mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-28 02:23:20 +01:00
Prepare 4.3.10
This commit is contained in:
parent
0b34cb3d1f
commit
5fb3f455c4
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall-lite
|
%define name shorewall-lite
|
||||||
%define version 4.3.9
|
%define version 4.3.10
|
||||||
%define release 0base
|
%define release 0base
|
||||||
|
|
||||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||||
@ -98,6 +98,8 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.3.10-0base
|
||||||
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.3.9-0base
|
- Updated to 4.3.9-0base
|
||||||
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -323,7 +323,7 @@ sub initialize( $ ) {
|
|||||||
TC_SCRIPT => '',
|
TC_SCRIPT => '',
|
||||||
EXPORT => 0,
|
EXPORT => 0,
|
||||||
UNTRACKED => 0,
|
UNTRACKED => 0,
|
||||||
VERSION => "4.3.9",
|
VERSION => "4.3.10",
|
||||||
CAPVERSION => 40309 ,
|
CAPVERSION => 40309 ,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
Changes in Shorewall 4.3.10
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
Changes in Shorewall 4.3.9
|
Changes in Shorewall 4.3.9
|
||||||
|
|
||||||
1) Logging rules now create separate chain.
|
1) Logging rules now create separate chain.
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1 +1 @@
|
|||||||
There are no known problems in Shorewall version 4.3.9
|
There are no known problems in Shorewall version 4.3.10
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Shorewall 4.3.9
|
Shorewall 4.3.10
|
||||||
|
|
||||||
Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
|
Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
|
||||||
released late in 2009.
|
released late in 2009.
|
||||||
@ -56,19 +56,10 @@ released late in 2009.
|
|||||||
underlying support in the Linux kernel.
|
underlying support in the Linux kernel.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
P R O B L E M S C O R R E C T E D I N 4 . 3 . 9
|
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
1) If an interface name was specified in a PREROUTING rule (tcrules or
|
None.
|
||||||
notrack) then an invalid iptables rule would be generated.
|
|
||||||
|
|
||||||
2) When a network address appeared in the SOURCE or DEST column of
|
|
||||||
/etc/shorewall/tcfilters, an incorrect netmask was being generated in
|
|
||||||
the resulting 'tc' rule.
|
|
||||||
|
|
||||||
3) Placing an IP address in the BROADCAST column of
|
|
||||||
/etc/shorewall/interfaces caused Shorewall-perl to generate an
|
|
||||||
erroneous 'Invalid BROADCAST address' error.
|
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
K N O W N P R O B L E M S R E M A I N I N G
|
K N O W N P R O B L E M S R E M A I N I N G
|
||||||
@ -77,159 +68,10 @@ released late in 2009.
|
|||||||
None.
|
None.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
N E W F E A T U R E S I N 4 . 3 . 9
|
N E W F E A T U R E S I N 4 . 3 . 10
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
1) Rules that specify a log level with a target other than LOG or NFLOG
|
None.
|
||||||
are now implemented through a separate chain. While this may increase
|
|
||||||
the processing cost slightly for packets that match these rules, it
|
|
||||||
is expected to reduce the overall cost of such rules because each
|
|
||||||
packet that doesn't match the rules only has to be processed once
|
|
||||||
per rule rather than twice.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
/etc/shorewall/rules:
|
|
||||||
|
|
||||||
REJECT:info loc net tcp 25
|
|
||||||
|
|
||||||
This previously generated these two rules (long rules folded):
|
|
||||||
|
|
||||||
-A loc2net -p 6 --dport 25 -j LOG --log-level 6
|
|
||||||
--log-prefix "Shorewall:loc2net:reject:"
|
|
||||||
-A loc2net -p 6 --dport 25 -j reject
|
|
||||||
|
|
||||||
It now generates these rules:
|
|
||||||
|
|
||||||
:log0 - [0:0]
|
|
||||||
...
|
|
||||||
-A loc2net -p 6 --dport 25 -g log0
|
|
||||||
...
|
|
||||||
-A log0 -j LOG --log-level 6
|
|
||||||
--log-prefix "Shorewall:loc2net:REJECT:"
|
|
||||||
-A log0 -p 6 --dport 25 -j reject
|
|
||||||
|
|
||||||
Notice that now there is only a single rule generated in the
|
|
||||||
'loc2net' chain where before there were two. Packets for other than
|
|
||||||
TCP port 25 had to be processed by both rules.
|
|
||||||
|
|
||||||
Notice also that the new LOG rule reflects the original action
|
|
||||||
("REJECT") rather than what Shorewall maps that to ("reject").
|
|
||||||
|
|
||||||
2) Shorewall6 has now been tested on kernel 2.6.24 (Ubuntu Hardy) and
|
|
||||||
hence will now start successfully when running on that kernel.
|
|
||||||
|
|
||||||
3) Three new options (IP, TC and IPSET) have been added to
|
|
||||||
shorewall.conf and shorwall6.conf. These options specify the name
|
|
||||||
of the executable for the 'ip', 'tc' and 'ipset' utilities
|
|
||||||
respectively.
|
|
||||||
|
|
||||||
If not specified, the default values are:
|
|
||||||
|
|
||||||
IP=ip
|
|
||||||
TC=tc
|
|
||||||
IPSET=ipset
|
|
||||||
|
|
||||||
In other words, the utilities will be located via the current PATH
|
|
||||||
setting.
|
|
||||||
|
|
||||||
4) There has been a desire in the user community to limit traffic by
|
|
||||||
IP address using Shorewall traffic shaping. Heretofore, that has
|
|
||||||
required a very inefficient process:
|
|
||||||
|
|
||||||
a) Define a tcclass for each internal host (two, if shaping both in
|
|
||||||
and out).
|
|
||||||
b) Define a tcrule for each host to mark to classify the packets
|
|
||||||
accordingly.
|
|
||||||
|
|
||||||
Beginning with Shorewall 4.3.9, this process is made easier IF YOU
|
|
||||||
ARE WILLING TO INSTALL xtables-addons. The feature requires IPMARK
|
|
||||||
support in iptables[6] and your kernel. That support is available
|
|
||||||
in xtables-addons.
|
|
||||||
|
|
||||||
The new facility has two components:
|
|
||||||
|
|
||||||
a) A new IPMARK MARKing command in /etc/shorewall/tcrules.
|
|
||||||
b) A new 'occurs' OPTION in /etc/shorewall/tcclasses.
|
|
||||||
|
|
||||||
The IPMARK target assigns a mark to each matching packet based on
|
|
||||||
the either the source or destination IP address. By default, it
|
|
||||||
assigns a mark value equal to the low-order 8 bits of the source
|
|
||||||
address.
|
|
||||||
|
|
||||||
The syntax is as follows:
|
|
||||||
|
|
||||||
IPMARK[([{src|dst}][,[<mask1>][,[<mask2>][,[<shift>]]]])]
|
|
||||||
|
|
||||||
Default values are:
|
|
||||||
|
|
||||||
src
|
|
||||||
<mask1> = 0xFF
|
|
||||||
<mask2> = 0x00
|
|
||||||
<shift> = 0
|
|
||||||
|
|
||||||
'src' and 'dst' specify whether the mark is to be based on the
|
|
||||||
source or destination address respectively.
|
|
||||||
|
|
||||||
The selected address is first LANDed with <mask1> then LORed with
|
|
||||||
<mask2>.
|
|
||||||
|
|
||||||
The result is then shifted <shift> bits to the right.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
IPMARK(dst, 0XFF00, 0x8000,8)
|
|
||||||
|
|
||||||
Destination IP address is 192.168.4.3 = 0xc0a80103
|
|
||||||
|
|
||||||
0xc0a80403 LAND 0xFF00 = 0x0400
|
|
||||||
0x0400 LOR 0x80 = 0x8400
|
|
||||||
0x8400 >> 8 = 0x84
|
|
||||||
|
|
||||||
Mark = 0x84 = 132
|
|
||||||
|
|
||||||
The 'occurs' option causes the class definition to be replicated
|
|
||||||
many times. The synax is:
|
|
||||||
|
|
||||||
occurs=<number>
|
|
||||||
|
|
||||||
When 'occurs' is used:
|
|
||||||
|
|
||||||
a) The associated device may not have the 'classify' option.
|
|
||||||
b) The class may not be the default class.
|
|
||||||
c) The class may not have any 'tos=' options (including
|
|
||||||
'tcp-ack').
|
|
||||||
|
|
||||||
The 'RATE' and 'CEIL' parameters apply to each instance of the
|
|
||||||
class. So the total RATE represented by an entry with 'occurs' will
|
|
||||||
be the listed RATE multiplied by the 'occurs' number.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
#DEVICE MARK RATE CEIL PRIORITY OPTIONS
|
|
||||||
eth0 100 1kbit 230kbit 4 occurs=32
|
|
||||||
|
|
||||||
The above defines 32 classes with MARK values 100-131. Each
|
|
||||||
class has a guaranteed rate of 1kbit/second.
|
|
||||||
|
|
||||||
As part of this change, the generation of class ids from mark
|
|
||||||
values has been changed. The class number is now
|
|
||||||
|
|
||||||
( <devnum> << 10 ) | <mask>
|
|
||||||
|
|
||||||
/sbin/shorewall has an 'encode' and 'decode' command to translate a
|
|
||||||
device number, mark pair to/from a classid:
|
|
||||||
|
|
||||||
encode <devnum> <mark>
|
|
||||||
decode <classnum>
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
$ shorewall decode 3172
|
|
||||||
Device = 3 Mark = 100
|
|
||||||
$ shorewall encode 3 100
|
|
||||||
Class number = 3172
|
|
||||||
$
|
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
N E W F E A T U R E S IN 4 . 3
|
N E W F E A T U R E S IN 4 . 3
|
||||||
@ -493,3 +335,155 @@ None.
|
|||||||
equivalent to this single rule:
|
equivalent to this single rule:
|
||||||
|
|
||||||
ACCEPT net fw tcp 25,587 - - s:mail:3/min
|
ACCEPT net fw tcp 25,587 - - s:mail:3/min
|
||||||
|
|
||||||
|
13) Rules that specify a log level with a target other than LOG or NFLOG
|
||||||
|
are now implemented through a separate chain. While this may increase
|
||||||
|
the processing cost slightly for packets that match these rules, it
|
||||||
|
is expected to reduce the overall cost of such rules because each
|
||||||
|
packet that doesn't match the rules only has to be processed once
|
||||||
|
per rule rather than twice.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
/etc/shorewall/rules:
|
||||||
|
|
||||||
|
REJECT:info loc net tcp 25
|
||||||
|
|
||||||
|
This previously generated these two rules (long rules folded):
|
||||||
|
|
||||||
|
-A loc2net -p 6 --dport 25 -j LOG --log-level 6
|
||||||
|
--log-prefix "Shorewall:loc2net:reject:"
|
||||||
|
-A loc2net -p 6 --dport 25 -j reject
|
||||||
|
|
||||||
|
It now generates these rules:
|
||||||
|
|
||||||
|
:log0 - [0:0]
|
||||||
|
...
|
||||||
|
-A loc2net -p 6 --dport 25 -g log0
|
||||||
|
...
|
||||||
|
-A log0 -j LOG --log-level 6
|
||||||
|
--log-prefix "Shorewall:loc2net:REJECT:"
|
||||||
|
-A log0 -p 6 --dport 25 -j reject
|
||||||
|
|
||||||
|
Notice that now there is only a single rule generated in the
|
||||||
|
'loc2net' chain where before there were two. Packets for other than
|
||||||
|
TCP port 25 had to be processed by both rules.
|
||||||
|
|
||||||
|
Notice also that the new LOG rule reflects the original action
|
||||||
|
("REJECT") rather than what Shorewall maps that to ("reject").
|
||||||
|
|
||||||
|
14) Shorewall6 has now been tested on kernel 2.6.24 (Ubuntu Hardy) and
|
||||||
|
hence will now start successfully when running on that kernel.
|
||||||
|
|
||||||
|
15) Three new options (IP, TC and IPSET) have been added to
|
||||||
|
shorewall.conf and shorwall6.conf. These options specify the name
|
||||||
|
of the executable for the 'ip', 'tc' and 'ipset' utilities
|
||||||
|
respectively.
|
||||||
|
|
||||||
|
If not specified, the default values are:
|
||||||
|
|
||||||
|
IP=ip
|
||||||
|
TC=tc
|
||||||
|
IPSET=ipset
|
||||||
|
|
||||||
|
In other words, the utilities will be located via the current PATH
|
||||||
|
setting.
|
||||||
|
|
||||||
|
16) There has been a desire in the user community to limit traffic by
|
||||||
|
IP address using Shorewall traffic shaping. Heretofore, that has
|
||||||
|
required a very inefficient process:
|
||||||
|
|
||||||
|
a) Define a tcclass for each internal host (two, if shaping both in
|
||||||
|
and out).
|
||||||
|
b) Define a tcrule for each host to mark to classify the packets
|
||||||
|
accordingly.
|
||||||
|
|
||||||
|
Beginning with Shorewall 4.3.9, this process is made easier IF YOU
|
||||||
|
ARE WILLING TO INSTALL xtables-addons. The feature requires IPMARK
|
||||||
|
support in iptables[6] and your kernel. That support is available
|
||||||
|
in xtables-addons.
|
||||||
|
|
||||||
|
The new facility has two components:
|
||||||
|
|
||||||
|
a) A new IPMARK MARKing command in /etc/shorewall/tcrules.
|
||||||
|
b) A new 'occurs' OPTION in /etc/shorewall/tcclasses.
|
||||||
|
|
||||||
|
The IPMARK target assigns a mark to each matching packet based on
|
||||||
|
the either the source or destination IP address. By default, it
|
||||||
|
assigns a mark value equal to the low-order 8 bits of the source
|
||||||
|
address.
|
||||||
|
|
||||||
|
The syntax is as follows:
|
||||||
|
|
||||||
|
IPMARK[([{src|dst}][,[<mask1>][,[<mask2>][,[<shift>]]]])]
|
||||||
|
|
||||||
|
Default values are:
|
||||||
|
|
||||||
|
src
|
||||||
|
<mask1> = 0xFF
|
||||||
|
<mask2> = 0x00
|
||||||
|
<shift> = 0
|
||||||
|
|
||||||
|
'src' and 'dst' specify whether the mark is to be based on the
|
||||||
|
source or destination address respectively.
|
||||||
|
|
||||||
|
The selected address is first LANDed with <mask1> then LORed with
|
||||||
|
<mask2>.
|
||||||
|
|
||||||
|
The result is then shifted <shift> bits to the right.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
IPMARK(dst, 0XFF00, 0x8000,8)
|
||||||
|
|
||||||
|
Destination IP address is 192.168.4.3 = 0xc0a80103
|
||||||
|
|
||||||
|
0xc0a80403 LAND 0xFF00 = 0x0400
|
||||||
|
0x0400 LOR 0x80 = 0x8400
|
||||||
|
0x8400 >> 8 = 0x84
|
||||||
|
|
||||||
|
Mark = 0x84 = 132
|
||||||
|
|
||||||
|
The 'occurs' option causes the class definition to be replicated
|
||||||
|
many times. The synax is:
|
||||||
|
|
||||||
|
occurs=<number>
|
||||||
|
|
||||||
|
When 'occurs' is used:
|
||||||
|
|
||||||
|
a) The associated device may not have the 'classify' option.
|
||||||
|
b) The class may not be the default class.
|
||||||
|
c) The class may not have any 'tos=' options (including
|
||||||
|
'tcp-ack').
|
||||||
|
|
||||||
|
The 'RATE' and 'CEIL' parameters apply to each instance of the
|
||||||
|
class. So the total RATE represented by an entry with 'occurs' will
|
||||||
|
be the listed RATE multiplied by the 'occurs' number.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
#DEVICE MARK RATE CEIL PRIORITY OPTIONS
|
||||||
|
eth0 100 1kbit 230kbit 4 occurs=32
|
||||||
|
|
||||||
|
The above defines 32 classes with MARK values 100-131. Each
|
||||||
|
class has a guaranteed rate of 1kbit/second.
|
||||||
|
|
||||||
|
As part of this change, the generation of class ids from mark
|
||||||
|
values has been changed. The class number is now
|
||||||
|
|
||||||
|
( <devnum> << 10 ) | <mask>
|
||||||
|
|
||||||
|
/sbin/shorewall has an 'encode' and 'decode' command to translate a
|
||||||
|
device number, mark pair to/from a classid:
|
||||||
|
|
||||||
|
encode <devnum> <mark>
|
||||||
|
decode <classnum>
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
$ shorewall decode 3172
|
||||||
|
Device = 3 Mark = 100
|
||||||
|
$ shorewall encode 3 100
|
||||||
|
Class number = 3172
|
||||||
|
$
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 4.3.9
|
%define version 4.3.10
|
||||||
%define release 0base
|
%define release 0base
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -172,6 +172,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.3.10-0base
|
||||||
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.3.9-0base
|
- Updated to 4.3.9-0base
|
||||||
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall6-lite
|
%define name shorewall6-lite
|
||||||
%define version 4.3.9
|
%define version 4.3.10
|
||||||
%define release 0base
|
%define release 0base
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
||||||
@ -89,6 +89,8 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.3.10-0base
|
||||||
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.3.9-0base
|
- Updated to 4.3.9-0base
|
||||||
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall6
|
%define name shorewall6
|
||||||
%define version 4.3.9
|
%define version 4.3.10
|
||||||
%define release 0base
|
%define release 0base
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
||||||
@ -144,6 +144,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 19 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.3.10-0base
|
||||||
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
* Sat Apr 11 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.3.9-0base
|
- Updated to 4.3.9-0base
|
||||||
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.3.9
|
VERSION=4.3.10
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user