extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update versions to 2.5.3

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2566 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-26 22:42:35 +00:00
parent 86c837bf48
commit 2ac7b97dde
5 changed files with 78 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=2.5.2 VERSION=2.5.3
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
# #
VERSION=2.5.2 VERSION=2.5.3
usage() # $1 = exit status usage() # $1 = exit status
{ {

74
Shorewall/releasenotes.txt
View File

@ -72,6 +72,13 @@ New Features in Shorewall 2.5.3
Macros may be used in these sections provided that they expand to Macros may be used in these sections provided that they expand to
only these ACTIONs. only these ACTIONs.
At the end of the ESTABLISHED and RELATED sections, there is an
implicit "ALLOW all all all" rule.
RESTRICTION: If you specify FASTACCEPT=Yes in
/etc/shorewall.shorewall.conf then the ESTABLISHED and RELATED
sections must be empty.
6) The value 'ipp2p' is once again allowed in the PROTO column of 6) The value 'ipp2p' is once again allowed in the PROTO column of
the rules file. It is recommended that rules specifying 'ipp2p' the rules file. It is recommended that rules specifying 'ipp2p'
only be included in the ESTABLISHED section of the file. only be included in the ESTABLISHED section of the file.
@ -410,8 +417,8 @@ New Features in Shorewall 2.5.*
If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets are If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets are
accepted early in the INPUT, FORWARD and OUTPUT chains. If you set accepted early in the INPUT, FORWARD and OUTPUT chains. If you set
FASTACCEPT=Yes then you may not specify ESTABLISHED policies in FASTACCEPT=Yes then you may not include rules in the ESTABLISHED or
/etc/shorewall/policy (see above). RELATED sections of /etc/shorewall/rules.
9) Shorewall now generates an error if the 'norfc1918' option is 9) Shorewall now generates an error if the 'norfc1918' option is
specified for an interface with an RFC 1918 address. specified for an interface with an RFC 1918 address.
@ -450,4 +457,67 @@ New Features in Shorewall 2.5.*
scripts. The value of this variable is sometimes of interest to scripts. The value of this variable is sometimes of interest to
programmers providing custom /etc/shorewall/tcstart scripts. programmers providing custom /etc/shorewall/tcstart scripts.
14) Previously, if you defined any intra-zone rule(s) then any traffic
not matching the rule(s) was subject to normal policies (which
usually turned out to involve the all->all REJECT policy). Now, the
intra-zone ACCEPT policy will still be in effect in the presense of
intra-zone rules. That policy can still be overridden by an
explicit policy in your /etc/shorewall/policy file.
Example:
/etc/shorewall/rules:
DNAT loc:!192.168.1.4 loc:192.168.1.4:3128 tcp 80
Any other loc->loc traffic will still be accepted. If you want to
also log that other loc->loc traffic at the info log level then
insert this into /etc/shorewall/policy:
#SOURCE DEST POLICY LOG LEVEL
loc loc ACCEPT info
15) Prior to Shorewall 2.5.3, the rules file only controlled packets in
the Netfilter states NEW and INVALID. Beginning with this release,
the rules file can also deal with packets in the ESTABLISHED and
RELATED states.
The /etc/shorewall/rules file may now be divided into
"sections". Each section is introduced by a line that begins with
the keyword SECTION which is followed by the section name. Sections
are as listed below and must appear in the order shown.
ESTABLISHED
Rules in this section apply to packets in the ESTABLISHED
state.
RELATED
Rules in this section apply to packets in the RELATED state.
NEW
Rules in this section apply to packets in the NEW and INVALID
states.
Rules in the ESTABLISHED and RELATED sections are limited to the
following ACTIONs:
ACCEPT, DROP, REJECT, QUEUE, LOG and User-defined actions.
Macros may be used in these sections provided that they expand to
only these ACTIONs.
At the end of the ESTABLISHED and RELATED sections, there is an
implicit "ALLOW all all all" rule.
RESTRICTION: If you specify FASTACCEPT=Yes in
/etc/shorewall.shorewall.conf then the ESTABLISHED and RELATED
sections must be empty.
16) The value 'ipp2p' is once again allowed in the PROTO column of
the rules file. It is recommended that rules specifying 'ipp2p'
only be included in the ESTABLISHED section of the file.

4
Shorewall/shorewall.spec
View File

@ -1,5 +1,5 @@
%define name shorewall %define name shorewall
%define version 2.5.2 %define version 2.5.3
%define release 1 %define release 1
%define prefix /usr %define prefix /usr
@ -155,6 +155,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
%changelog %changelog
* Fri Aug 26 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.3-1
* Tue Aug 16 2005 Tom Eastep tom@shorewall.net * Tue Aug 16 2005 Tom Eastep tom@shorewall.net
- Updated to 2.5.2-1 - Updated to 2.5.2-1
* Sun Aug 07 2005 Tom Eastep tom@shorewall.net * Sun Aug 07 2005 Tom Eastep tom@shorewall.net

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=2.5.2 VERSION=2.5.3
usage() # $1 = exit status usage() # $1 = exit status
{ {