Beta 3 is now available for testing.
Problems Corrected:
1) The generated firewall script generates code to automatically
create ipsets that a referenced but that don't exist. That code was
broken in releases 4.4.22 and later. That defect has been
corrected. As part of this fix, the generated script will now
issue a warning message when it creates an ipset.
2) Nested TC classes could result in Perl diagnostics like this one:
Mar 24 22:42:14 dmz1 shorewall[839]: Use of uninitialized value in
numeric eq (==) at /usr/share/perl5/Shorewall/Tc.pm line 1042,
<$currentfile> line 13.
These harmless messages have been eliminated.
3) It is once again possible to omit the minimum length in the LENGTH
column of the tcrules file.
4) Under the following conditions, a compiler internal error was
raised:
- Extended conntrack match support is available.
- Repeat Match is not available.
- A DNAT rule specifies a destination port, a server port and
an original destination.
New Features:
5) The evolution of the Shorewall installation process
continues. Testers are invited to provide comments and suggestions
about the following.
Note: This feature has only been tested lightly but I need your help. I
plan several Betas to insure that this works when released to the
user population.
Beginning with this release, the installers accept a configuration
file as a parameter. Options set in the configuration file are as
follows:
BUILD (optional) -- Platform on which the installation is being
performed. Possible values are:
apple - OS X
archlinux - ArchLinux
cygwin - Cygwin running under Windows
debian - Debian and derivatives
linux - Generic Linux system
redhat - Fedora, RHEL and derivatives
suse - SLES and OpenSuSE
If no value is assigned, then the installer
will detect the platform.
HOST (Optional) -- Allowed values are same as for BUILD. If not
specified, the BUILD setting is used.
CONFDIR (Req'd) -- Directory where product configuration
directory is installed. Normally /etc.
SHAREDIR (Req'd) -- Directory where architecture-independent
product files are installed. Normally
/usr/share.
LIBEXECDIR (Req'd) -- Directory where product executables are
installed. Normally /usr/share or
/usr/libexec.
PERLLIBDIR (Req'd) -- Directory where Shorewall Perl modules are
to be installed. Traditionally
/usr/share/shorewall.
SBINDIR (Req'd) -- Directory where product CLI programs are
installed. Normally /sbin
MANDIR (Req.d) -- Directory where manpages are
installed. Mornally /usr/share/man.
INITFILE (Optional)
-- Optional. If given, specifies the installed
filename of the initscript. Normally
set to $PRODUCT which the installers expand
to the name of the product being installed.
If not specified, no init script will be
installed.
INITSOURCE (Optional)
-- Must be specified if INITFILE is specified.
Gives the name of the file to be installed
as the INITFILE.
INITDIR (Optional) -- Directory where SysV init scripts are
installed. Must be specified if INITFILE is
specified.
ANNOTATED (Optional)
-- If non-empty, indicates that the
configuration files are to be annotated with
manpage information. Normally empty.
SYSTEMD (Optional) -- Name of the directory where .service files
are to be installed. Should only be specified
on systems running systemd.
SYSCONFDIR (Optional)
-- Name of the directory where subsystem
init configuration information is stored.
On Debian and derivates, this is
/etc/default. On other systems, it is
/etc/sysconfig.
SYSCONFFILE (Optional)
-- Name of the file to be installed in the
SYSCONFIGDIR. The installed name of the file
will always be the product name (shorewall,
shorewall-lite, etc.)
SPARSE (Optional) -- If non-empty, causes only the .conf file to
be installed in
${CONFDIR}/${PRODUCT}/. Otherwise, all of
the product's skeleton configuration files
will be installed.
VARDIR (Required) -- Directory where product state information
is stored. Normally /var/lib.
This setting was previously stored in the
optional vardir file in the product's
configuration directory.
Each of the product tarballs contains a set of configuration files
for the various HOSTS:
shorewallrc.apple
shorewallrc.archlinux
shorewallrc.cygwin
shorewallrc.debian
shorewallrc.default (for HOST 'linux')
shorewallrc.redhat
shorewallrc.suse
The .spec files have been modified to use shorewallrc.%{_vendor}
as the configuration file for installation. To create a totally
custom installation, you can pick the file that comes closest to
what you want and modify it.
When Shorewall-core is installed on a system (with no PREFIX or
DESTDIR), it copies the specified configuration file into
root's ~/.shorewallrc. The ~/.shorewallrc file is then used, by
default, when installing the other packages. It is also used by the
CLI programs and the rules compiler to locate the installed files.
Note: For Shorewall-lite and Shorewall6-lite, the ~/.shorewallrc
file on the Firewall system determines where the components are
installed.
The configuration file is also installed in
${SHAREDIR}/shorewall/shorewallrc, thus allowing users other than
root to copy this file to $HOME/.shorewallrc.
Thank you for testing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
