Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall

2025-06-20 17:58:07 +02:00 · 2009-07-13 06:51:54 -07:00 · 2009-07-13 06:51:54 -07:00 · 3c326841ce
commit 3c326841ce
parent 94d3651666 7456b4ab40
56 changed files with 60 additions and 98 deletions
--- a/Samples6/one-interface/interfaces
+++ b/Samples6/one-interface/interfaces
@ -13,4 +13,3 @@
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/one-interface/policy
+++ b/Samples6/one-interface/policy
@ -18,4 +18,3 @@ net		$FW		DROP		info
 net		all		DROP		info
 # The FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/one-interface/zones
+++ b/Samples6/one-interface/zones
@ -15,4 +15,3 @@
 #					OPTIONS			OPTIONS
 fw	firewall
 net	ipv6
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/three-interfaces/interfaces
+++ b/Samples6/three-interfaces/interfaces
@ -15,4 +15,3 @@
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
 dmz     eth2            detect
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/policy
+++ b/Samples6/three-interfaces/policy
@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/routestopped
+++ b/Samples6/three-interfaces/routestopped
@ -18,4 +18,3 @@
 #INTERFACE	HOST(S)
 eth1		-
 eth2		-
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@ -54,4 +54,3 @@ ACCEPT		$FW		dmz		ipv6-icmp
 #Ping/ACCEPT    net             dmz
 #Ping/ACCEPT    net             loc
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/zones
+++ b/Samples6/three-interfaces/zones
@ -18,4 +18,3 @@ fw	firewall
 net	ipv4
 loc	ipv4
 dmz	ipv4
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/two-interfaces/interfaces
+++ b/Samples6/two-interfaces/interfaces
@ -14,4 +14,3 @@
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/policy
+++ b/Samples6/two-interfaces/policy
@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/routestopped
+++ b/Samples6/two-interfaces/routestopped
@ -17,4 +17,3 @@
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@ -35,5 +35,3 @@ Ping/DROP	net		$FW
 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp
 #
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/zones
+++ b/Samples6/two-interfaces/zones
@ -17,4 +17,3 @@ fw	firewall
 net	ipv6
 loc	ipv6
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -327,7 +327,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.0-Beta4",
+		    VERSION => "4.4.0-RC1",
 		    CAPVERSION => 40310 ,
 		  );
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,7 +1,19 @@
 Changes in Shorewall 4.4.0-RC1
 1)  Delete duplicate Git macro.
 Changes in Shorewall 4.4.0-Beta4
 1)  Add more macros.
 2)  Correct broadcast address detection
 3) Fix 'show dynamic'
 4) Fix BGP and OSFP macros.
 5) Change DISABLE_IPV6 default and use 'correct' ip6tables.
 Changes in Shorewall 4.4.0-Beta3
 1)  Add new macros.
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -1 +1 @@
-There are no known problems in Shorewall version 4.4.0-Beta4
+There are no known problems in Shorewall version 4.4.0-RC1
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -1,4 +1,4 @@
-Shorewall 4.4.0 Beta 4
+Shorewall 4.4.0 RC1
 ----------------------------------------------------------------------------
               R E L E A S E  4 . 4  H I G H L I G H T S
@ -110,31 +110,10 @@ Shorewall 4.4.0 Beta 4
    released.
 ----------------------------------------------------------------------------
-          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  Beta 3
+          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  RC1
 ----------------------------------------------------------------------------
-1)  The BGP and OSFP macros released in Beta 3 contained rules to allow
+1)  The duplicate macro GIT has been deleted.
    administrative access to the related routing daemons. Those rules
    have been deleted.
 2)  Previously, if Address Type Match was not available and an
    interface on the firewall was (mis-)configured as shown below, then
    REJECT policies in Shorewall-perl would drop packets addressed to
    the interface rather than reject them.
    3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 ...
       inet 127.0.0.1/32 scope host venet0
       inet 206.124.146.176/32 brd 206.124.146.176 ...
    Note that a /32 should never be configured with a broadcast
    address.
 3)  Due to a syntax ambiguity arising from the new dynamic zone
    implementation, 'shorewall show dynamic' produced no output. It now
    shows the contents of the dynamic blacklist as in earlier 
    Shorewall releases.
 4)  The 'findgw' script produced an error if VERBOSITY > 0.
 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
@ -143,26 +122,10 @@ Shorewall 4.4.0 Beta 4
 None.
 ----------------------------------------------------------------------------
-                N E W   F E A T U R E S   I N   4 . 4 . 0 Beta 4
+                N E W   F E A T U R E S   I N   4 . 4 . 0 RC1
 ----------------------------------------------------------------------------
-1)  Paul Gear has contributed the following macros:
+None.
    	 macro.Webcache (originally named macro.DG)
 	 macro.IPPbrd
 	 macro.NTPbi
 	 macro.RIPbi
 	 macro.mDNS
 2)  The default value of DISABLE_IPV6 has been changed from 'Yes' to
    'No' in all sample shorewall.conf files. Shorewall6 should be
    installed to restrict IPv6 traffic.
    As part of this change, the ip6tables program in the directory
    specified by the IPTABLES setting will be used to disable IPv6. If
    the iptables utility is discovered using the PATH setting, then
    ip6tables in the same directory as the discovered iptables will be
    used.
 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   IN   4 . 4
@ -793,3 +756,21 @@ None.
 26) A new extension script, 'lib.private' has been added. This file is
    intended to include declarations of shell functions that will be
    called by the other run-time extension scripts. 
 27) Paul Gear has contributed the following macros:
    	 macro.Webcache (originally named macro.DG)
 	 macro.IPPbrd
 	 macro.NTPbi
 	 macro.RIPbi
 	 macro.mDNS
 28) The default value of DISABLE_IPV6 has been changed from 'Yes' to
    'No' in all sample shorewall.conf files. Shorewall6 should be
    installed to restrict IPv6 traffic.
    As part of this change, the ip6tables program in the directory
    specified by the IPTABLES setting will be used to disable IPv6. If
    the iptables utility is discovered using the PATH setting, then
    ip6tables in the same directory as the discovered iptables will be
    used.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 %changelog
 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/fallback.sh
+++ b/Shorewall6-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6/blacklist
+++ b/Shorewall6/blacklist
@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ADDRESS/SUBNET		PROTOCOL	PORT
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/clear
+++ b/Shorewall6/clear
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/fallback.sh
+++ b/Shorewall6/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6/interfaces
+++ b/Shorewall6/interfaces
@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	ANYCAST		OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/isusable
+++ b/Shorewall6/isusable
@ -19,5 +19,3 @@ local status=0
 [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status)
 return $status
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/maclist
+++ b/Shorewall6/maclist
@ -7,4 +7,3 @@
 #
 ###############################################################################
 #DISPOSITION	INTERFACE		MAC			IP ADDRESSES (Optional)
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Shorewall6/notrack
+++ b/Shorewall6/notrack
@ -6,4 +6,3 @@
 #####################################################################################
 #SOURCE		DESTINATION	PROTO	DEST		SOURCE	USER/
 #					PORT(S)		PORT(S)	GROUP
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/policy
+++ b/Shorewall6/policy
@ -9,4 +9,3 @@
 ###############################################################################
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
 #LAST LINE -- DO NOT REMOVE
--- a/Shorewall6/providers
+++ b/Shorewall6/providers
@ -7,4 +7,3 @@
 #
 ############################################################################################
 #NAME	NUMBER	MARK	DUPLICATE	INTERFACE	GATEWAY		OPTIONS		COPY
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Shorewall6/refresh
+++ b/Shorewall6/refresh
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/refreshed
+++ b/Shorewall6/refreshed
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/restored
+++ b/Shorewall6/restored
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/route_rules
+++ b/Shorewall6/route_rules
@ -6,4 +6,3 @@
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ##############################################################################
 #SOURCE			DEST			PROVIDER	PRIORITY
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/rules
+++ b/Shorewall6/rules
@ -12,4 +12,3 @@
 #SECTION ESTABLISHED
 #SECTION RELATED
 SECTION NEW
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 %changelog
 * Sun Jul 12 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6/start
+++ b/Shorewall6/start
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/started
+++ b/Shorewall6/started
@ -17,4 +17,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/stop
+++ b/Shorewall6/stop
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/stopped
+++ b/Shorewall6/stopped
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/tcclasses
+++ b/Shorewall6/tcclasses
@ -7,4 +7,3 @@
 #
 ###############################################################################
 #INTERFACE:CLASS	MARK	RATE	CEIL	PRIORITY	OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tcclear
+++ b/Shorewall6/tcclear
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/tcdevices
+++ b/Shorewall6/tcdevices
@ -8,4 +8,3 @@
 ###############################################################################
 #NUMBER:	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS		REDIRECTED
 #INTERFACE							INTERFACES
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tcrules
+++ b/Shorewall6/tcrules
@ -12,4 +12,3 @@
 ######################################################################################################################
 #MARK	SOURCE		DEST		PROTO	DEST	SOURCE	USER	TEST	LENGTH	TOS   CONNBYTES		HELPER
 #						PORT(S)	PORT(S)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tos
+++ b/Shorewall6/tos
@ -6,4 +6,3 @@
 ###############################################################################
 #SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS	MARK
 #						PORTS	PORTS
 #LAST LINE -- Add your entries above -- DO NOT REMOVE
--- a/Shorewall6/tunnels
+++ b/Shorewall6/tunnels
@ -9,4 +9,3 @@
 ###############################################################################
 #TYPE			ZONE	GATEWAY		GATEWAY
 #						ZONE
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall6/zones
+++ b/Shorewall6/zones
@ -10,4 +10,3 @@
 #ZONE	TYPE		OPTIONS		IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
`@ -1 +1 @@`
	`There are no known problems in Shorewall version 4.4.0-Beta4`	`There are no known problems in Shorewall version 4.4.0-RC1`