extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-24 13:40:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initiate 4.4.20

Browse Source 
Update versions
    Update release documents
    Apply Togan Muftuoglu's change to increase installation flexibility
This commit is contained in:
Tom Eastep 2011-04-16 08:31:46 -07:00
parent 4f5970b5f2
commit 1a0388080f
17 changed files with 196 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall-init/install.sh
View File

@ -23,7 +23,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -124,7 +124,7 @@ done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=share}" ] [ -n "${LIBEXEC:=/usr/share}" ]
# #
# Determine where to install the firewall script # Determine where to install the firewall script
# #
@ -260,9 +260,9 @@ fi
# Install the ifupdown script # Install the ifupdown script
# #
mkdir -p ${DESTDIR}/usr/${LIBEXEC}/shorewall-init mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-init
install_file ifupdown.sh ${DESTDIR}/usr/${LIBEXEC}/shorewall-init/ifupdown 0544 install_file ifupdown.sh ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown 0544
if [ -d ${DESTDIR}/etc/NetworkManager ]; then if [ -d ${DESTDIR}/etc/NetworkManager ]; then
install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544 install_file ifupdown.sh ${DESTDIR}/etc/NetworkManager/dispatcher.d/01-shorewall 0544
@ -333,7 +333,7 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
if [ -n "$DEBIAN" ] -o -n "$SUSE" ]; then if [ -n "$DEBIAN" ] -o -n "$SUSE" ]; then
for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do
mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories mkdir -p ${DESTDIR}/etc/ppp/$directory #SuSE doesn't create the IPv6 directories
cp -fp ${DESTDIR}/usr/${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown ${DESTDIR}/etc/ppp/$directory/shorewall
done done
elif [ -n "$REDHAT" ]; then elif [ -n "$REDHAT" ]; then
# #
@ -343,13 +343,13 @@ if [ -f ${DESTDIR}/etc/ppp ]; then
FILE=${DESTDIR}/etc/ppp/$file FILE=${DESTDIR}/etc/ppp/$file
if [ -f $FILE ]; then if [ -f $FILE ]; then
if fgrep -q Shorewall-based $FILE ; then if fgrep -q Shorewall-based $FILE ; then
cp -fp ${DESTDIR}/usr/${LIBEXEC}/shorewall-init/ifupdown $FILE cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
else else
echo "$FILE already exists -- ppp devices will not be handled" echo "$FILE already exists -- ppp devices will not be handled"
break break
fi fi
else else
cp -fp ${DESTDIR}/usr/${LIBEXEC}/shorewall-init/ifupdown $FILE cp -fp ${DESTDIR}${LIBEXEC}/shorewall-init/ifupdown $FILE
fi fi
done done
fi fi

4
Shorewall-init/uninstall.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh \#!/bin/sh
# #
# Script to back uninstall Shoreline Firewall # Script to back uninstall Shoreline Firewall
# #
@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {

14
Shorewall-lite/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -123,7 +123,7 @@ done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=share}" ] [ -n "${LIBEXEC:=/usr/share}" ]
# #
# Determine where to install the firewall script # Determine where to install the firewall script
# #
@ -229,7 +229,7 @@ echo "Shorewall Lite script installed in ${DESTDIR}${DEST}/$INIT"
# #
mkdir -p ${DESTDIR}/etc/shorewall-lite mkdir -p ${DESTDIR}/etc/shorewall-lite
mkdir -p ${DESTDIR}/usr/share/shorewall-lite mkdir -p ${DESTDIR}/usr/share/shorewall-lite
mkdir -p ${DESTDIR}/usr/${LIBEXEC}/shorewall-lite mkdir -p ${DESTDIR}${LIBEXEC}/shorewall-lite
mkdir -p ${DESTDIR}/var/lib/shorewall-lite mkdir -p ${DESTDIR}/var/lib/shorewall-lite
chmod 755 ${DESTDIR}/etc/shorewall-lite chmod 755 ${DESTDIR}/etc/shorewall-lite
@ -282,20 +282,20 @@ echo "Common functions linked through ${DESTDIR}/usr/share/shorewall-lite/functi
# Install Shorecap # Install Shorecap
# #
install_file shorecap ${DESTDIR}/usr/${LIBEXEC}/shorewall-lite/shorecap 0755 install_file shorecap ${DESTDIR}${LIBEXEC}/shorewall-lite/shorecap 0755
echo echo
echo "Capability file builder installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall-lite/shorecap" echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/shorewall-lite/shorecap"
# #
# Install wait4ifup # Install wait4ifup
# #
if [ -f wait4ifup ]; then if [ -f wait4ifup ]; then
install_file wait4ifup ${DESTDIR}/usr/${LIBEXEC}/shorewall-lite/wait4ifup 0755 install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall-lite/wait4ifup 0755
echo echo
echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall-lite/wait4ifup" echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall-lite/wait4ifup"
fi fi
# #

6
Shorewall-lite/shorewall-lite.spec
View File

@ -1,6 +1,6 @@
%define name shorewall-lite %define name shorewall-lite
%define version 4.4.19 %define version 4.4.20
%define release 1 %define release 0Beta1
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -103,6 +103,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Fri Apr 15 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.20-0Beta1
* Wed Apr 13 2011 Tom Eastep tom@shorewall.net * Wed Apr 13 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.19-1 - Updated to 4.4.19-1
* Sat Apr 09 2011 Tom Eastep tom@shorewall.net * Sat Apr 09 2011 Tom Eastep tom@shorewall.net

2
Shorewall-lite/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -411,7 +411,7 @@ sub initialize( $ ) {
EXPORT => 0, EXPORT => 0,
STATEMATCH => '-m state --state', STATEMATCH => '-m state --state',
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.4.19.1", VERSION => "4.4.20-Beta1",
CAPVERSION => 40417 , CAPVERSION => 40417 ,
); );
# #

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in Shorewall 4.4.20 Beta 1
1) Apply Togan's patch for installation flexibility.
Changes in Shorewall 4.4.19.1 Changes in Shorewall 4.4.19.1
1) Eliminate silly duplicate rule when stopped. 1) Eliminate silly duplicate rule when stopped.

18
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -107,8 +107,8 @@ fi
SPARSE= SPARSE=
MANDIR=${MANDIR:-"/usr/share/man"} MANDIR=${MANDIR:-"/usr/share/man"}
[ -n "${LIBEXEC:=share}" ] [ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=share/shorewall}" ] [ -n "${PERLLIB:=/usr/share/shorewall}" ]
INSTALLD='-D' INSTALLD='-D'
@ -265,8 +265,8 @@ fi
# Create /etc/shorewall, /usr/share/shorewall and /var/shorewall if needed # Create /etc/shorewall, /usr/share/shorewall and /var/shorewall if needed
# #
mkdir -p ${DESTDIR}/etc/shorewall mkdir -p ${DESTDIR}/etc/shorewall
mkdir -p ${DESTDIR}/usr/${LIBEXEC}/shorewall mkdir -p ${DESTDIR}${LIBEXEC}/shorewall
mkdir -p ${DESTDIR}/usr/${PERLLIB}/Shorewall mkdir -p ${DESTDIR}${PERLLIB}/Shorewall
mkdir -p ${DESTDIR}/usr/share/shorewall/configfiles mkdir -p ${DESTDIR}/usr/share/shorewall/configfiles
mkdir -p ${DESTDIR}/var/lib/shorewall mkdir -p ${DESTDIR}/var/lib/shorewall
@ -331,10 +331,10 @@ delete_file ${DESTDIR}/usr/share/shorewall/prog.footer
# Install wait4ifup # Install wait4ifup
# #
install_file wait4ifup ${DESTDIR}/usr/${LIBEXEC}/shorewall/wait4ifup 0755 install_file wait4ifup ${DESTDIR}/${LIBEXEC}/shorewall/wait4ifup 0755
echo echo
echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall/wait4ifup" echo "wait4ifup installed in ${DESTDIR}/${LIBEXEC}/shorewall/wait4ifup"
# #
# Install the policy file # Install the policy file
@ -824,10 +824,10 @@ chmod 755 ${DESTDIR}/usr/share/shorewall/Shorewall
# #
cd Perl cd Perl
install_file compiler.pl ${DESTDIR}/usr/${LIBEXEC}/shorewall/compiler.pl 0755 install_file compiler.pl ${DESTDIR}/${LIBEXEC}/shorewall/compiler.pl 0755
echo echo
echo "Compiler installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall/compiler.pl" echo "Compiler installed in ${DESTDIR}/${LIBEXEC}/shorewall/compiler.pl"
# #
# Install the params file helper # Install the params file helper
# #

244
Shorewall/releasenotes.txt
View File

@ -1,5 +1,5 @@
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
S H O R E W A L L 4 . 4 . 1 9 . 1 S H O R E W A L L 4 . 4 . 20 Beta 1
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE I. PROBLEMS CORRECTED IN THIS RELEASE
@ -13,8 +13,6 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
4.4.19.1
1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when 1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when
the firewall is stopped. the firewall is stopped.
@ -37,48 +35,6 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
to 'shorewall start' and USE_DEFAULT_RT was set, only the to 'shorewall start' and USE_DEFAULT_RT was set, only the
first one with metric 0 was deleted. first one with metric 0 was deleted.
4.4.19
1) Corrected a problem in optimize level 4 that resulted in the
following compile-time failure.
Can't use an undefined value as an ARRAY reference at
/usr/share/shorewall/Shorewall/Chains.pm line 862.
2) If a DNAT or REDIRECT rule applied to a source zone with an
interface defined with 'physical=+', then the nat table 'dnat'
chain might have been created but not referenced. This prevented
the DNAT or REDIRECT rule from working correctly.
3) Previously, if a variable set in /etc/shorewall/params was given a
value containing shell metacharacters, then the compiled script
would contain syntax errors.
4) The pathname of the 'conntrack' binary was erroneously printed in
the output of 'shorewall6 show connections'.
5) Correct a problem whereby incorrect Netfilter rules were generated
when a bridge with ports was given a logical name.
6) If a bridge interface had subordinate ports defined in
/etc/shorewall/interface, then an ipsec entry (either ipsec zone or
the 'ipsec' option specified) in /etc/shorewall/hosts resulted in
the compiler generating an incorrect Netfilter configuration.
7) Previously /var/log/shorewall*-init.log was created in the wrong
Selinux context. The rpm's have been modified to correct that
issue.
8) An issue with params processing on RHEL6 has been corrected. The
problem manifested as the following type of warning:
WARNING: Param line (export OLDPWD) ignored at
/usr/share/shorewall/Shorewall/Config.pm line 2993.
9) A fatal error is now raised if '!0' appears in the PROTO column of
files that have that column. This avoids an iptables-restore
failure at run time.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G I I. K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -90,78 +46,20 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
I I I. N E W F E A T U R E S I N T H I S R E L E A S E I I I. N E W F E A T U R E S I N T H I S R E L E A S E
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
1) When TC_ENABLED=Simple, ACK packets are now placed in the highest 1) The implementation of the environmental variables LIBEXEC and
priority class. An ACK packet is a TCP packet with the ACK flag set PERLLIB that was introduced in 4.4.19 has been changed
and no data payload. slightly. The top level directory for installing executables and
Perl modules is no longer assumed to be /usr. So if you set these
variables as follows in your 4.4.19 packaging script:
Rationale: Entries in /etc/shorewall[6]/tcpri affect both incoming LIBEXEC=libexec
and outgoing connections. If a particular application, SMTP for PERLLIB=lib/perl5
example, is placed in priority class 3, then outgoing ACK packets
for incoming email were previously placed in priority class 3 as
well. This could have the effect of slowing down incoming mail when
the goal was to give outgoing mail a lower priority. By
unconditionally placing ACK packets in priority class 1, this issue
is avoided.
2) Up to this point, the Perl-based rules compiler has not accepted then you will need to change them to
ICMP type lists. This is in contrast to the shell-based compiler
which did support such lists.
Support for ICMP (and ICMPv6) type lists has now been restored. LIBEXEC=/usr/libexec
PERLLIB=/usr/lib/perl5
3) Distributions have different philosophies about the proper file
hierarchy. Two issures are particularly contentious:
- Executable files in /usr/share/shorewall*. These include;
getparams
compiler.pl
wait4ifup
shorecap
ifupdown
- Perl Modules in /usr/share/shorewall/Shorewall.
To allow distributions to designate alternate locations for these
files, the installers (install.sh) now support the following
environmental variables:
LIBEXEC -- determines where in /usr getparams, compiler.pl,
wait4ifup, shorecap and ifupdown are installed. Shorewall and
Shorewall6 must be installed with the same value of LIBEXEC. The
listed executables are installed in /usr/${LIBEXEC}/shorewall*. The
default value of LIBEXEC is 'share'. LIBEXEC is recognized by all
installers and uninstallers.
PERLLIB -- determines where in /usr the Shorewall perl modules are
installed. Shorewall and Shorewall6 must be installed with the same
value of PERLLIB. The modules are installed in
/usr/${PERLLIB}/Shorewall. The default value of PERLLIB is
'share/shorewall'. PERLLIB is only recognized by the Shorewall and
Shorewall6 installers and the same value must be passed to both
installers.
4) Bridge/ports handling has been significantly improved, resulting in
packets to/from bridges traversing fewer rules.
5) A list of protocols is now permitted in the PROTO column of the
rules file.
6) The contents of the Netfilter mangle table are now included in the
output from 'shorewall show tc'.
7) Simple traffic shaping can now have a common configuration between
IPv4 and IPv6. To do that:
- Set TC_ENABLED=Simple in both /etc/shorewall/shorewall.conf and
/etc/shorewall6/shorewall6.conf
- Configure /etc/shorewall/tcinterfaces.
- Leave /etc/shorewall6/tcinterfaces empty.
- Configure /etc/shorewall/tcpri (if desired)
- Configure /etc/shorewall6/tcpri (if desired)
It should be noted that when IPv6 packets are encapsulated for
transmission by 6to4/6in4, they retain their marks.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -391,6 +289,126 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
I N P R I O R R E L E A S E S I N P R I O R R E L E A S E S
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 1 9
----------------------------------------------------------------------------
1) Corrected a problem in optimize level 4 that resulted in the
following compile-time failure.
Can't use an undefined value as an ARRAY reference at
/usr/share/shorewall/Shorewall/Chains.pm line 862.
2) If a DNAT or REDIRECT rule applied to a source zone with an
interface defined with 'physical=+', then the nat table 'dnat'
chain might have been created but not referenced. This prevented
the DNAT or REDIRECT rule from working correctly.
3) Previously, if a variable set in /etc/shorewall/params was given a
value containing shell metacharacters, then the compiled script
would contain syntax errors.
4) The pathname of the 'conntrack' binary was erroneously printed in
the output of 'shorewall6 show connections'.
5) Correct a problem whereby incorrect Netfilter rules were generated
when a bridge with ports was given a logical name.
6) If a bridge interface had subordinate ports defined in
/etc/shorewall/interface, then an ipsec entry (either ipsec zone or
the 'ipsec' option specified) in /etc/shorewall/hosts resulted in
the compiler generating an incorrect Netfilter configuration.
7) Previously /var/log/shorewall*-init.log was created in the wrong
Selinux context. The rpm's have been modified to correct that
issue.
8) An issue with params processing on RHEL6 has been corrected. The
problem manifested as the following type of warning:
WARNING: Param line (export OLDPWD) ignored at
/usr/share/shorewall/Shorewall/Config.pm line 2993.
9) A fatal error is now raised if '!0' appears in the PROTO column of
files that have that column. This avoids an iptables-restore
failure at run time.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 1 9
----------------------------------------------------------------------------
1) When TC_ENABLED=Simple, ACK packets are now placed in the highest
priority class. An ACK packet is a TCP packet with the ACK flag set
and no data payload.
Rationale: Entries in /etc/shorewall[6]/tcpri affect both incoming
and outgoing connections. If a particular application, SMTP for
example, is placed in priority class 3, then outgoing ACK packets
for incoming email were previously placed in priority class 3 as
well. This could have the effect of slowing down incoming mail when
the goal was to give outgoing mail a lower priority. By
unconditionally placing ACK packets in priority class 1, this issue
is avoided.
2) Up to this point, the Perl-based rules compiler has not accepted
ICMP type lists. This is in contrast to the shell-based compiler
which did support such lists.
Support for ICMP (and ICMPv6) type lists has now been restored.
3) Distributions have different philosophies about the proper file
hierarchy. Two issures are particularly contentious:
- Executable files in /usr/share/shorewall*. These include;
getparams
compiler.pl
wait4ifup
shorecap
ifupdown
- Perl Modules in /usr/share/shorewall/Shorewall.
To allow distributions to designate alternate locations for these
files, the installers (install.sh) now support the following
environmental variables:
LIBEXEC -- determines where in /usr getparams, compiler.pl,
wait4ifup, shorecap and ifupdown are installed. Shorewall and
Shorewall6 must be installed with the same value of LIBEXEC. The
listed executables are installed in /usr/${LIBEXEC}/shorewall*. The
default value of LIBEXEC is 'share'. LIBEXEC is recognized by all
installers and uninstallers.
PERLLIB -- determines where in /usr the Shorewall perl modules are
installed. Shorewall and Shorewall6 must be installed with the same
value of PERLLIB. The modules are installed in
/usr/${PERLLIB}/Shorewall. The default value of PERLLIB is
'share/shorewall'. PERLLIB is only recognized by the Shorewall and
Shorewall6 installers and the same value must be passed to both
installers.
4) Bridge/ports handling has been significantly improved, resulting in
packets to/from bridges traversing fewer rules.
5) A list of protocols is now permitted in the PROTO column of the
rules file.
6) The contents of the Netfilter mangle table are now included in the
output from 'shorewall show tc'.
7) Simple traffic shaping can now have a common configuration between
IPv4 and IPv6. To do that:
- Set TC_ENABLED=Simple in both /etc/shorewall/shorewall.conf and
/etc/shorewall6/shorewall6.conf
- Configure /etc/shorewall/tcinterfaces.
- Leave /etc/shorewall6/tcinterfaces empty.
- Configure /etc/shorewall/tcpri (if desired)
- Configure /etc/shorewall6/tcpri (if desired)
It should be noted that when IPv6 packets are encapsulated for
transmission by 6to4/6in4, they retain their marks.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 1 8 P R O B L E M S C O R R E C T E D I N 4 . 4 . 1 8
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

6
Shorewall/shorewall.spec
View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 4.4.19 %define version 4.4.20
%define release 1 %define release 0Beta1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -109,6 +109,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog %changelog
* Fri Apr 15 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.20-0Beta1
* Wed Apr 13 2011 Tom Eastep tom@shorewall.net * Wed Apr 13 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.19-1 - Updated to 4.4.19-1
* Sat Apr 09 2011 Tom Eastep tom@shorewall.net * Sat Apr 09 2011 Tom Eastep tom@shorewall.net

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {

16
Shorewall6-lite/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -123,7 +123,7 @@ done
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
[ -n "${LIBEXEC:=share}" ] [ -n "${LIBEXEC:=/usr/share}" ]
# #
# Determine where to install the firewall script # Determine where to install the firewall script
# #
@ -188,7 +188,7 @@ else
rm -rf ${DESTDIR}/etc/shorewall6-lite rm -rf ${DESTDIR}/etc/shorewall6-lite
rm -rf ${DESTDIR}/usr/share/shorewall6-lite rm -rf ${DESTDIR}/usr/share/shorewall6-lite
rm -rf ${DESTDIR}/var/lib/shorewall6-lite rm -rf ${DESTDIR}/var/lib/shorewall6-lite
[ "$LIBEXEC" = share ] || rm -rf /usr/share/shorewall6-lite/wait4ifup /usr/share/shorewall6-lite/shorecap [ "$LIBEXEC" = /usr/share ] || rm -rf /usr/share/shorewall6-lite/wait4ifup /usr/share/shorewall6-lite/shorecap
fi fi
# #
@ -227,7 +227,7 @@ echo "Shorewall6 Lite script installed in ${DESTDIR}${DEST}/$INIT"
# #
mkdir -p ${DESTDIR}/etc/shorewall6-lite mkdir -p ${DESTDIR}/etc/shorewall6-lite
mkdir -p ${DESTDIR}/usr/share/shorewall6-lite mkdir -p ${DESTDIR}/usr/share/shorewall6-lite
mkdir -p ${DESTDIR}/usr/${LIBEXEC}/shorewall6-lite mkdir -p ${DESTDIR}${LIBEXEC}/shorewall6-lite
mkdir -p ${DESTDIR}/var/lib/shorewall6-lite mkdir -p ${DESTDIR}/var/lib/shorewall6-lite
chmod 755 ${DESTDIR}/etc/shorewall6-lite chmod 755 ${DESTDIR}/etc/shorewall6-lite
@ -280,20 +280,20 @@ echo "Common functions linked through ${DESTDIR}/usr/share/shorewall6-lite/funct
# Install Shorecap # Install Shorecap
# #
install_file shorecap ${DESTDIR}/usr/${LIBEXEC}/shorewall6-lite/shorecap 0755 install_file shorecap ${DESTDIR}${LIBEXEC}/shorewall6-lite/shorecap 0755
echo echo
echo "Capability file builder installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall6-lite/shorecap" echo "Capability file builder installed in ${DESTDIR}${LIBEXEC}/shorewall6-lite/shorecap"
# #
# Install wait4ifup # Install wait4ifup
# #
if [ -f wait4ifup ]; then if [ -f wait4ifup ]; then
install_file wait4ifup ${DESTDIR}/usr/${LIBEXEC}/shorewall6-lite/wait4ifup 0755 install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall6-lite/wait4ifup 0755
echo echo
echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall6-lite/wait4ifup" echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall6-lite/wait4ifup"
fi fi
# #

6
Shorewall6-lite/shorewall6-lite.spec
View File

@ -1,6 +1,6 @@
%define name shorewall6-lite %define name shorewall6-lite
%define version 4.4.19 %define version 4.4.20
%define release 1 %define release 0Beta1
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -94,6 +94,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Fri Apr 15 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.20-0Beta1
* Wed Apr 13 2011 Tom Eastep tom@shorewall.net * Wed Apr 13 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.19-1 - Updated to 4.4.19-1
* Sat Apr 09 2011 Tom Eastep tom@shorewall.net * Sat Apr 09 2011 Tom Eastep tom@shorewall.net

2
Shorewall6-lite/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {

14
Shorewall6/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -110,8 +110,8 @@ MAC=
MANDIR=${MANDIR:-"/usr/share/man"} MANDIR=${MANDIR:-"/usr/share/man"}
SPARSE= SPARSE=
INSTALLD='-D' INSTALLD='-D'
[ -n "${LIBEXEC:=share}" ] [ -n "${LIBEXEC:=/usr/share}" ]
[ -n "${PERLLIB:=share/shorewall}" ] [ -n "${PERLLIB:=/usr/share/shorewall}" ]
case $(uname) in case $(uname) in
CYGWIN*) CYGWIN*)
@ -258,8 +258,8 @@ fi
# Create /etc/shorewall, /usr/share/shorewall and /var/lib/shorewall6 if needed # Create /etc/shorewall, /usr/share/shorewall and /var/lib/shorewall6 if needed
# #
mkdir -p ${DESTDIR}/etc/shorewall6 mkdir -p ${DESTDIR}/etc/shorewall6
mkdir -p ${DESTDIR}/usr/${LIBEXEC}/shorewall6 mkdir -p ${DESTDIR}${LIBEXEC}/shorewall6
mkdir -p ${DESTDIR}/usr/${PERLLIB}/ mkdir -p ${DESTDIR}${PERLLIB}/
mkdir -p ${DESTDIR}/usr/share/shorewall6/configfiles mkdir -p ${DESTDIR}/usr/share/shorewall6/configfiles
mkdir -p ${DESTDIR}/var/lib/shorewall6 mkdir -p ${DESTDIR}/var/lib/shorewall6
@ -325,10 +325,10 @@ delete_file ${DESTDIR}/usr/share/shorewall6/prog.footer6
# Install wait4ifup # Install wait4ifup
# #
install_file wait4ifup ${DESTDIR}/usr/${LIBEXEC}/shorewall6/wait4ifup 0755 install_file wait4ifup ${DESTDIR}${LIBEXEC}/shorewall6/wait4ifup 0755
echo echo
echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall6/wait4ifup" echo "wait4ifup installed in ${DESTDIR}${LIBEXEC}/shorewall6/wait4ifup"
# #
# Install the policy file # Install the policy file

6
Shorewall6/shorewall6.spec
View File

@ -1,6 +1,6 @@
%define name shorewall6 %define name shorewall6
%define version 4.4.19 %define version 4.4.20
%define release 1 %define release 0Beta1
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -98,6 +98,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog %changelog
* Fri Apr 15 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.20-0Beta1
* Wed Apr 13 2011 Tom Eastep tom@shorewall.net * Wed Apr 13 2011 Tom Eastep tom@shorewall.net
- Updated to 4.4.19-1 - Updated to 4.4.19-1
* Sat Apr 09 2011 Tom Eastep tom@shorewall.net * Sat Apr 09 2011 Tom Eastep tom@shorewall.net

2
Shorewall6/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.19.1 VERSION=4.4.20-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {