From 210ca5faeefe9c8736670ed18d3ddc7308bd931a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 29 Aug 2009 09:32:38 -0700 Subject: [PATCH] Fix rule generated by MULTICAST=Yes --- Shorewall-lite/fallback.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +++- Shorewall-lite/uninstall.sh | 2 +- Shorewall/Perl/Shorewall/Config.pm | 2 +- Shorewall/Perl/Shorewall/Policy.pm | 2 +- Shorewall/changelog.txt | 3 +++ Shorewall/install.sh | 2 +- Shorewall/known_problems.txt | 5 +++++ Shorewall/releasenotes.txt | 7 +++++++ Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- Shorewall6-lite/fallback.sh | 2 +- Shorewall6-lite/install.sh | 2 +- Shorewall6-lite/shorewall6-lite.spec | 4 +++- Shorewall6-lite/uninstall.sh | 2 +- Shorewall6/fallback.sh | 2 +- Shorewall6/install.sh | 2 +- Shorewall6/shorewall6.spec | 4 +++- Shorewall6/uninstall.sh | 2 +- 20 files changed, 40 insertions(+), 17 deletions(-) diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index c411c7972..5ac9c2db0 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index e9d7268e6..978b93bab 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index f2bcb8037..46b3708e0 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.4.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Name: %{name} @@ -98,6 +98,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Aug 29 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.0-3 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-2 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 042697039..627c1dd6d 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index f3dd70f26..d1e72e659 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -327,7 +327,7 @@ sub initialize( $ ) { TC_SCRIPT => '', EXPORT => 0, UNTRACKED => 0, - VERSION => "4.4.0.2", + VERSION => "4.4.0.3", CAPVERSION => 40310 , ); diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm index 43bec630c..4b2ffaefc 100644 --- a/Shorewall/Perl/Shorewall/Policy.pm +++ b/Shorewall/Perl/Shorewall/Policy.pm @@ -356,7 +356,7 @@ sub policy_rules( $$$$$ ) { my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_; unless ( $target eq 'NONE' ) { - add_rule $chainref, "-d 224.0.0.0/24 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT'; + add_rule $chainref, "-d 224.0.0.0/4 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT'; add_rule $chainref, "-j $default" if $default && $default ne 'none'; log_rule $loglevel , $chainref , $target , '' if $loglevel ne ''; fatal_error "Null target in policy_rules()" unless $target; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 7cc2cc741..6e0751b83 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,6 @@ +Changes in Shorewall 4.4.0.3 + +1) Fix rule generated by MULTICAST=Yes Changes in Shorewall 4.4.0.2 diff --git a/Shorewall/install.sh b/Shorewall/install.sh index e6e01fae7..9a9143111 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index a31fc870d..b85e06b06 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -29,3 +29,8 @@ "-" in the ZONES column) in /etc/shorewall/interfaces. This problem was corrected in Shorewall 4.4.0.2. + +6) MULTICAST=Yes generates an incorrect rule that limits its + effectiveness to a small part of the multicast address space. + + diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index b65afd68d..ce1568a17 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -153,6 +153,13 @@ Shorewall 4.4.0 patch release 1. 10) The name 'any' is now reserved and may not be used as a zone name. +---------------------------------------------------------------------------- + P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 . 3 +---------------------------------------------------------------------------- + +1) MULTICAST=Yes generates an incorrect rule that limits its + effectiveness to a small part of the multicast address space. + ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 . 2 ---------------------------------------------------------------------------- diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 3737ac0a7..f8cbc3034 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 4.4.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -104,6 +104,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Sat Aug 29 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.0-3 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-2 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 43048b821..f57ea4272 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/fallback.sh b/Shorewall6-lite/fallback.sh index c411c7972..5ac9c2db0 100755 --- a/Shorewall6-lite/fallback.sh +++ b/Shorewall6-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index 211119551..7a6689f3d 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index f8cca551a..6ff4c12c1 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -1,6 +1,6 @@ %define name shorewall6-lite %define version 4.4.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -89,6 +89,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Aug 29 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.0-3 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-2 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh index 06a54e6ab..a9f7ed406 100755 --- a/Shorewall6-lite/uninstall.sh +++ b/Shorewall6-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6/fallback.sh b/Shorewall6/fallback.sh index 186da4cdd..1c42a6535 100755 --- a/Shorewall6/fallback.sh +++ b/Shorewall6/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 8e18f0030..73894d98d 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status { diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec index 9c17d6ca4..93a477cee 100644 --- a/Shorewall6/shorewall6.spec +++ b/Shorewall6/shorewall6.spec @@ -1,6 +1,6 @@ %define name shorewall6 %define version 4.4.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -93,6 +93,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %changelog +* Sat Aug 29 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.0-3 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.0-2 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh index a32af5b65..38a150a1c 100755 --- a/Shorewall6/uninstall.sh +++ b/Shorewall6/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.0.2 +VERSION=4.4.0.3 usage() # $1 = exit status {