#3435 TOS tables refers to Zones and not to Interfaces

1.480
open
Jamie Cameron
5
2009-07-01
2009-07-01
matthieu gaillet
No

Hi,

I just discovered kind of a bug in Webmin 1.480 in the Shorewall module. The documentation states clearly that the TOS table should refer to Interfaces and not to Zones (cf http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg08219.html), at least using the shorewall-perl version, which is becoming the de facto standard because the -shell version seems to be abandonned.

Please make sure the TOS table editor does not refer to Zones anymore...

Thanks for the incredible work who helped me to actually learn unix administration from scratch with a steep learning curve, much more that if I had to lay only with the command line and configuration files.

Matthieu

Discussion

  • Jamie Cameron
    Jamie Cameron
    2009-07-01

    Sounds like the format may have changed. Do you know which Shorewall version this happened in?

     
  • No idea. Basically there are two kinds of distributions which doesn't follow the same rules :

    From the documentation - please notice the distinction between shorewall-perl and shorewall-shell :

    /etc/shorewall/tos
    Description

    This file defines rules for setting Type Of Service (TOS)

    The columns in the file are as follows.

    SOURCE - {zone[:address]|all|$FW} (Shorewall-shell)

    Name of a zone declared in shorewall-zones(5), all or $FW.

    If not all or $FW, may optionally be followed by ":" and an IP address, a MAC address, a subnet specification or the name of an interface.

    Example: loc:192.168.2.3

    MAC addresses must be prefixed with "~" and use "-" as a separator.

    Example: ~00-A0-C9-15-39-78

    -or-

    SOURCE - {all|address]|all:address|$FW} (Shorewall-perl)

    If all, may optionally be followed by ":" and an IP address, a MAC address, a subnet specification or the name of an interface.

    Example: all:192.168.2.3

    MAC addresses must be prefixed with "~" and use "-" as a separator.

    Example: ~00-A0-C9-15-39-78

    -the same applies for DEST-

    From the Shorewall.net welcome page :

    End-of-life for Shorewall-shell in Shorewall 4.4
    The Shorewall 4.4 release in late 2009 will not include Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the 4.0 release of Shorewall-shell will continue to be supported until Debian Squeeze is released. The 4.2 release of Shorewall-shell will continue to be supported until Shorewall 4.6 is released in 2010.

    Shorewall-shell users are encouraged to migrate to Shorewall-perl at the earliest opportunity. Users who run Shorewall-shell on an embedded system that is too small to support Perl should consider switching to Shorewall-lite with Shorewall-perl installed on an administrative system (may be a Windows[tm] system running Cygwin[tm]).

     
  • Jamie Cameron
    Jamie Cameron
    2009-07-02

    Ok, thanks for the info. At the moment Webmin doesn't support the new perl version of Shorewall .. It's a pity they didn't keep the same config file format for the perl re-write.