Discussion:
[Shorewall-users] Shorewall 5.1.4.3
Tom Eastep
2017-06-19 23:49:27 UTC
Permalink
Shorewall 5.1.4.3 is now available for download. This release is of
primary interest to users running Shorewall6 on older distributions such
as RHEL6.

Problem Corrected:

1) When running on prior-generation distributions such as RHEL6,
IPv6 multi-ISP configurations failed to start due to an error such
as the following:

ERROR: Command "ip -6 -6 route replace default scope global
table 250 nexthop via ::192.88.99.1 dev tun6to4 weight 1"
Failed

Such configurations now start successfully.

Thank you for using Shorewall,

-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
Bruno Friedmann
2017-06-20 14:26:57 UTC
Permalink
Post by Tom Eastep
Shorewall 5.1.4.3 is now available for download. This release is of
primary interest to users running Shorewall6 on older distributions such
as RHEL6.
1) When running on prior-generation distributions such as RHEL6,
IPv6 multi-ISP configurations failed to start due to an error such
ERROR: Command "ip -6 -6 route replace default scope global
table 250 nexthop via ::192.88.99.1 dev tun6to4 weight 1"
Failed
Such configurations now start successfully.
Thank you for using Shorewall,
-Tom
Hi Tom, as package maintainer for openSUSE, I've one question.
We have a product line called Leap on which we try to minimize the changes an
end users can have to deal with.
So the last two version 42.1 and 42.2 I've stick to 4.6.13 series.

Now in one month we will have 42.3 released, and I wonder if I should continue
to be hard conservative and keep 4.6.13 or move the package to something never
?

As there's configuration migration to be done, I'm a bit reluctant as I don't
know how complex configuration end-users (normally admins) have setup.

On my side, I've successfully updated simple setup just with shorewall update
-a so I would say that nothing is really hard complicated right ?

Actually I've 5.1.4.3 packaged and ready for submission, if you tell me that
better for users to go for this version, then I will follow your advise.

Thanks for your feedback.
--
Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
Bareos Partner, openSUSE Member, fsfe fellowship
GPG KEY : D5C9B751C4653227
irc: tigerfoot
Tom Eastep
2017-06-20 16:04:52 UTC
Permalink
Post by Bruno Friedmann
Hi Tom, as package maintainer for openSUSE, I've one question.
We have a product line called Leap on which we try to minimize the changes an
end users can have to deal with.
So the last two version 42.1 and 42.2 I've stick to 4.6.13 series.
Now in one month we will have 42.3 released, and I wonder if I should continue
to be hard conservative and keep 4.6.13 or move the package to something never
?
As there's configuration migration to be done, I'm a bit reluctant as I don't
know how complex configuration end-users (normally admins) have setup.
On my side, I've successfully updated simple setup just with shorewall update
-a so I would say that nothing is really hard complicated right ?
Actually I've 5.1.4.3 packaged and ready for submission, if you tell me that
better for users to go for this version, then I will follow your advise.
Hi Bruno,

Migrating from 4.6.13 to 5.1.x is straightforward using 'shorewall
update -a'. I think that it important, however, to alert users that this
step is required, so that there isn't a lot of surprise and confusion
during the distribution upgrade. I am aware of one distribution that
actually runs 'update -a' as part of the RPM update process so that
users need not be aware of this requirement.

Does Leap have a mechanism to alert users when a release includes a
change that requires an additional conversion step?

-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
Bruno Friedmann
2017-06-20 16:36:29 UTC
Permalink
Post by Tom Eastep
Post by Bruno Friedmann
Hi Tom, as package maintainer for openSUSE, I've one question.
We have a product line called Leap on which we try to minimize the changes
an end users can have to deal with.
So the last two version 42.1 and 42.2 I've stick to 4.6.13 series.
Now in one month we will have 42.3 released, and I wonder if I should
continue to be hard conservative and keep 4.6.13 or move the package to
something never ?
As there's configuration migration to be done, I'm a bit reluctant as I
don't know how complex configuration end-users (normally admins) have
setup.
On my side, I've successfully updated simple setup just with shorewall
update -a so I would say that nothing is really hard complicated right ?
Actually I've 5.1.4.3 packaged and ready for submission, if you tell me
that better for users to go for this version, then I will follow your
advise.
Hi Bruno,
Migrating from 4.6.13 to 5.1.x is straightforward using 'shorewall
update -a'. I think that it important, however, to alert users that this
step is required, so that there isn't a lot of surprise and confusion
during the distribution upgrade. I am aware of one distribution that
actually runs 'update -a' as part of the RPM update process so that
users need not be aware of this requirement.
Does Leap have a mechanism to alert users when a release includes a
change that requires an additional conversion step?
-Tom
Thanks for that quick feedback, let open the way for an upgrade.

I can also put those kind of auto update in rpm, but I'm not really fan of
that kind of things. As packager I can handle and take responsabilites about
the software, now from my pov configuration is a things that users handle and
know. I can't know where and how people use shorewall (perhaps to generate
cofiguration pushed on other machine etc ...).
At least its the "way of thinking of rpm based distribution" which is
different of what debian derivative do.

But yes there's a release notes I will make addentum and perhaps also an echo
warning at installation time., also the changelog of the package mention that
each time it is recommended to do a update -a

best regards.
--
Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
Bareos Partner, openSUSE Member, fsfe fellowship
GPG KEY : D5C9B751C4653227
irc: tigerfoot
Loading...