Port changes from branches/4.2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9541 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-02-26 16:34:31 +00:00
parent a939b07f49
commit 08ba35ca29
5 changed files with 40 additions and 4 deletions

View File

@ -111,6 +111,10 @@ sub generate_script_1() {
'initialize()', 'initialize()',
'{', '{',
' #', ' #',
' # Be sure that umask is sane',
' #',
' umask 077',
' #',
' # These variables are required by the library functions called in this script', ' # These variables are required by the library functions called in this script',
' #' ' #'
); );

View File

@ -1,3 +1,9 @@
Changes in Shorewall 4.3.6
1) Add SAME tcrules target.
2) Make 'dump' display the raw table. Fix shorewall6 dump anomalies.
Changes in Shorewall 4.3.5 Changes in Shorewall 4.3.5
1) Remove support for shorewall-shell. 1) Remove support for shorewall-shell.

View File

@ -710,6 +710,9 @@ dump_command() {
heading "Mangle Table" heading "Mangle Table"
$IPTABLES -t mangle -L $IPT_OPTIONS $IPTABLES -t mangle -L $IPT_OPTIONS
heading "Raw Table"
$IPTABLES -t raw -L $IPT_OPTIONS
heading "Conntrack Table" heading "Conntrack Table"
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack

View File

@ -1,4 +1,7 @@
Shorewall 4.3.5 Shorewall 4.3.6
Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
released late in 2009.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
R E L E A S E 4 . 4 H I G H L I G H T S R E L E A S E 4 . 4 H I G H L I G H T S
@ -11,15 +14,32 @@ Shorewall 4.3.5
2) The interfaces file OPTIONs have been extended to largely remove the 2) The interfaces file OPTIONs have been extended to largely remove the
need for the hosts file. need for the hosts file.
Problems corrected in 4.3.5 Problems corrected in 4.3.6
None. 1) The shorewall6 dump command now correctly displays the installed
Shorewall version.
2) Previously, the 'start' command set the permission flags on
/var/lib/shorewall*/state so that it could be read by
non-root users while the 'stop' command set the permissions such
that the file could not be read by those users.
Beginning with 4.3.6, both commands will secure the file for
root-only access. If you want the file to be world-readable, then
add
chmod 744 /var/lib/shorewall*/state
To your /etc/shorewall*/started, /etc/shorewall*/stopped and
/etc/shorewall*/restored files.
Known Problems Remaiining: Known Problems Remaiining:
None. None.
New Features in Shorewall 4.3.5 New Features in Shorewall 4.3.6
None.
New Features in Shorewall 4.4 New Features in Shorewall 4.4

View File

@ -640,6 +640,9 @@ dump_command() {
heading "Mangle Table" heading "Mangle Table"
$IP6TABLES -t mangle -L $IPT_OPTIONS $IP6TABLES -t mangle -L $IPT_OPTIONS
heading "Raw Table"
$IP6TABLES -t raw -L $IPT_OPTIONS
heading "Conntrack Table" heading "Conntrack Table"
grep '^ipv6' /proc/net/nf_conntrack grep '^ipv6' /proc/net/nf_conntrack