Port changes from branches/4.2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9541 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-25 09:03:30 +01:00 · 2009-02-26 16:34:31 +00:00 · 2009-02-26 16:34:31 +00:00 · 08ba35ca29
commit 08ba35ca29
parent a939b07f49
5 changed files with 40 additions and 4 deletions
--- a/Shorewall/Shorewall/Compiler.pm
+++ b/Shorewall/Shorewall/Compiler.pm
@ -111,6 +111,10 @@ sub generate_script_1() {
 	   'initialize()',
 	   '{',
 	   '    #',
+	   '    # Be sure that umask is sane',
+	   '    #',
+	   '    umask 077',
+	   '    #',
 	   '    # These variables are required by the library functions called in this script',
 	   '    #'
 	   );
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,3 +1,9 @@
+Changes in Shorewall 4.3.6
+
+1)  Add SAME tcrules target.
+
+2)  Make 'dump' display the raw table. Fix shorewall6 dump anomalies.
+
 Changes in Shorewall 4.3.5

 1)  Remove support for shorewall-shell.
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -710,6 +710,9 @@ dump_command() {
    heading "Mangle Table"
    $IPTABLES -t mangle -L $IPT_OPTIONS

+    heading "Raw Table"
+    $IPTABLES -t raw -L $IPT_OPTIONS
+
    heading "Conntrack Table"
    [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -1,4 +1,7 @@
-Shorewall 4.3.5
+Shorewall 4.3.6
+
+Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
+released late in 2009.

 ----------------------------------------------------------------------------
               R E L E A S E  4 . 4  H I G H L I G H T S
@ -11,15 +14,32 @@ Shorewall 4.3.5
 2) The interfaces file OPTIONs have been extended to largely remove the
   need for the hosts file.  

-Problems corrected in 4.3.5
+Problems corrected in 4.3.6

-None.
+1)  The shorewall6 dump command now correctly displays the installed
+    Shorewall version.
+  
+2)   Previously, the 'start' command set the permission flags on
+    /var/lib/shorewall*/state so that it could be read by
+    non-root users while the 'stop' command set the permissions such
+    that the file could not be read by those users.
+
+    Beginning with 4.3.6, both commands will secure the file for
+    root-only access. If you want the file to be world-readable, then
+    add 
+
+    	chmod 744 /var/lib/shorewall*/state
+
+    To your /etc/shorewall*/started, /etc/shorewall*/stopped and
+    /etc/shorewall*/restored files.

 Known Problems Remaiining:

 None.

-New Features in Shorewall 4.3.5
+New Features in Shorewall 4.3.6
+
+None.

 New Features in Shorewall 4.4

--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@ -640,6 +640,9 @@ dump_command() {
    heading "Mangle Table"
    $IP6TABLES -t mangle -L $IPT_OPTIONS

+    heading "Raw Table"
+    $IP6TABLES -t raw -L $IPT_OPTIONS
+
    heading "Conntrack Table"
    grep '^ipv6' /proc/net/nf_conntrack