The maintainer is probably aware of this, so this is just in case this wasn't noticed. I imagine he might want to either patch the versions of shorewall in portage or move everybody up to 4.4.22.1. From http://www.shorewall.net/Notices.html#ALLBUG --------------------------------------------------------------------------- Nasty Bug in Shorewall 4.4.13-4.4.22 A bug in recent versions of Shorewall can result in rules that are wider in scope than intended. If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name. Users who are running one of these versions of Shorewall and who have zone names beginning with 'all' are urged to either: Rename the zone(s) to now begin with 'all'; or Upgrade to Shorewall 4.4.22.1 or later. ----------------------------------------------------------------------------- Reproducible: Always Steps to Reproduce: I can't reproduce as I am not affected. Actual Results: N/A Expected Results: N/A There seems to be a patch for the affected versions. The patch was not attached to the mailing list digest I get, and I could not find it in the web-based mailing list archive. Excerpted from shorewall-users@lists.sourceforge.net: ---------------------------------------------------------------------------- A bug in recent versions of Shorewall can result in rules that are wider in scope than intended. If a zone name begins with 'all', then rules referring to that zone are incorrectly handled as if the keyword 'all' had been entered rather than the zone name. Shorewall releases affected are 4.4.13 - 4.4.22. The attached patch applies to all of these releases. a) Save the patch b) As root, execute this command: patch /usr/share/shorewall/Shorewall/Rules.pm < ALL.patch The patch will apply with an offset on releases prior to 4.4.22. Example (4.4.13): patch /usr/share/shorewall/Shorewall/Rules.pm < ~/ALL.patch patching file /usr/share/shorewall/Shorewall/Rules.pm Hunk #1 succeeded at 1548 (offset -704 lines). ----------------------------------------------------------------------------
Thanks for telling me, I'm a she btw ;) I applied the patch for the stable version (4.4.15.1-r1) and added 4.4.22.1 for the unstable users to the tree.
My humble apologies, Constanze who is a she, and thank you. :)