Shorewall 3.0.1 Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 73144 [details] Shorewall 3.0.1 ebuild
Why are you filing duplicate bugs instead of continuing in the pending one?
I considered that 3.0.0 should be dropped/deleted. I thought I was doing ok, I guess not... sorry. What should I do then? Drop this report and go back to the old one?
Vieri, reopen the 3.0.0 bug, mark this bug a duplicate and then post your ebuild there.
Vieri, ignore Ray. This is fine now. Next time just append to an existing open bug report. Reopening and reattaching stuff now is just silly - its mucking around with no real gain.
If it's ok with Ray and Jakub, I'll follow your suggestion Daniel. Will be careful next time.
Created attachment 73607 [details] Shorewall 3.0.2 Shorewall 3.0.2 released.
Thanks for putting these up =) I really needed this today, and it was already here!!!
Created attachment 74022 [details] Shorewall 3.0.2 ebuild - fixes and enhancements Shorewall 3.0.2 ebuild: Makefile fix and Samples.
Created attachment 74023 [details] Shorewall-3.0.2 portage subdir Shorewall-3.0.2 portage subdir
Created attachment 74046 [details] Shorewall 3.0.2 ebuild Changed the way Samples should be stored.
Created attachment 74047 [details] Shorewall 3.0.2 portage subdir
Created attachment 74107 [details, diff] Shorewall 3.0.2 ebuild patch Just added an ewarn as suggested by Joshua Schmidlkofer.
Okies, I committed 3.0.2 to cvs with some modifications. Please keep the following in mind for the next bug you file: http://dev.gentoo.org/~ciaranm/docs/mw-faq/attachments.txt http://dev.gentoo.org/~ciaranm/docs/mw-faq/keywords.txt Thanks for reporting!
Created attachment 77418 [details] Shorewall 3.0.4 ebuild Identical ebuild. Version bump.
New package version.
In cvs, thanks. No need to attach an ebuild if you just renamed it. Cheers!
Shorewall 3.0.5: Identical ebuild. Version bump.
Thanks, bumped in cvs. x86: 3.0.4 may stabilized if you deem appropriate, so that we have a stable shorewall-3 release.
I've been using 3.0.4 on an ~x86 for quite some time. Yesterday, I upgraded to 3.0.4 on my stable x86 box, which is using quite non-trivial shorewall setup, what with multiple openvpn tunnels, local network and two zones for external interface. I'll mark stable if all goes ok for next few days. This said, merging shorewall config files is a PITA, all those commented examples really need their own *.example file to live in.
Created attachment 79495 [details] Shorewall 3.0.5 modified with Andrej's suggestions I agree with Andrej, although partially. Most config file merges are related to changes in comments and at first this may seem a PITA. However, this isn't too bad because it forces the user to read the comments (and thus avoid strange Shorewall behaviors). Personally I would leave it like this OR maybe we could change the ebuild so it leaves the /etc/shorewall dir blank and the user must copy the config files over from /usr/share/doc. Anyway I'm attaching a proposal. I know 3.0.5 is already out so this new attachment may be taken into consideration for the next release only.
My vote is for leaving it the way it is. The ebuild already gives a fair amount of warning that shorewall-3 differs a lot from shorewall-2. Having the ebuild behave differently if it finds /etc/shorewall isn't really good behavior and might be even more confusing. My 2 cents.
I'm running two "production" firewalls/gateways/routers on x86 with Shorewall 3.0.2 since it was released. Several openvpn and PPTP tunnels among other things. Looks stable to me although I leave it entirely to the x86 team. 3.0.4 and 3.0.5 are only on test systems so I haven't really "used" them for day to day work.
After bit more succssful playing with shorewall configuration, I think 3.0.4 is ok to go stable. Marked x86.
Marking bug as fixed.
Shorewall 3.0.6: version bump. Includes the "inet" fix mentioned previously.
Maybe the following einfo: * If you intend to use the 2.6 IPSEC Support, you must retrieve the * kernel patches from http://shorewall.net/pub/shorewall/contrib/IPSEC/ should be changed to: * If you intend to use the 2.6 IPSEC Support, you must retrieve the * kernel patches from http://shorewall.net/pub/shorewall/contrib/IPSEC/ * or install the latest kernel and make sure it supports policy match.
(In reply to comment #27) > Maybe the following einfo: > * If you intend to use the 2.6 IPSEC Support, you must retrieve the > * kernel patches from http://shorewall.net/pub/shorewall/contrib/IPSEC/ > should be changed to: > * If you intend to use the 2.6 IPSEC Support, you must retrieve the > * kernel patches from http://shorewall.net/pub/shorewall/contrib/IPSEC/ > * or install the latest kernel and make sure it supports policy match. Actually I would rather change it to: * If you intend to use the 2.6 IPSEC Support, you must retrieve the * kernel patches from http://shorewall.net/pub/shorewall/contrib/IPSEC/ * or install kernel 2.6.16+ and compile it with support for policy match. http://gentoo-wiki.com/HOWTO_Shorewall_Firewall_IPsec_VPN_and_2.6_kernel Can anyone please put the 3.0.6 version up in CVS?
I second Vieri's request: putting 3.0.6 in portage (bumping is enough) would be great as it contains some important fixes. Just spent hours on a server with OpenVPN and Shorewall, just to realize that the routeback option in the hosts file was silently ignored because of a bug. *argh* Made an overlay for 3.0.6 and things work just fine now.
Hi, Sorry, I have been busy. 3.0.6 is now in CVS, I added Vieri's new einfo line to the ebuild. Thanks!
Shorewall 3.0.7: version bump. Maybe the following einfo should be added: * Whether upgrading or installing you should run "shorewall check", correct any errors found and run "shorewall restart|start".
I suggest marking 3.0.6 as stable on x86 and amd64 and putting 3.0.7 up as unstable.
Thanks, bumped to 3.0.7 in cvs. x86, amd64: stable keywording up to you.
I've been using 3.0.6 since it got released on my stable box, and it works. Marked stable on x86.
Version bump request for Shorewall 3.0.8. Same ebuild tested on x86 and amd64.
Shorewall 3.2 ebuild proposals at: http://bugs.gentoo.org/show_bug.cgi?id=140001 This 3.0 bug should still be kept open due to future releases in this branch. I think Marcelo Goes has been very busy lately (devaway). Can someone else have a look at the 3.2 ebuilds?
(In reply to comment #36) > Shorewall 3.2 ebuild proposals at: > http://bugs.gentoo.org/show_bug.cgi?id=140001 > > This 3.0 bug should still be kept open due to future releases in this branch. > > I think Marcelo Goes has been very busy lately (devaway). Can someone else have > a look at the 3.2 ebuilds? > I'll have a look at 3.2, as well as on 3.0.8 bump as time permits, sometimes this week.
There, 3.0.8 added to Portage, and perhaps 3.0.7 is ripe for getting marked stable, and it indeed works nicely on my two stable boxes. I'll leave that for Marcelo for decide, though.
Andrej, feel free to stabilize it :-).
Thank you both. I am reopening this bug because 3.0.9 will come out surely. 3.2.0 is another branch thus it's ok to have 3.2 out before 3.0.9 (http://bugs.gentoo.org/show_bug.cgi?id=140001).
Requesting 3.0.8 to go stable on x86 and amd64.
Maybe setting up an overlay for shorewall (or net-firewall as a whole) could be interesting? http://overlays.gentoo.org
(In reply to comment #41) > Requesting 3.0.8 to go stable on x86 and amd64. > 3.0.8 appears to work fine on my stable amd64 box (I am an amd64 AT). If maintainer is willing it should be OK to keyword stable on amd64 (out 30+ days, no open bugs). As 3.0.8 is not stable on any arch I will refrain from logging a bug with the amd64 arch team until a dev chimes in that this is OK from netmon's standpoint.
feel free to stabilize it, though I just added 3.2.3 to the tree...
I'm using 3.0.8 since it got into the tree, and it works. Marked x86.
(In reply to comment #44) > feel free to stabilize it, though I just added 3.2.3 to the tree... Thanks. 3.0 is the "older" shorewall series and it really is safe to mark it stable (currently 3.0.8). 3.2 is the "newer" shorewall series and personally I think it should still be kept unstable for a while.
shorewall 3.0.9 version bump. Andrej or someone else, please? (It should finally close this bug.)
Bumped both to latest versions
