Re: [Shorewall-devel] Shorewall 4.6.12 Beta 1

Sun, 26 Jul 2015 12:25:09 -0700 

Hi,

Tom Eastep wrote:
> 2)  Previously, when Perl 5.18.0 or later was used with Shorewall,
>     multiple compilations of an unchanging configuration could produce
>     different but equivalent script files. Now, the script files
>     produced will be identical (accept for dates and times) for any
>     given Shorewall version.
> 
> I am particularly interested in having this second item tested -- I only
> discovered the issue after I upgraded my own firewall to Debian 8.1.

What I did on a Gentoo sytem with shorewall-4.6.11 and perl-5.22:

1) Copying the existing firewall script to /tmp (this was
   created on boot)

   # cp /var/lib/shorewall/firewall /tmp/fw0


2) Re-compile the shorewall

   # shorewall compile


3) Copy the new firewall script to for comparison

   # cp /var/lib/shorewall/firewall /tmp/fw1


I run step 2 & 3 multiple times.

Only between fw0 and fw1 I can see a difference:

> --- /tmp/fw0  2015-07-17 14:12:14.594729765 +0200
> +++ /tmp/fw1  2015-07-17 14:12:29.845025664 +0200
> @@ -1,6 +1,6 @@
>  #!/bin/sh
>  #
> -# Compiled firewall script generated by Shorewall 4.6.11 - Fri Jul 17 
> 12:02:30 2015
> +# Compiled firewall script generated by Shorewall 4.6.11 - Fri Jul 17 
> 14:12:23 2015
>  #
>  #   (c) 1999-2015 - Tom Eastep ([email protected])
>  #
> @@ -2293,7 +2293,7 @@
>      # From the params file
>      #
>      OLDPWD=
> -    SHLVL=3
> +    SHLVL=4
>  
>      g_stopping=
>  
> @@ -2334,7 +2334,7 @@
>  
>       cat >&3 << __EOF__
>  #
> -# Generated by Shorewall 4.6.11 - Fri Jul 17 12:02:30 2015
> +# Generated by Shorewall 4.6.11 - Fri Jul 17 14:12:23 2015
>  #
>  *raw
>  :PREROUTING ACCEPT [0:0]
> @@ -2816,7 +2816,7 @@
>  
>      $command <<__EOF__
>  #
> -# Generated by Shorewall 4.6.11 - Fri Jul 17 12:02:30 2015
> +# Generated by Shorewall 4.6.11 - Fri Jul 17 14:12:23 2015
>  #
>  *raw
>  :PREROUTING ACCEPT [0:0]
> @@ -2996,8 +2996,8 @@
>  # an SHA1 digest of this file. The digest is generated before the two 
> following
>  # lines are updated to contain the value of that digest.
>  #
> -g_sha1sum1=sha-lh-6cf755cd910dfaf8261d
> -g_sha1sum2=sha-rh-9ac0190d9069a569259f
> +g_sha1sum1=sha-lh-080ffb48881a8164b8a8
> +g_sha1sum2=sha-rh-766e6ed6681dcc6bca50
>  #
>  # Other Globals
>  #

Is it the SHLVL change you had noticed? This seems to be gone with
shorewall-4.6.12-Beta1.


-Thomas

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to