fail saying that '-' is an unknown log level. (Of course there wasn't
any real reason to insert a '-' since there aren't any more columns, but


-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net]On Behalf Of Tom Eastep
Sent: Saturday, 13 April, 2002 16:41
To: Shorewall Users; Shorewall Announcements
Subject: [Shorewall-users] Shorewall 1.2.11 Available

In this release:

1. The 'try' command now accepts an optional timeout. If the timeout is
   given in the command, the standard configuration will automatically
   be restarted after the new configuration has been running for that
   length of time. This prevents a remote admin from being locked out
   of the firewall in the case where the new configuration starts but
   prevents access.

2. Kernel route filtering may now be enabled globally using the new
   ROUTE_FILTER parameter in /etc/shorewall/shorewall.conf.

3. Individual IP source addresses and/or subnets may now be excluded
   from masquerading/SNAT.

4. Simple "Yes/No" and "On/Off" values are now case-insensitive in

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall-users mailing list