Re: [Shorewall-users] regression in 4.5

[Tom Eastep]

On 04/09/2013 06:08 AM, Farkas Levente wrote:
> On 04/09/2013 12:41 AM, Tom Eastep wrote:

>>> can happened. eg: tos file no longer working as in 4.4.
>>> this was my previous tos file:
>>>
>>> all     all             tcp             -               ssh             16
>>> all     all             tcp             ssh             -               16
>>> all     all             tcp             -               ftp             16
>>> all     all             tcp             ftp             -               16
>>> all     all             tcp             ftp-data        -               8
>>> all     all             tcp             -               ftp-data        8
>>> all     all             tcp             rsync           -               8
>>> all     all             tcp             -               rsync           8
>>>
>>> which now gives iptables error. Etc
>>
>> I fail to see how different versions of Shorewall and Shorewall-lite have
>> anything to do with that.
> 
> it's just another example when something goes wrong (which was working
> in 4.4):
> Running /sbin/iptables-restore...
> iptables-restore v1.3.5: Bad TOS value `0x10/0xff'
> Error occurred at line: 32
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>    ERROR: iptables-restore Failed. Input is in
> /var/lib/shorewall-lite/.iptables-restore-input
> Restoring Shorewall Lite...

Okay -- but it has nothing to do with incompatible versions of Shorewall
and Shorewall-lite.

It rather has to do with the very old version of iptables that you are
running; 0x10/0xff is accepted by later versions but not 1.3.5. I wasn't
aware of that, and hence I inadvertently broke the 'tos' match on
RHEL5-based systems.

I need to add a new capability to fix that.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users