Re: [Leaf-devel] New shorewall .lrp
Hello Tom I've corrected the problem that Ewald reported with Shorewall and busybox grep and have built a new .lrp. You can find it at: As far as I can see know everything functions fine Thanks http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp Download with netscape now also possible without errors :) -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ Eric Wolzak http://leaf.sourceforge.net/devel/ericw ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Eric Wolzak: Hello Tom I've corrected the problem that Ewald reported with Shorewall and busybox grep and have built a new .lrp. You can find it at: As far as I can see know everything functions fine Thanks for the update, Eric. -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Netscape download problems FAQ
On Tue, 10 Apr 2001, Mike Noyes wrote: [EMAIL PROTECTED], 2001-04-10 21:28 -0700 Having the mime-type in place, apparently Netscape now recognizes that an lrp file is binary even without specifying the type in the URL. Jeff, That's what I got too. I added the following helper application definition to Netscape 4.77 for Win. Description of type: Binary File extension: lrp,o MIME Type: application/octet-stream Application to use: "%1" %* This "Application to use" is broken, since "%1" is the name of the file, not the name of an application. If Netscape is set to download the file, then this won't hurt Netscape, but it will cause normal double-clicks in Windows Explorer to break. [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Work:[EMAIL PROTECTED] Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Hello Tom
Thus spoke Eric Wolzak:
Hello Tom
I've corrected the problem that Ewald reported with Shorewall and busybox
grep and have built a new .lrp. You can find it at:
As far as I can see know everything functions fine
I 'm sorry to have to report that there is still a problem with the
eigerstein ash
this is the part with the failures from the debug trace
+ [ -n # ]
+ read target client server protocol port cport address
+ echo #
###
+ rule=#
###
+ [ -n #
### ]
+ read target client server protocol port cport address
+ echo #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS
+ rule=#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS
+ [ -n #RESULT ]
+ read target client server protocol port cport address
+ echo ACCEPT local:eth1 fw:192.168.1.10 tcp www
+ rule=ACCEPT local:eth1 fw:192.168.1.10 tcp www
+ [ -n ACCEPT ]
+ process_rule
+ [ ACCEPT = ACCEPT ]
+ loglevel=
+ [ local:eth1 = local e^F^H^F^H^F^H^F^H] ] ---point A
[: e^F^H^F^H^F^H^F^H]: unknown operand
+ clientzone=local
+ client=eth1
+ source=
+ [ net = local ]
+ [ local = local ]
+ source=local
+ break
+ [ -z local ]
+ [ local = fw ]
+ eval source_hosts=$local_hosts
+ source_hosts=eth1:192.168.1.0/24
+ [ -n eth1 ]
+ client=-i eth1
+ dest_interface=
+ [ fw:192.168.1.10 = fw ^F^H^F^H^F^H^F^H] ] ---point B
[: ^F^H^F^H^F^H^F^H]: unknown operand
+ serverzone=f
+ server=192.168.1.10
+ [ 192.168.1.10 != 192.168.1.10 ]
+ serverport=
+ [ -n 192.168.1.10 ]
+ dest=
+ [ net = f ]
+ [ local = f ]
+ [ dmz = f ]
+ [ gw = f ]
+ [ fw = f ]
+ [ -z ]
+ echo Warning: Undefined Server Zone - rule "ACCEPT local:eth1 fw:192.168.1.10
tcp www" ignored
Warning: Undefined Server Zone - rule "ACCEPT local:eth1 fw:192.168.1.10 tcp www
" ignored
+ return
+ read target client server protocol port cport address
+ echo #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+ rule=#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+ [ -n #LAST ]
+ read target client server protocol port cport address
+ echo
+ rule=
+ [ -n ]
The errors occur at the following parts of shorewall
A) beginning of proces_rule
if [ "$client" = "${client%:*}" ]; then
clientzone="$client"
client=
else
The result is correct but I don't understand why this strange output
occurs. With the same values on the commandline, the function is
ok. ( I will update the ash myself, but it would be good if this would
function for the other that remain with eigerstein)
B)
This is still a problem with the ${server%%:*} type
in proces_rule
serverzone="${server%%:*}"
server="${server#*:}"
Thanks for the update, Eric.
-Tom
--
Tom Eastep \ Alt Email: [EMAIL PROTECTED]
ICQ #60745924 \ Websites: http://seawall.sourceforge.net
[EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org
Shoreline, Washington USA \ http://shorewall.sourceforge.net
\_
Almost there tom :)
Eric Wolzak
http://leaf.sourceforge.net/devel/ericw
___
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Hi Eric, Thus spoke Eric Wolzak: Hello Tom Thus spoke Eric Wolzak: Hello Tom I've corrected the problem that Ewald reported with Shorewall and busybox grep and have built a new .lrp. You can find it at: As far as I can see know everything functions fine I 'm sorry to have to report that there is still a problem with the eigerstein ash Yes there is but you're going to have to replace your shell with the one from my website because the Eigerstein one is totally broken in its handling of some forms of variable expansion. I would have to rewrite large amounts of the firewall script to get around this shell bug this is the part with the failures from the debug trace + [ -n # ] + read target client server protocol port cport address + echo # ### + rule=# ### + [ -n # ### ] + read target client server protocol port cport address + echo #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS + rule=#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS + [ -n #RESULT ] + read target client server protocol port cport address + echo ACCEPT local:eth1 fw:192.168.1.10 tcp www + rule=ACCEPT local:eth1 fw:192.168.1.10 tcp www + [ -n ACCEPT ] + process_rule + [ ACCEPT = ACCEPT ] + loglevel= + [ local:eth1 = local e^F^H^F^H^F^H^F^H] ] ---point A [: e^F^H^F^H^F^H^F^H]: unknown operand Yep -- that's it. You can get a corrected shell from: http://seattlefirewall.dyndns.org/pub/shorewall/ash.gz -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Tom Eastep wrote: I've corrected the problem that Ewald reported with Shorewall and busybox grep and have built a new .lrp. You can find it at: http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp And it works! Hooray! Ewald Wasscher ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Ewald Wasscher: Tom Eastep wrote: I've corrected the problem that Ewald reported with Shorewall and busybox grep and have built a new .lrp. You can find it at: http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp And it works! Hooray! Great! Thanks for the report, Ewald. -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Tom Eastep wrote And it works! Hooray! However I forgot to mention that: /etc/shorewall/rules is missing in /var/lib/lrpkg/shorwall.conf I suppose it should be there. When trying to edit the policy file through lrcfg it passes "/etc/shorewall/policy " to ae. ae chokes on the extra space at the end, and can't find the policy file. Ewald Wasscher ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Ewald Wasscher: When trying to edit the policy file through lrcfg it passes "/etc/shorewall/policy " to ae. ae chokes on the extra space at the end, and can't find the policy file. Drat -- I thought I had fixed that -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
