diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index f4fdcdf1d..58f3967ed 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -698,9 +698,7 @@ compile_command() {
export EXPORT
- if [ x$file != x- ]; then
- progress_message3 "Compiling..."
- fi
+ [ "x$file" = x- ] || progress_message3 "Compiling..."
compiler $debugging compile $file
}
diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6
index d3ebddd8e..5c8e4b2e3 100755
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@@ -610,9 +610,7 @@ compile_command() {
export EXPORT
- if [ x$file != x- ]; then
- progress_message3 "Compiling..."
- fi
+ [ "x$file" = x- ] || progress_message3 "Compiling..."
compiler exec $debugging compile $file
}
diff --git a/web/Notices.html b/web/Notices.html
index 15bb3c58d..f8d290385 100644
--- a/web/Notices.html
+++ b/web/Notices.html
@@ -1,181 +1,181 @@
-
-
-
-
- Shorewall Notices
-
-
-
-
-
-
-
-
2009-04-18
-
-End-of-life for Shorewall-shell in
-Shorewall 4.4
-
-The Shorewall 4.4 release in late 2009 will not include
-Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the
-4.0 release of Shorewall-shell will continue to be supported until
-Debian Squeeze is released. The 4.2 release of Shorewall-shell will
-continue to be supported until Shorewall 4.6 is released in 2010.
-
-Shorewall-shell users are encouraged to
-migrate to Shorewall-perl at the earliest opportunity. Users who
-run Shorewall-shell on an embedded system that is too small to support
-Perl should consider switching to Shorewall-lite
-with Shorewall-perl installed on an administrative system (may be a
-Windows[tm] system running Cygwin[tm]).
-Attention
-Shorewall-perl 4.2 Users
-Shorewall-perl 4.2.8
-Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename
-the generated script file with the result that it was removed when the
-compiler terminated. This lead to:
-
- - It was not possible to start Shorewall or Shorewall6 for the
-first time after installing 4.2.8
- - Changes to the configuration were apparently ignored.
-
-This problem was corrected in Shorewall-perl-4.2.8.1.
-Shorewall-perl 4.2.6 and Earlier
-
-On February 28, Klemens Rutz reported a problem that affects all
-Shorewall-perl 4.2 versions prior to 4.2.6.1.
-
-The problem:
-
- - Only occurs when there are multiple non-firewall zones.
- - Results in the following interface options not being applied to
-forwarded traffic.
-
-blacklist
-dhcp
-maclist (when MACLIST_TABLE=filter)
-norfc1918
-nosmurfs
-tcpflags
-
-
-User are encouraged to either:
-
- - Upgrade to Shorewall-perl-4.2.6.1 or later; or
- - Apply the patch found at:
-
-
-
-To apply the patch, execute this
-command:
-
-
-
patch /usr/share/shorewall-perl/Shorewall/Rules.pm < forward.patch
-
The patch may apply with fuzz and/or an
-offset, depending on your particular version.
-
-A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and
-Shorewall-shell
-4.0.0-4.0.2 prevents proper handling of PREROUTING marks when
-HIGH_ROUTE_MARKS=No and the track option is
-specified.
-Patches are available to correct this problem:
-Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff
-Shorewall version 3.4.4-3.4.6: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff
-Shorewall-shell version 4.0.0-4.0.2: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff
-Note that a patch may succeed with an offset when applied to a
-release
-other than the one for which it was specifically prepared. For example,
-when
-the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release
-3.2.10) is applied to release 3.4.3, the following is the result:
-root@wookie:~# cd /usr/share/shorewall
-root@wookie/usr/share/shorewall#: patch < ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff
patching file compiler
Hunk #1 succeeded at 958 (offset -1669 lines).
root@wookie:/usr/share/shorewall#
-Update -- 7 November 2007
-A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and
-4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks
-when
-HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this
-problem:
-Shorewall version 3.2.3-3.2.11: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff
-Shorewall version 3.4.0-3.4.7: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff
-Shorewall version 4.0.0-4.0.5: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff
-and http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff.
-
-
-In Linux Kernel version 2.6.20, the Netfilter team changed Physdev
-Match
-so that it is no longer capable of supporting BRIDGING=Yes. The
-solutions
-available to users are to either:
-
- - Switch to using the technique described at http://www.shorewall.net/3.0/NewBridge.html;
-or
-
- - Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and
-follow the instructions at http://www1.shorewall.net/bridge-Shorewall-perl.html.
-
-
-The first approach allows you to switch back and forth between
-kernels
-older and newer than 2.6.20. The second approach is a better long-term
-solution.
-
-Attention Users of Kernel 2.4
-The Shorewall developers do not test Shorewall running on Kernel 2.4
-and we make no representation about the functionality of Shorewall on
-that Kernel. Any failure of Shorewall on Kernel 2.4 will not be
-investigated by the Shorewall team.
-
-Copyright © 2001-2009 Thomas M. Eastep
-
-Permission is granted to copy, distribute and/or modify this
-document
-under the terms of the GNU Free Documentation License, Version 1.2 or
-any
-later version published by the Free Software Foundation; with no
-Invariant
-Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
-the
-license is included in the section entitled "GNU Free Documentation License".
-
-
+
+
+
+
+ Shorewall Notices
+
+
+
+
+
+
+
+
2009-08-03
+
+End-of-life for Shorewall-shell in
+Shorewall 4.4
+
+The Shorewall 4.4 release in the fall of 2009 will not include
+Shorewall-shell. Because Shorewall 4.0 is included in Debian Lenny, the
+4.0 release of Shorewall-shell will continue to be supported until
+Debian Squeeze is released. The 4.2 release of Shorewall-shell will
+continue to be supported until Shorewall 4.6 is released in 2010.
+
+Shorewall-shell users are encouraged to
+migrate to Shorewall-perl at the earliest opportunity. Users who
+run Shorewall-shell on an embedded system that is too small to support
+Perl should consider switching to Shorewall-lite
+with Shorewall-perl installed on an administrative system (may be a
+Windows[tm] system running Cygwin[tm]).
+Attention
+Shorewall-perl 4.2 Users
+Shorewall-perl 4.2.8
+Shorewall-perl 4.2.8 was dead on arrival. The compiler did not rename
+the generated script file with the result that it was removed when the
+compiler terminated. This lead to:
+
+ - It was not possible to start Shorewall or Shorewall6 for the
+first time after installing 4.2.8
+ - Changes to the configuration were apparently ignored.
+
+This problem was corrected in Shorewall-perl-4.2.8.1.
+Shorewall-perl 4.2.6 and Earlier
+
+On February 28, Klemens Rutz reported a problem that affects all
+Shorewall-perl 4.2 versions prior to 4.2.6.1.
+
+The problem:
+
+ - Only occurs when there are multiple non-firewall zones.
+ - Results in the following interface options not being applied to
+forwarded traffic.
+
+blacklist
+dhcp
+maclist (when MACLIST_TABLE=filter)
+norfc1918
+nosmurfs
+tcpflags
+
+
+User are encouraged to either:
+
+ - Upgrade to Shorewall-perl-4.2.6.1 or later; or
+ - Apply the patch found at:
+
+
+
+To apply the patch, execute this
+command:
+
+
+
patch /usr/share/shorewall-perl/Shorewall/Rules.pm < forward.patch
+
The patch may apply with fuzz and/or an
+offset, depending on your particular version.
+
+A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and
+Shorewall-shell
+4.0.0-4.0.2 prevents proper handling of PREROUTING marks when
+HIGH_ROUTE_MARKS=No and the track option is
+specified.
+Patches are available to correct this problem:
+Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff
+Shorewall version 3.4.4-3.4.6: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff
+Shorewall-shell version 4.0.0-4.0.2: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff
+Note that a patch may succeed with an offset when applied to a
+release
+other than the one for which it was specifically prepared. For example,
+when
+the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release
+3.2.10) is applied to release 3.4.3, the following is the result:
+root@wookie:~# cd /usr/share/shorewall
+root@wookie/usr/share/shorewall#: patch < ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff
patching file compiler
Hunk #1 succeeded at 958 (offset -1669 lines).
root@wookie:/usr/share/shorewall#
+Update -- 7 November 2007
+A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and
+4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks
+when
+HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this
+problem:
+Shorewall version 3.2.3-3.2.11: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff
+Shorewall version 3.4.0-3.4.7: http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff
+Shorewall version 4.0.0-4.0.5: http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff
+and http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff.
+
+
+In Linux Kernel version 2.6.20, the Netfilter team changed Physdev
+Match
+so that it is no longer capable of supporting BRIDGING=Yes. The
+solutions
+available to users are to either:
+
+ - Switch to using the technique described at http://www.shorewall.net/3.0/NewBridge.html;
+or
+
+ - Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and
+follow the instructions at http://www1.shorewall.net/bridge-Shorewall-perl.html.
+
+
+The first approach allows you to switch back and forth between
+kernels
+older and newer than 2.6.20. The second approach is a better long-term
+solution.
+
+Attention Users of Kernel 2.4
+The Shorewall developers do not test Shorewall running on Kernel 2.4
+and we make no representation about the functionality of Shorewall on
+that Kernel. Any failure of Shorewall on Kernel 2.4 will not be
+investigated by the Shorewall team.
+
+Copyright © 2001-2009 Thomas M. Eastep
+
+Permission is granted to copy, distribute and/or modify this
+document
+under the terms of the GNU Free Documentation License, Version 1.2 or
+any
+later version published by the Free Software Foundation; with no
+Invariant
+Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
+the
+license is included in the section entitled "GNU Free Documentation License".
+
+