Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall

Samples6/one-interface/interfaces

@@ -13,4 +13,3 @@
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/one-interface/policy

@@ -18,4 +18,3 @@ net		$FW		DROP		info
 net		all		DROP		info
 # The FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Samples6/one-interface/zones

@@ -15,4 +15,3 @@
 #					OPTIONS			OPTIONS
 fw	firewall
 net	ipv6
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Samples6/three-interfaces/interfaces

@@ -15,4 +15,3 @@
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
 dmz     eth2            detect
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/three-interfaces/policy

@@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info
 
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Samples6/three-interfaces/routestopped

@@ -18,4 +18,3 @@
 #INTERFACE	HOST(S)
 eth1		-
 eth2		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/three-interfaces/rules

@@ -54,4 +54,3 @@ ACCEPT		$FW		dmz		ipv6-icmp
 #Ping/ACCEPT    net             dmz
 #Ping/ACCEPT    net             loc
 
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/three-interfaces/zones

@@ -18,4 +18,3 @@ fw	firewall
 net	ipv4
 loc	ipv4
 dmz	ipv4
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Samples6/two-interfaces/interfaces

@@ -14,4 +14,3 @@
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/two-interfaces/policy

@@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info
 
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Samples6/two-interfaces/routestopped

@@ -17,4 +17,3 @@
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/two-interfaces/rules

@@ -35,5 +35,3 @@ Ping/DROP	net		$FW
 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp
 #
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Samples6/two-interfaces/zones

@@ -17,4 +17,3 @@ fw	firewall
 net	ipv6
 loc	ipv6
 
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Config.pm

@@ -327,7 +327,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.0-Beta4",
+		    VERSION => "4.4.0-RC1",
 		    CAPVERSION => 40310 ,
 		  );
 

Shorewall/changelog.txt

@@ -1,7 +1,19 @@
+Changes in Shorewall 4.4.0-RC1
+
+1)  Delete duplicate Git macro.
+
 Changes in Shorewall 4.4.0-Beta4
 
 1)  Add more macros.
 
+2)  Correct broadcast address detection
+
+3) Fix 'show dynamic'
+
+4) Fix BGP and OSFP macros.
+
+5) Change DISABLE_IPV6 default and use 'correct' ip6tables.
+
 Changes in Shorewall 4.4.0-Beta3
 
 1)  Add new macros.

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -1 +1 @@
-There are no known problems in Shorewall version 4.4.0-Beta4
+There are no known problems in Shorewall version 4.4.0-RC1

Shorewall/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 4.4.0 Beta 4
+Shorewall 4.4.0 RC1
 
 ----------------------------------------------------------------------------
                R E L E A S E  4 . 4  H I G H L I G H T S
@@ -110,31 +110,10 @@ Shorewall 4.4.0 Beta 4
     released.
 
 ----------------------------------------------------------------------------
-          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  Beta 3
+          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  RC1
 ----------------------------------------------------------------------------
 
-1)  The BGP and OSFP macros released in Beta 3 contained rules to allow
-    administrative access to the related routing daemons. Those rules
-    have been deleted.
-
-2)  Previously, if Address Type Match was not available and an
-    interface on the firewall was (mis-)configured as shown below, then
-    REJECT policies in Shorewall-perl would drop packets addressed to
-    the interface rather than reject them.
-
-    3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 ...
-       inet 127.0.0.1/32 scope host venet0
-       inet 206.124.146.176/32 brd 206.124.146.176 ...
-
-    Note that a /32 should never be configured with a broadcast
-    address.
-
-3)  Due to a syntax ambiguity arising from the new dynamic zone
-    implementation, 'shorewall show dynamic' produced no output. It now
-    shows the contents of the dynamic blacklist as in earlier 
-    Shorewall releases.
-
-4)  The 'findgw' script produced an error if VERBOSITY > 0.
+1)  The duplicate macro GIT has been deleted.
 
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
@@ -143,26 +122,10 @@ Shorewall 4.4.0 Beta 4
 None.
 
 ----------------------------------------------------------------------------
-                N E W   F E A T U R E S   I N   4 . 4 . 0 Beta 4
+                N E W   F E A T U R E S   I N   4 . 4 . 0 RC1
 ----------------------------------------------------------------------------
 
-1)  Paul Gear has contributed the following macros:
-
-    	 macro.Webcache (originally named macro.DG)
- 	 macro.IPPbrd
- 	 macro.NTPbi
- 	 macro.RIPbi
-	 macro.mDNS
-
-2)  The default value of DISABLE_IPV6 has been changed from 'Yes' to
-    'No' in all sample shorewall.conf files. Shorewall6 should be
-    installed to restrict IPv6 traffic.
-
-    As part of this change, the ip6tables program in the directory
-    specified by the IPTABLES setting will be used to disable IPv6. If
-    the iptables utility is discovered using the PATH setting, then
-    ip6tables in the same directory as the discovered iptables will be
-    used.
+None.
 
 ----------------------------------------------------------------------------
                  N E W   F E A T U R E S   IN   4 . 4
@@ -793,3 +756,21 @@ None.
 26) A new extension script, 'lib.private' has been added. This file is
     intended to include declarations of shell functions that will be
     called by the other run-time extension scripts. 
+
+27) Paul Gear has contributed the following macros:
+
+    	 macro.Webcache (originally named macro.DG)
+ 	 macro.IPPbrd
+ 	 macro.NTPbi
+ 	 macro.RIPbi
+	 macro.mDNS
+
+28) The default value of DISABLE_IPV6 has been changed from 'Yes' to
+    'No' in all sample shorewall.conf files. Shorewall6 should be
+    installed to restrict IPv6 traffic.
+
+    As part of this change, the ip6tables program in the directory
+    specified by the IPTABLES setting will be used to disable IPv6. If
+    the iptables utility is discovered using the PATH setting, then
+    ip6tables in the same directory as the discovered iptables will be
+    used.

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 
 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6/blacklist

@@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ADDRESS/SUBNET		PROTOCOL	PORT
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/clear

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6/interfaces

@@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	ANYCAST		OPTIONS
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/isusable

@@ -19,5 +19,3 @@ local status=0
 [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status)
 
 return $status
-
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/maclist

@@ -7,4 +7,3 @@
 #
 ###############################################################################
 #DISPOSITION	INTERFACE		MAC			IP ADDRESSES (Optional)
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Shorewall6/notrack

@@ -6,4 +6,3 @@
 #####################################################################################
 #SOURCE		DESTINATION	PROTO	DEST		SOURCE	USER/
 #					PORT(S)		PORT(S)	GROUP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/policy

@@ -9,4 +9,3 @@
 ###############################################################################
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
-#LAST LINE -- DO NOT REMOVE

Shorewall6/providers

@@ -7,4 +7,3 @@
 #
 ############################################################################################
 #NAME	NUMBER	MARK	DUPLICATE	INTERFACE	GATEWAY		OPTIONS		COPY
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

Shorewall6/refresh

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/refreshed

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/restored

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/route_rules

@@ -6,4 +6,3 @@
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ##############################################################################
 #SOURCE			DEST			PROVIDER	PRIORITY
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/rules

@@ -12,4 +12,3 @@
 #SECTION ESTABLISHED
 #SECTION RELATED
 SECTION NEW
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net

Shorewall6/start

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/started

@@ -17,4 +17,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/stop

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/stopped

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/tcclasses

@@ -7,4 +7,3 @@
 #
 ###############################################################################
 #INTERFACE:CLASS	MARK	RATE	CEIL	PRIORITY	OPTIONS
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/tcclear

@@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall6/tcdevices

@@ -8,4 +8,3 @@
 ###############################################################################
 #NUMBER:	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS		REDIRECTED
 #INTERFACE							INTERFACES
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/tcrules

@@ -12,4 +12,3 @@
 ######################################################################################################################
 #MARK	SOURCE		DEST		PROTO	DEST	SOURCE	USER	TEST	LENGTH	TOS   CONNBYTES		HELPER
 #						PORT(S)	PORT(S)
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/tos

@@ -6,4 +6,3 @@
 ###############################################################################
 #SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS	MARK
 #						PORTS	PORTS
-#LAST LINE -- Add your entries above -- DO NOT REMOVE

Shorewall6/tunnels

@@ -9,4 +9,3 @@
 ###############################################################################
 #TYPE			ZONE	GATEWAY		GATEWAY
 #						ZONE
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 
 usage() # $1 = exit status
 {

Shorewall6/zones

@@ -10,4 +10,3 @@
 #ZONE	TYPE		OPTIONS		IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE