Re: [Leaf-devel] New shorewall .lrp
Hello Tom > I've corrected the problem that Ewald reported with Shorewall and busybox > grep and have built a new .lrp. You can find it at: > As far as I can see know everything functions fine Thanks > http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > Download with netscape now also possible without errors :) > -Tom > -- > Tom Eastep \ Alt Email: [EMAIL PROTECTED] > ICQ #60745924 \ Websites: http://seawall.sourceforge.net > [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org > Shoreline, Washington USA \ http://shorewall.sourceforge.net >\_ > Eric Wolzak http://leaf.sourceforge.net/devel/ericw ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Eric Wolzak: > Hello Tom > > I've corrected the problem that Ewald reported with Shorewall and busybox > > grep and have built a new .lrp. You can find it at: > > > As far as I can see know everything functions fine Thanks for the update, Eric. -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Kernel 2.4.x
On Sun, 8 Apr 2001, George Metz wrote: > Oh wow. That'll teach me to compile when I'm tired. > > Okay gang, skip the kernel, I need to do a recompile. Forgot to include > support for MS-DOS filesystems. Got it fixed, with the disk images updated, the page updated, and all that other happy goodness. This time I set the experimental options to on and included all the default experimental modules - non-patch-o-matic - for IPTables in the modules.lrp. The disk image is getting tighter; down to 49k free for the 1.44M image. I've got a few ideas, but it's late, and I'm tired and stuff. Sheesh. Can't BELIEVE I forgot DOS support. Oi. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Kernel 2.4.x
On Sun, 8 Apr 2001, Mike Noyes wrote: > George, > That's alright. I should have created one from the information on your > devel page. It must have slipped my mind too. Naw, I can do it. You've got plenty on your plate. =) Speaking of the News stuff, I'm not sure I have a login for phpWebSite, which might explain the total lack of a way to post News items. =) If you could take care of that for me, that'd be great, yeah. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Netscape download problems FAQ
On Tue, 10 Apr 2001, Mike Noyes wrote: > [EMAIL PROTECTED], 2001-04-10 21:28 -0700 > >Having the mime-type in place, apparently Netscape now recognizes that an > >lrp file is binary even without specifying the type in the URL. > > Jeff, > That's what I got too. I added the following helper application definition > to Netscape 4.77 for Win. > > Description of type: Binary > File extension: lrp,o > MIME Type: application/octet-stream > Application to use: "%1" %* This "Application to use" is broken, since "%1" is the name of the file, not the name of an application. If Netscape is set to download the file, then this won't hurt Netscape, but it will cause normal double-clicks in Windows Explorer to break. [...] --- Jeff NewmillerThe . . Go Live... DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live Go... Work:<[EMAIL PROTECTED]> Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Hello Tom
> Thus spoke Eric Wolzak:
>
> > Hello Tom
> > > I've corrected the problem that Ewald reported with Shorewall and busybox
> > > grep and have built a new .lrp. You can find it at:
> > >
> > As far as I can see know everything functions fine
>
I 'm sorry to have to report that there is still a problem with the
eigerstein ash
this is the part with the failures from the debug trace
+ [ -n # ]
+ read target client server protocol port cport address
+ echo #
###
+ rule=#
###
+ [ -n #
### ]
+ read target client server protocol port cport address
+ echo #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS
+ rule=#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS
+ [ -n #RESULT ]
+ read target client server protocol port cport address
+ echo ACCEPT local:eth1 fw:192.168.1.10 tcp www
+ rule=ACCEPT local:eth1 fw:192.168.1.10 tcp www
+ [ -n ACCEPT ]
+ process_rule
+ [ ACCEPT = ACCEPT ]
+ loglevel=
+ [ local:eth1 = local eàì^F^HÐì^F^Hìì^F^H×ì^F^H] ] ---point A
[: eàì^F^HÐì^F^Hìì^F^H×ì^F^H]: unknown operand
+ clientzone=local
+ client=eth1
+ source=
+ [ net = local ]
+ [ local = local ]
+ source=local
+ break
+ [ -z local ]
+ [ local = fw ]
+ eval source_hosts=$local_hosts
+ source_hosts=eth1:192.168.1.0/24
+ [ -n eth1 ]
+ client=-i eth1
+ dest_interface=
+ [ fw:192.168.1.10 = fw äì^F^HØì^F^Hðì^F^HÜì^F^H] ] ---point B
[: äì^F^HØì^F^Hðì^F^HÜì^F^H]: unknown operand
+ serverzone=f
+ server=192.168.1.10
+ [ 192.168.1.10 != 192.168.1.10 ]
+ serverport=
+ [ -n 192.168.1.10 ]
+ dest=
+ [ net = f ]
+ [ local = f ]
+ [ dmz = f ]
+ [ gw = f ]
+ [ fw = f ]
+ [ -z ]
+ echo Warning: Undefined Server Zone - rule "ACCEPT local:eth1 fw:192.168.1.10
tcp www" ignored
Warning: Undefined Server Zone - rule "ACCEPT local:eth1 fw:192.168.1.10 tcp www
" ignored
+ return
+ read target client server protocol port cport address
+ echo #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+ rule=#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+ [ -n #LAST ]
+ read target client server protocol port cport address
+ echo
+ rule=
+ [ -n ]
The errors occur at the following parts of shorewall
A) beginning of proces_rule
if [ "$client" = "${client%:*}" ]; then
clientzone="$client"
client=
else
The result is correct but I don't understand why this strange output
occurs. With the same values on the commandline, the function is
ok. ( I will update the ash myself, but it would be good if this would
function for the other that remain with eigerstein)
B)
This is still a problem with the ${server%%:*} type
in proces_rule
serverzone="${server%%:*}"
server="${server#*:}"
> Thanks for the update, Eric.
>
> -Tom
> --
> Tom Eastep \ Alt Email: [EMAIL PROTECTED]
> ICQ #60745924 \ Websites: http://seawall.sourceforge.net
> [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org
> Shoreline, Washington USA \ http://shorewall.sourceforge.net
>\_
>
Almost there tom :)
Eric Wolzak
http://leaf.sourceforge.net/devel/ericw
___
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Hi Eric, Thus spoke Eric Wolzak: > Hello Tom > > > Thus spoke Eric Wolzak: > > > > > Hello Tom > > > > I've corrected the problem that Ewald reported with Shorewall and busybox > > > > grep and have built a new .lrp. You can find it at: > > > > > > > As far as I can see know everything functions fine > > > I 'm sorry to have to report that there is still a problem with the > eigerstein ash Yes there is but you're going to have to replace your shell with the one from my website because the Eigerstein one is totally broken in its handling of some forms of variable expansion. I would have to rewrite large amounts of the firewall script to get around this shell bug > this is the part with the failures from the debug trace > > + [ -n # ] > + read target client server protocol port cport address > + echo # > ### > + rule=# > ### > + [ -n # > ### ] > + read target client server protocol port cport address > + echo #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS > + rule=#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS > + [ -n #RESULT ] > + read target client server protocol port cport address > + echo ACCEPT local:eth1 fw:192.168.1.10 tcp www > + rule=ACCEPT local:eth1 fw:192.168.1.10 tcp www > + [ -n ACCEPT ] > + process_rule > + [ ACCEPT = ACCEPT ] > + loglevel= > + [ local:eth1 = local eàì^F^HÐì^F^Hìì^F^H×ì^F^H] ] ---point A > [: eàì^F^HÐì^F^Hìì^F^H×ì^F^H]: unknown operand Yep -- that's it. You can get a corrected shell from: http://seattlefirewall.dyndns.org/pub/shorewall/ash.gz -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Tom Eastep wrote: > I've corrected the problem that Ewald reported with Shorewall and busybox > grep and have built a new .lrp. You can find it at: > > http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > And it works! Hooray! Ewald Wasscher ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Ewald Wasscher: > Tom Eastep wrote: > > > I've corrected the problem that Ewald reported with Shorewall and busybox > > grep and have built a new .lrp. You can find it at: > > > > http://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > > ftp://seattlefirewall.dyndns.org/pub/shorewall/shorwall-1.1.1b.lrp > > > And it works! Hooray! > Great! Thanks for the report, Ewald. -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Tom Eastep wrote >>> >> And it works! Hooray! >> However I forgot to mention that: /etc/shorewall/rules is missing in /var/lib/lrpkg/shorwall.conf I suppose it should be there. When trying to edit the policy file through lrcfg it passes "/etc/shorewall/policy " to ae. ae chokes on the extra space at the end, and can't find the policy file. Ewald Wasscher ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] New shorewall .lrp
Thus spoke Ewald Wasscher: > > When trying to edit the policy file through lrcfg it passes > "/etc/shorewall/policy " to ae. ae chokes on the extra space at the end, > and can't find the policy file. > Drat -- I thought I had fixed that -Tom -- Tom Eastep \ Alt Email: [EMAIL PROTECTED] ICQ #60745924 \ Websites: http://seawall.sourceforge.net [EMAIL PROTECTED] \ http://seattlefirewall.dyndns.org Shoreline, Washington USA \ http://shorewall.sourceforge.net \_ ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Oxygen (glibc 2.1 based) Development Snapshot Available
I've fixed a number of things. Updates: * Now more thoroughly uses the configuration file throughout and by default * packagelist parameter tested and debugged * "tiny" configuration uses package list to trim the packages to load from the boot disk even FURTHER which makes it even SMALLER * Lots of bug fixes * Fixed many package lists (which had no CR at end...) * Created Development Disk #2 with gdb * Won't load the package named in INITRD - no matter what it's name is! To do: * CONF= syntax * packagelist syntax * packages syntax (?) * Work over default configurations * Create cdrom configurations * Mold current snapshot into CDROM boot image Known bugs: * tinyps and busybox ps still SegFault * apkg -s may not always umount drive (?) The snapshot is at http://leaf.sourceforge.net/pub/oxygen/oxygen-2.1.3-041101.bin Tell me what you think of this ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Oxygen (glibc 2.1 based) Development SnapshotAvailable
> > The snapshot is at > http://leaf.sourceforge.net/pub/oxygen/oxygen-2.1.3-041101.bin > > Tell me what you think of this > I think I can't wait for DSL tomorrow... This is going to be fun. -- Jack Coates Monkeynoodle: It's what's for dinner! ___ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
