Hello,
We have a problem since upraded shorewall from shorewall-4.0.15-1 to
shorewall-4.4.23.3-1 running on Centos 6.1.
The problem is that our own defined params file in
/etc/shorewall/puppet/params seems not to be read. Thus shorewall
complains about shell variables not being defined. This is strange
because all other files in /etc/shorewall/puppet (blacklist hosts
interfaces masq nat policy providers proxyarp rfc1918
routestopped rules zones) seem to be read, though.
We defined in /etc/shorewall/shorewall.conf and
/usr/share/shorewall/configfile/shorewall.conf the CONFIG_PATH variable
as follows:
CONFIG_PATH=/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall
If I start shorewall with "shorewall debug start" I get:
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
WARNING: RFC1918_LOG_LEVEL=6 ignored. The 'norfc1918' interface/host
option is no longer supported
Compiling /etc/shorewall/puppet/zones...
Compiling /etc/shorewall/puppet/interfaces...
WARNING: Support for the norfc1918 interface option has been removed
from Shorewall : /etc/shorewall/puppet/interfaces (line 11)
Determining Hosts in Zones...
Locating Action Files...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Invalid for chain Invalid...
Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /etc/shorewall/puppet/policy...
ERROR: Undefined shell variable ($LOG) : /etc/shorewall/puppet/policy
(line 17)
There I see that only /etc/shorewall/params is read.
If I make a soft link "params" poiting to /etc/shorewall/puppet/params
shorewall starts fine.
Strange as well is, if a I do:
strace -o /tmp/shorewall.out shorewall start
I see following entries in /tmp/shorewall.out:
read(3, "/etc/shorewall/puppet/params\n", 128) = 29
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 5425
wait4(-1, 0x7fff5d5e739c, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 29
read(3, "", 128) = 0
close(3) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x43d210, [], SA_RESTORER, 0x39fe832a20},
{SIG_DFL, [], SA_RESTORER, 0x39fe832a20}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x39fe832a20},
{0x43d210, [], SA_RESTORER, 0x39fe832a20}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/etc/shorewall/puppet/params", {st_mode=S_IFREG|0600,
st_size=1828, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
open("/etc/shorewall/puppet/params", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=1828, ...}) = 0
read(3, "#\n# Shorewall version 3.4 - Para"..., 1828) = 1828
close(3) = 0
showing /etc/shorewall/puppet/params is read???
Does anybody can help me with that, because I dont like
the soft link solution....
The command:
"shorewall show config"
gives me following output:
Default CONFIG_PATH is /etc/shorewall:/usr/share/shorewall
Default VARDIR is /var/lib/shorewall
LIBEXEC is /usr/libexec
Attached you find the output of:
/sbin/shorewall trace start 2> /tmp/trace
Thanks for any help in advance.
cheers
peter
--
Peter Mumenthaler
Linux System-Ingenieur
Puzzle ITC GmbH
www.puzzle.ch
Telefon +41 31 370 22 00
Direkt +41 31 370 22 34
Mobile +41 78 892 84 86
Fax +41 31 370 22 01
Werfen Sie einen Blick in unseren Blog:
<http://www.puzzle.ch/blog>
WARNING: RFC1918_LOG_LEVEL=6 ignored. The 'norfc1918' interface/host option
is no longer supported at /usr/share/perl5/Shorewall/Config.pm line 3708
Shorewall::Config::get_configuration(0, 0, 0) called at
/usr/share/perl5/Shorewall/Compiler.pm line 598
Shorewall::Compiler::compiler('script', '/var/lib/shorewall/.start',
'directory', '', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/libexec/shorewall/compiler.pl line 123
WARNING: Support for the norfc1918 interface option has been removed from
Shorewall : /etc/shorewall/puppet/interfaces (line 11) at
/usr/share/perl5/Shorewall/Zones.pm line 1084
Shorewall::Zones::process_interface(1, 0) called at
/usr/share/perl5/Shorewall/Zones.pm line 1152
Shorewall::Zones::validate_interfaces_file(0) called at
/usr/share/perl5/Shorewall/Compiler.pm line 630
Shorewall::Compiler::compiler('script', '/var/lib/shorewall/.start',
'directory', '', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/libexec/shorewall/compiler.pl line 123
ERROR: Undefined shell variable ($LOG) : /etc/shorewall/puppet/policy (line
17) at /usr/share/perl5/Shorewall/Config.pm line 797
Shorewall::Config::fatal_error('Undefined shell variable ($LOG)')
called at /usr/share/perl5/Shorewall/Config.pm line 1903
Shorewall::Config::expand_variables('SCALAR(0x218b530)') called at
/usr/share/perl5/Shorewall/Config.pm line 1989
Shorewall::Config::read_a_line() called at
/usr/share/perl5/Shorewall/Rules.pm line 513
Shorewall::Rules::process_policies() called at
/usr/share/perl5/Shorewall/Compiler.pm line 647
Shorewall::Compiler::compiler('script', '/var/lib/shorewall/.start',
'directory', '', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/libexec/shorewall/compiler.pl line 123
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users