On 7/26/2015 12:23 PM, Thomas D. wrote: > Hi, > > Tom Eastep wrote: >> 2) Previously, when Perl 5.18.0 or later was used with Shorewall, >> multiple compilations of an unchanging configuration could produce >> different but equivalent script files. Now, the script files >> produced will be identical (accept for dates and times) for any >> given Shorewall version. >> >> I am particularly interested in having this second item tested -- I only >> discovered the issue after I upgraded my own firewall to Debian 8.1. > What I did on a Gentoo sytem with shorewall-4.6.11 and perl-5.22: > > 1) Copying the existing firewall script to /tmp (this was > created on boot) > > # cp /var/lib/shorewall/firewall /tmp/fw0 > > > 2) Re-compile the shorewall > > # shorewall compile > > > 3) Copy the new firewall script to for comparison > > # cp /var/lib/shorewall/firewall /tmp/fw1 > > > I run step 2 & 3 multiple times. > > Only between fw0 and fw1 I can see a difference: > >> --- /tmp/fw0 2015-07-17 14:12:14.594729765 +0200 >> +++ /tmp/fw1 2015-07-17 14:12:29.845025664 +0200 >> @@ -1,6 +1,6 @@ >> #!/bin/sh >> # >> -# Compiled firewall script generated by Shorewall 4.6.11 - Fri Jul 17 >> 12:02:30 2015 >> +# Compiled firewall script generated by Shorewall 4.6.11 - Fri Jul 17 >> 14:12:23 2015 >> # >> # (c) 1999-2015 - Tom Eastep ([email protected]) >> # >> @@ -2293,7 +2293,7 @@ >> # From the params file >> # >> OLDPWD= >> - SHLVL=3 >> + SHLVL=4 >> >> g_stopping= >> >> @@ -2334,7 +2334,7 @@ >> >> cat >&3 << __EOF__ >> # >> -# Generated by Shorewall 4.6.11 - Fri Jul 17 12:02:30 2015 >> +# Generated by Shorewall 4.6.11 - Fri Jul 17 14:12:23 2015 >> # >> *raw >> :PREROUTING ACCEPT [0:0] >> @@ -2816,7 +2816,7 @@ >> >> $command <<__EOF__ >> # >> -# Generated by Shorewall 4.6.11 - Fri Jul 17 12:02:30 2015 >> +# Generated by Shorewall 4.6.11 - Fri Jul 17 14:12:23 2015 >> # >> *raw >> :PREROUTING ACCEPT [0:0] >> @@ -2996,8 +2996,8 @@ >> # an SHA1 digest of this file. The digest is generated before the two >> following >> # lines are updated to contain the value of that digest. >> # >> -g_sha1sum1=sha-lh-6cf755cd910dfaf8261d >> -g_sha1sum2=sha-rh-9ac0190d9069a569259f >> +g_sha1sum1=sha-lh-080ffb48881a8164b8a8 >> +g_sha1sum2=sha-rh-766e6ed6681dcc6bca50 >> # >> # Other Globals >> # > Is it the SHLVL change you had noticed? This seems to be gone with > shorewall-4.6.12-Beta1. No -- what I'm seeing in my regression tests is a re-ordering of rules. I'm also seeing different ~comb chains being used in successive compilations of the same configuration.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
