Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall

2025-06-20 09:47:51 +02:00 · 2009-07-13 06:51:54 -07:00 · 2009-07-13 06:51:54 -07:00 · 3c326841ce
commit 3c326841ce
parent 94d3651666 7456b4ab40
56 changed files with 60 additions and 98 deletions
--- a/Samples6/one-interface/interfaces
+++ b/Samples6/one-interface/interfaces
@ -13,4 +13,3 @@
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/one-interface/policy
+++ b/Samples6/one-interface/policy
@ -18,4 +18,3 @@ net		$FW		DROP		info
 net		all		DROP		info
 # The FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/one-interface/zones
+++ b/Samples6/one-interface/zones
@ -15,4 +15,3 @@
 #					OPTIONS			OPTIONS
 fw	firewall
 net	ipv6
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/three-interfaces/interfaces
+++ b/Samples6/three-interfaces/interfaces
@ -15,4 +15,3 @@
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
 dmz     eth2            detect
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/policy
+++ b/Samples6/three-interfaces/policy
@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info

-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/routestopped
+++ b/Samples6/three-interfaces/routestopped
@ -18,4 +18,3 @@
 #INTERFACE	HOST(S)
 eth1		-
 eth2		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@ -54,4 +54,3 @@ ACCEPT		$FW		dmz		ipv6-icmp
 #Ping/ACCEPT    net             dmz
 #Ping/ACCEPT    net             loc

-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/zones
+++ b/Samples6/three-interfaces/zones
@ -18,4 +18,3 @@ fw	firewall
 net	ipv4
 loc	ipv4
 dmz	ipv4
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/two-interfaces/interfaces
+++ b/Samples6/two-interfaces/interfaces
@ -14,4 +14,3 @@
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/policy
+++ b/Samples6/two-interfaces/policy
@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info

-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/routestopped
+++ b/Samples6/two-interfaces/routestopped
@ -17,4 +17,3 @@
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@ -35,5 +35,3 @@ Ping/DROP	net		$FW
 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp
 #
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/zones
+++ b/Samples6/two-interfaces/zones
@ -17,4 +17,3 @@ fw	firewall
 net	ipv6
 loc	ipv6

-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1

 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt

 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -327,7 +327,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.0-Beta4",
+		    VERSION => "4.4.0-RC1",
 		    CAPVERSION => 40310 ,
 		  );

--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,7 +1,19 @@
+Changes in Shorewall 4.4.0-RC1
+
+1)  Delete duplicate Git macro.
+
 Changes in Shorewall 4.4.0-Beta4

 1)  Add more macros.

+2)  Correct broadcast address detection
+
+3) Fix 'show dynamic'
+
+4) Fix BGP and OSFP macros.
+
+5) Change DISABLE_IPV6 default and use 'correct' ip6tables.
+
 Changes in Shorewall 4.4.0-Beta3

 1)  Add new macros.
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -1 +1 @@
-There are no known problems in Shorewall version 4.4.0-Beta4
+There are no known problems in Shorewall version 4.4.0-RC1
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -1,4 +1,4 @@
-Shorewall 4.4.0 Beta 4
+Shorewall 4.4.0 RC1

 ----------------------------------------------------------------------------
               R E L E A S E  4 . 4  H I G H L I G H T S
@ -110,31 +110,10 @@ Shorewall 4.4.0 Beta 4
    released.

 ----------------------------------------------------------------------------
-          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  Beta 3
+          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0  RC1
 ----------------------------------------------------------------------------

-1)  The BGP and OSFP macros released in Beta 3 contained rules to allow
-    administrative access to the related routing daemons. Those rules
-    have been deleted.
-
-2)  Previously, if Address Type Match was not available and an
-    interface on the firewall was (mis-)configured as shown below, then
-    REJECT policies in Shorewall-perl would drop packets addressed to
-    the interface rather than reject them.
-
-    3: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 ...
-       inet 127.0.0.1/32 scope host venet0
-       inet 206.124.146.176/32 brd 206.124.146.176 ...
-
-    Note that a /32 should never be configured with a broadcast
-    address.
-
-3)  Due to a syntax ambiguity arising from the new dynamic zone
-    implementation, 'shorewall show dynamic' produced no output. It now
-    shows the contents of the dynamic blacklist as in earlier 
-    Shorewall releases.
-
-4)  The 'findgw' script produced an error if VERBOSITY > 0.
+1)  The duplicate macro GIT has been deleted.

 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
@ -143,26 +122,10 @@ Shorewall 4.4.0 Beta 4
 None.

 ----------------------------------------------------------------------------
-                N E W   F E A T U R E S   I N   4 . 4 . 0 Beta 4
+                N E W   F E A T U R E S   I N   4 . 4 . 0 RC1
 ----------------------------------------------------------------------------

-1)  Paul Gear has contributed the following macros:
-
-    	 macro.Webcache (originally named macro.DG)
- 	 macro.IPPbrd
- 	 macro.NTPbi
- 	 macro.RIPbi
-	 macro.mDNS
-
-2)  The default value of DISABLE_IPV6 has been changed from 'Yes' to
-    'No' in all sample shorewall.conf files. Shorewall6 should be
-    installed to restrict IPv6 traffic.
-
-    As part of this change, the ip6tables program in the directory
-    specified by the IPTABLES setting will be used to disable IPv6. If
-    the iptables utility is discovered using the PATH setting, then
-    ip6tables in the same directory as the discovered iptables will be
-    used.
+None.

 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   IN   4 . 4
@ -793,3 +756,21 @@ None.
 26) A new extension script, 'lib.private' has been added. This file is
    intended to include declarations of shell functions that will be
    called by the other run-time extension scripts. 
+
+27) Paul Gear has contributed the following macros:
+
+    	 macro.Webcache (originally named macro.DG)
+ 	 macro.IPPbrd
+ 	 macro.NTPbi
+ 	 macro.RIPbi
+	 macro.mDNS
+
+28) The default value of DISABLE_IPV6 has been changed from 'Yes' to
+    'No' in all sample shorewall.conf files. Shorewall6 should be
+    installed to restrict IPv6 traffic.
+
+    As part of this change, the ip6tables program in the directory
+    specified by the IPTABLES setting will be used to disable IPv6. If
+    the iptables utility is discovered using the PATH setting, then
+    ip6tables in the same directory as the discovered iptables will be
+    used.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1

 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 

 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/fallback.sh
+++ b/Shorewall6-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1

 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt

 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6/blacklist
+++ b/Shorewall6/blacklist
@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ADDRESS/SUBNET		PROTOCOL	PORT
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/clear
+++ b/Shorewall6/clear
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/fallback.sh
+++ b/Shorewall6/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6/interfaces
+++ b/Shorewall6/interfaces
@ -8,4 +8,3 @@
 #
 ###############################################################################
 #ZONE	INTERFACE	ANYCAST		OPTIONS
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/isusable
+++ b/Shorewall6/isusable
@ -19,5 +19,3 @@ local status=0
 [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status)

 return $status
-
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/maclist
+++ b/Shorewall6/maclist
@ -7,4 +7,3 @@
 #
 ###############################################################################
 #DISPOSITION	INTERFACE		MAC			IP ADDRESSES (Optional)
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Shorewall6/notrack
+++ b/Shorewall6/notrack
@ -6,4 +6,3 @@
 #####################################################################################
 #SOURCE		DESTINATION	PROTO	DEST		SOURCE	USER/
 #					PORT(S)		PORT(S)	GROUP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/policy
+++ b/Shorewall6/policy
@ -9,4 +9,3 @@
 ###############################################################################
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
-#LAST LINE -- DO NOT REMOVE
--- a/Shorewall6/providers
+++ b/Shorewall6/providers
@ -7,4 +7,3 @@
 #
 ############################################################################################
 #NAME	NUMBER	MARK	DUPLICATE	INTERFACE	GATEWAY		OPTIONS		COPY
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Shorewall6/refresh
+++ b/Shorewall6/refresh
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/refreshed
+++ b/Shorewall6/refreshed
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/restored
+++ b/Shorewall6/restored
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/route_rules
+++ b/Shorewall6/route_rules
@ -6,4 +6,3 @@
 # For additional information, see http://www.shorewall.net/MultiISP.html
 ##############################################################################
 #SOURCE			DEST			PROVIDER	PRIORITY
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/rules
+++ b/Shorewall6/rules
@ -12,4 +12,3 @@
 #SECTION ESTABLISHED
 #SECTION RELATED
 SECTION NEW
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.0
-%define release 0Beta4
+%define release 0RC1

 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6

 %changelog
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
 * Thu Jul 09 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta4
 * Sat Jun 27 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6/start
+++ b/Shorewall6/start
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/started
+++ b/Shorewall6/started
@ -17,4 +17,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/stop
+++ b/Shorewall6/stop
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/stopped
+++ b/Shorewall6/stopped
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/tcclasses
+++ b/Shorewall6/tcclasses
@ -7,4 +7,3 @@
 #
 ###############################################################################
 #INTERFACE:CLASS	MARK	RATE	CEIL	PRIORITY	OPTIONS
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tcclear
+++ b/Shorewall6/tcclear
@ -10,4 +10,3 @@
 # information.
 #
 ###############################################################################
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall6/tcdevices
+++ b/Shorewall6/tcdevices
@ -8,4 +8,3 @@
 ###############################################################################
 #NUMBER:	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS		REDIRECTED
 #INTERFACE							INTERFACES
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tcrules
+++ b/Shorewall6/tcrules
@ -12,4 +12,3 @@
 ######################################################################################################################
 #MARK	SOURCE		DEST		PROTO	DEST	SOURCE	USER	TEST	LENGTH	TOS   CONNBYTES		HELPER
 #						PORT(S)	PORT(S)
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/tos
+++ b/Shorewall6/tos
@ -6,4 +6,3 @@
 ###############################################################################
 #SOURCE		DEST		PROTOCOL	SOURCE	DEST	TOS	MARK
 #						PORTS	PORTS
-#LAST LINE -- Add your entries above -- DO NOT REMOVE
--- a/Shorewall6/tunnels
+++ b/Shorewall6/tunnels
@ -9,4 +9,3 @@
 ###############################################################################
 #TYPE			ZONE	GATEWAY		GATEWAY
 #						ZONE
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.0-Beta4
+VERSION=4.4.0-RC1

 usage() # $1 = exit status
 {
--- a/Shorewall6/zones
+++ b/Shorewall6/zones
@ -10,4 +10,3 @@
 #ZONE	TYPE		OPTIONS		IN			OUT
 #					OPTIONS			OPTIONS
 fw	firewall
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE