diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index 4625de2f0..58ff266c8 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 021414581..140368063 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index aca68042a..beefd237b 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 3.4.0 -%define release 1 +%define release 0RC3 %define prefix /usr Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -99,8 +99,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog -* Fri Feb 16 2007 Tom Eastep tom@shorewall.net -- Updated to 3.4.0-1 +* Sun Feb 25 2007 Tom Eastep tom@shorewall.net +- Updated to 3.4.0-0RC3 * Sun Feb 04 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0RC2 * Wed Jan 24 2007 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 60a0f18a0..594b13623 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status { diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index ed1f462ce..cbcc95421 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,4 +1,4 @@ -Changes in 3.4.0 Final +Changes in 3.4.0 RC 3 1) Add warning about 'loose' and 'balance' diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index a3c2ab809..bfd2f2ae9 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status { diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 9fb985153..42d390854 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 64822be25..04f0cfa50 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.4.0 +Shorewall 3.4.0 RC3 Release Highlights @@ -28,7 +28,7 @@ Release Highlights /etc/shorewall/route_rules and reverses those changes when appropriate. -Problems Corrected in 3.4.0 Final +Problems Corrected in 3.4.0 RC3 1) The route_rules file was being ignored. This has been corrected. @@ -46,7 +46,7 @@ Problems Corrected in 3.4.0 Final intra-zone traffic to be rejected by rules for one of the parent zones. -Other Changes in 3.4.0 Final +Other Changes in 3.4.0 RC3 1) A warning is now issued when 'loose' and 'balance' are specified together for a provider. This combination of options can lead to packets being @@ -695,3 +695,140 @@ New Features in Shorewall 3.4: Note: EXPORTPARAMS was actually introduced in Shorewall version 3.2.9. It is described here for the benefit of those who did not install that version. + +Problems Corrected in 3.4.0 Beta 1. + +1) It is now possible to place entries in the IPSEC column of + /etc/shorewall/masq without having specified ipsec zones or hosts. + +2) The /etc/shorewall/masq file is no longer ignored when the + /etc/shorewall/nat file is empty. + +Problems Corrected in 3.4.0 Beta 2 + +1) If 'blacklist' was specified on an interface and the + /etc/shorewall/blacklist file was empty, then the generated + firewall script contained a syntax error (the function + load_blacklist() was empty). + +2) If the file /etc/shorewall/init did not exist, then the compiler + would incorrectly copy /usr/share/shorewall/init into the + compiled script. /usr/share/shorewall/init is a symbolic link + to the Shorewall init script (usually /etc/init.d/shorewall). + +3) To allow Shorewall and Shorewall Lite to coexist on a single + system, the Shorewall section 5 manpages are no longer included in + Shorewall Lite. In addition, the Shorewall Lite manpage for + "shorewall.conf" has been renamed "shorewall-lite.conf". This + has resulted in a similar change to the actual file -- + /etc/shorewall-lite/shorewall.conf has been renamed + /etc/shorewall-lite/shorewall-lite.conf. + +Problems Corrected in 3.4.0 Beta 3 + +1) Shorewall now supports VLAN interfaces with names of the form + vlan@ethX. + +2) Previously, "ipp2p:udp" was incorrectly rejected in the PROTO + column of an action definition. + +3) Previously, if an invalid DISPOSITION was specified in a record in + /etc/shorewall/maclist, then a confusing error message would + result. + + Example: + + /etc/shorewall/mac: + + ALOW:info eth0 02:0C:03:04:05:06 + + Error message: + + ERROR: No hosts on ALOW:info have the maclist option specified + + The new error message is: + + ERROR: Invalid DISPOSITION (ALOW:info) in rule "ALOW:info eth0 + 02:0C:03:04:05:06" + +Problems Corrected in 3.4.0 RC1 + +1) While most distributions store the Shorewall Lite compiled program + in /var/lib/shorewall/, Shorewall includes features that allow that + location to be changed on a per-distribution basis. The default for + a particular distribution may be determined by the command + "shorewall[-lite] show config". + + teastep@lists:~/shorewall/trunk$ shorewall show config + Default CONFIG_PATH is /etc/shorewall:/usr/share/shorewall + LITEDIR is /var/lib/shorewall-lite + teastep@lists:~/shorewall/trunk$ + + The LITEDIR setting is the location where the compiled script + should be placed. Unfortunately, the "shorewall [re]load" command + previously used the setting on the administrative system rather + than the one from the firewall system so it was possible for that + command to upload the compiled script to the wrong directory. + + To work around this problem, Shorewall now determines the LITEDIR + setting on the firewall system and uses that setting for uploading + the compiled script and its companion .conf file. + +2) Previously, IP ranges and ipset names were handled incorrectly in + the last column of the maclist file with the result that run-time + errors occured. + +3) The Beta3 manpages are sprinked with .html filenames enclosed in + square brackets. + + Example: + + ...set MARK_IN_FORWARD_CHAIN=Yes in shorewall.conf + [shorewall.conf.html](5) and have... + + These were generated by elements in the XML source which + were added to provide inter-document links in the HTML rendition of + the manpages. s were previously ignored by the XML->man + conversion tool; unfortunately, the latest release of the tool + no longer ignores these elements but rather produces the ugly + result shown above. + + This problem has been corrected in RC1. + +4) Previously, if "INCLUDE " appeared in + /etc/shorewall/params then run-time errors occurred. + + As part of the fix for this problem, the mechanism by which + /etc/shorewall/params is copied into the compiler output was + changed. As a result, extra white space is removed from the text + during the copy operation so code in /etc/shorewall/params should + not depend on precise white-space, even in quoted strings. + +Other Changes in 3.4.0 RC 1 + +1) A macro that handles SixXS has been contributed by Christian + Roessner. + +Problems Corrected in 3.4.0 RC2 + +1) The new SIP and H323 Netfilter helper modules were not being + automatically loaded by Shorewall. They have now been added to the + /usr/share/shorewall[-lite]/modules files. + +2) It is quite difficult to code a 'params' file that assigns other + than constant values such that it works correctly with Shorewall + Lite. To work around this problem, a new EXPORTPARAMS option + has been added to shorewall.conf. When EXPORTPARAMS=No, the + 'params' file is no longer copied to the compiler output. + + With EXPORTPARAMS=No, if you need to set environmental variables on + the firewall system for use by your extension scripts, then do so + in the init extension script. + + The default is EXPORTPARAMS=Yes to retain the current behavior. + + This fix is brought forward from Shorewall version 3.2.9. + +Other Changes in 3.4.0 RC 2 + +None. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index e274cc3a8..4ffa1f412 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 3.4.0 -%define release 1 +%define release 0RC3 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -260,8 +260,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %changelog -* Fri Feb 16 2007 Tom Eastep tom@shorewall.net -- Updated to 3.4.0-1 +* Sun Feb 25 2007 Tom Eastep tom@shorewall.net +- Updated to 3.4.0-0RC3 * Sun Feb 04 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0RC2 * Wed Jan 24 2007 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 869a4cba6..0babcbda6 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.4.0 +VERSION=3.4.0-RC3 usage() # $1 = exit status {