Re: [Shorewall-users] regression in 4.5

Mon, 08 Apr 2013 15:56:18 -0700 

On 4/8/13 3:12 PM, "Farkas Levente" <lfar...@lfarkas.org> wrote:

>On 04/08/2013 11:59 PM, Tom Eastep wrote:
>> On 4/8/13 11:56 AM, "Farkas Levente" <lfar...@lfarkas.org> wrote:
>> 
>>> hi,
>>> in a master shorewall-lite setup before 4.5 it was possible to out such
>>> a line into params (on the master):
>>>
>>> INCLUDE ../common/params
>>>
>>> it's no longer possible since it gives this error:
>>>
>>> /usr/share/shorewall/lib.common: line 708:
>>> /etc/shorewall/../common/params: No such file or directory
>> 
>> 
>> What is the current working directory when you see this? What command
>>did
>> you enter?
>
>the master's directory for the lite server (which is the lite server's
>hostname) and the command:
>/sbin/shorewall reload -s -c -T $(basename `pwd`)

I'm unable to reproduce that result.

teastep@gateway:~/sami$ ls
common  shorewall  shorewall6
teastep@gateway:~/sami$ tail common/params
#
#       The result will be the same as if the record had been written
#
#               net     eth0            130.252.100.255 routefilter,norfc1918
#
###########################################################################
####
A=1
B=2
echo "A=1 and B=2"
#LAST LINE -- DO NOT REMOVE
teastep@gateway:~/sami$ cd shorewall
teastep@gateway:~/sami/shorewall$ cat params
INCLUDE ../common/params
teastep@gateway:~/sami/shorewall$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-xxtibA9344/agent.9344; export SSH_AUTH_SOCK;
SSH_AGENT_PID=9345; export SSH_AGENT_PID;
echo Agent pid 9345;
teastep@gateway:~/sami/shorewall$
SSH_AUTH_SOCK=/tmp/ssh-xxtibA9344/agent.9344; export SSH_AUTH_SOCK;
teastep@gateway:~/sami/shorewall$ SSH_AGENT_PID=9345; export SSH_AGENT_PID;
teastep@gateway:~/sami/shorewall$ ssh-add ~/.ssh/id_dsa
Enter passphrase for /home/teastep/.ssh/id_dsa:
Identity added: /home/teastep/.ssh/id_dsa (/home/teastep/.ssh/id_dsa)
teastep@gateway:~/sami/shorewall$ shorewall reload -s -c -T sami
A=1 and B=2
A=1 and B=2
Processing /home/teastep/sami/shorewall/params ...
A=1 and B=2
Processing /home/teastep/sami/shorewall/shorewall.conf...
Compiling /home/teastep/sami/shorewall/zones...
Compiling /home/teastep/sami/shorewall/interfaces...
Compiling /home/teastep/sami/shorewall/hosts...
Determining Hosts in Zones...
Locating Action Files...
Compiling /home/teastep/sami/shorewall/policy...
Running /home/teastep/sami/shorewall/initdone...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /home/teastep/sami/shorewall/providers...
Compiling /home/teastep/sami/shorewall/routes...
   WARNING: No NULL_ROUTE_RFC1918 route added for 10.0.0.0/8; there is
already a route to that network defined in the routes file at
/usr/share/shorewall/Shorewall/Providers.pm line 1191
        Shorewall::Providers::setup_null_routing() called at
/usr/share/shorewall/Shorewall/Providers.pm line 1520
        Shorewall::Providers::setup_providers() called at
/usr/share/shorewall/Shorewall/Compiler.pm line 779
        Shorewall::Compiler::compiler('script', './firewall', 'directory', .,
'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/share/shorewall/compiler.pl line 145
Compiling /home/teastep/sami/shorewall/arprules...
Compiling MAC Filtration -- Phase 1...
Compiling /home/teastep/sami/shorewall/rules...
Compiling /home/teastep/sami/shorewall/conntrack...
Compiling /home/teastep/sami/shorewall/tunnels...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /home/teastep/sami/shorewall/accounting...
Generating Rule Matrix...
Optimizing Ruleset...
Creating iptables-restore input...
Shorewall configuration compiled to /home/teastep/sami/shorewall/firewall
Copying /home/teastep/sami/shorewall/firewall and
/home/teastep/sami/shorewall/firewall.conf to
sami:/var/lib/shorewall-lite...
firewall           
                   
                100%   89KB  88.8KB/s   00:00
firewall.conf      
                   
                100%  996     1.0KB/s   00:00
Copy complete
Restarting Shorewall Lite....
Initializing...
Processing init user exit ...
Processing tcclear user exit ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Adding Providers...
Null Routing the RFC 1918 subnets
Preparing iptables-restore input...
Running /usr/local/sbin/iptables-restore...
Preparing arptables-restore input...
Running /sbin/arptables-restore...
IPv4 Forwarding Disabled!
Processing start user exit ...
Processing started user exit ...
done.
System sami reloaded
   Currently-running Configuration Saved to /var/lib/shorewall-lite/restore
Configuration on system sami saved
teastep@gateway:~/sami/shorewall$


What are you doing different from the above?

-Tom
You do not need a parachute to skydive. You only need a parachute to
skydive twice.





------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to