Fix ZONE type check in tunnels file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -1,3 +1,7 @@
+Changes in 4.0.0 RC 2
+
+1)  Fix zone type check in Tunnels File.
+
 Changes in 4.0.0 RC 1
 
 1)  shorewall-perl RPM no longer installable under shorewall 3.4.

Shorewall-common/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 4.0.0 RC 1
+Shorewall 4.0.0 RC 2
 ----------------------------------------------------------------------------
                    R E L E A S E  H I G H L I G H T S
 ----------------------------------------------------------------------------
@@ -12,9 +12,12 @@ Shorewall 4.0.0 RC 1
    - Shorewall-shell ( the shell-based compiler )
    - Shorewall-perl (the Perl-based compiler )
 
-   You must install Shorewall-common and at least one of the compiler
-   packages (you may install them both). See the Migration
-   Considerations below for further information.
+   You must install at least one of the compiler packages (you may
+   install them both) along with Shorewall-common.
+
+   YOU DO NOT NEED TO UNINSTALL ANY OF YOUR CURRENT PACKAGES.
+
+   See the Migration Considerations below for further information.
 
 3) The facilities for supporting bridge/firewalls under earlier
    releases are deprecated and their documentation is omitted from the
@@ -22,49 +25,14 @@ Shorewall 4.0.0 RC 1
    Shorewall-perl compiler. This support utilizes the reduced-function
    physdev match support available in Linux kernel 2.6.20 and later.
 
-Problems corrected in 4.0.0 RC 1.
+Problems corrected in 4.0.0 RC 2.
 
-1)  If 'routeback' and 'detectnets' were specified on an interface,
-    limited broadcasts (to 255.255.255.255) and multicasts were dropped
-    when forwarded through the interface. This could cause broadcast
-    and multicast based applications to fail when running through a
-    bridge with 'detectnets'.
+1)  Shorewall-perl now correctly permits zones of type 'ipsec' in the
+    ZONE column of /etc/shorewall/tunnels.
 
-2)  Entries in the hosts file are now more carefully validated by
-    Shorewall-perl. Previously, very obvious typing errors would result
-    in run-time errors.
+Other changes in Shorewall 4.0.0 RC 2.
 
-3)  "shorewall start" and "shorewall restart" with Shorewall-perl no
-    longer fail on SELinux due to iptables-restore not being allowed to
-    read from /var.
-
-4)  ipsec zones are now allowed in the GATEWAY ZONE(S) column when
-    using Shorewall-perl.
-
-5)  A fatal error is now raised if the Shorewall-perl compiler is
-    unable to secure the output file for execute access.
-
-6)  Shell variables that have a value of zero are now handled
-    correctly.
-
-Other changes in Shorewall 4.0.0 RC 1.
-
-1)  The shorewall-perl RPM may no longer be installed under Shorewall
-    3.4. It requires shorewall-common.
-
-2)  The Shorewall-perl compiler's CPU utilization has been reduced
-    further.
-
-3)  ":noah" is now the default for all IPSEC tunnels. Tunnels that use
-    AH (protocol 51) must specify "ipsec:ah" in the TYPE column.
-
-4)  The 'refresh' command has been restored. It now behaves like
-    'restart' except:
-
-    - 'refresh' fails if Shorewall is not started.
-    - A directory name cannot be passed to 'refresh'.
-    - 'refresh' only rebuilds the static blacklist whereas 'restore'
-      rebuilds the entire Netfilter ruleset.
+None.
 
 Migration Considerations:
 

Shorewall-perl/Shorewall/Tunnels.pm

@@ -81,7 +81,8 @@ sub setup_tunnels() {
 	unless ( $gatewayzones eq '-' ) {
 	    for my $zone ( split /,/, $gatewayzones ) {
 		fatal_error "Unknown zone ($zone)" unless $zones{$zone};
-		fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall';
+		my $type = $zones{$zone}{type};
+		fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4';
 		$inchainref  = ensure_filter_chain "${zone}2${firewall_zone}", 1;
 		$outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;
 		
@@ -227,7 +228,9 @@ sub setup_tunnels() {
 
 	fatal_error "Unknown zone ($zone)" unless $zones{$zone};
 
-	fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4';
+	my $zonetype = $zones{$zone}{type};
+
+	fatal_error "Invalid zone ($zone) for tunnel ZONE" if $zonetype eq 'firewall' || $zonetype eq 'bport4';
 
 	my $inchainref  = ensure_filter_chain "${zone}2${firewall_zone}", 1;
 	my $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;

web/shorewall_index.htm

@@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
 license is included in the section entitled “<a href="GnuCopyright.htm"
 target="_self">GNU Free Documentation License</a>”.</p>
 
-<p>2007-06-29</p>
+<p>2007-07-05</p>
 <hr style="width: 100%; height: 2px;">
 
 <h2>Table of Contents</h2>
@@ -131,20 +131,20 @@ is 3.2.10<br>
     href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li>
 </ul>
 The <span style="font-weight: bold;">current Development Release</span> is
-4.0.0 Beta 7 
+4.0.0 RC1 
 <ul>
   <li>Here are the <a
-    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/releasenotes.txt">release
+    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/releasenotes.txt">release
     notes</a> <br>
   </li>
   <li>Here are the <a
-    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/known_problems.txt">known
+    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/known_problems.txt">known
     problems</a> and <a
-    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/errata/">updates</a>.</li>
+    href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/errata/">updates</a>.</li>
 </ul>
 
 <div style="margin-left: 40px;">
-Read about the <a href="Shorewall-4.html">New Development Release
+Read about the <a href="4.0/Shorewall-4.html">New Development Release
 here</a>.<br>
 </div>
 </div>