[Shorewall-users] :interface not optional in rules file after upgrading

Fri, 11 Jan 2013 17:20:21 -0800 

We don't upgrade very often, today I'm going from 4.4.25.2 to
4.5.11.2. I've upgraded and am working through the "shorewall check"
to ensure that our configs are compatible and fixing any changes. I've
been through the docs and upgrade notes several times on this one.

We have a single-interface firewall which is used to protect the
firewall host only i.e. a host-based firewall. This is in use on about
600 servers.

interfaces:
-       enet            physical=+

hosts:
net     enet:0.0.0.0/0
uw      enet:$N_ALL_UW_AFFILIATED

zones:
host    firewall
uw      ipv4
net     ipv4


This is the typical format of a rule in the rules file (included by a
SHELL directive):
ACCEPT          uw:homer.u.washington.edu       host    22

After upgrading to 4.5.11.2 and running shorewall check I get this error:
 ERROR: Unknown Interface (homer.u.washington.edu)
SHELL@/etc/shorewall/rules:17 (line 96)
      from /etc/shorewall/rules (line 17)

This can be fixed by adding the interface name like this:
ACCEPT          uw:enet:ref.cac.washington.edu  host    22

Yet the docs imply that the interface is optional (by showing it in
square brackets) as it always has in the past:

SOURCE - 
{zone|zone-list[+]|{all|any}[+][-]}[:interface][:{address-or-range[,address-or-range]...[exclusion]|exclusion|+ipset|^countrycode-list}

I don't really want to go through all our rules to add this and try to
retrain all my people to remember to put it in since it's supposed to
be optional. Did I not not read some recent change that made this
non-optional? Or are there config elements that now cause it to be
required?

Thanks,

-Eric

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122912
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to