Changes for 1.4.3a

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@559 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-03 11:29:39 +01:00 · 2003-05-19 23:28:37 +00:00 · 2003-05-19 23:28:37 +00:00 · 8bf7e8e7b4
commit 8bf7e8e7b4
parent 899623cd9e
7 changed files with 27 additions and 4 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -7,3 +7,7 @@ Changes since 1.4.2

 3. Added $LOGMARKER for fireparse support

+4. Return more appropriate ICMP responses if the systems supports them.
+
+5. Silently drop UDP 135 in common.def.
+
--- a/Shorewall/common.def
+++ b/Shorewall/common.def
@ -16,6 +16,7 @@ run_iptables -A common -p icmp -j icmpdef
 ############################################################################
 # NETBIOS chatter
 #
+run_iptables -A common -p udp --dport 135	  -j reject
 run_iptables -A common -p udp --dport 137:139     -j reject
 run_iptables -A common -p udp --dport 445         -j reject
 run_iptables -A common -p tcp --dport 139         -j reject
--- a/Shorewall/fallback.sh
+++ b/Shorewall/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=1.4.3
+VERSION=1.4.3a

 usage() # $1 = exit status
 {
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #

-VERSION=1.4.3
+VERSION=1.4.3a

 usage() # $1 = exit status
 {
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -19,3 +19,19 @@ New Features:
   (http://www.fireparse.com) by setting LOGMARKER="fp=" in
   /etc/shorewall/shorewall.conf. Note: You may not use ULOG
   with fireparse unless you modify fireparse. 
+
+3) If you are running iptables 1.2.7a and kernel 2.4.20, then
+   Shorewall will return reject replies as follows:
+
+   a) tcp - RST
+   b) udp - ICMP port unreachable
+   c) icmp - ICMP host unreachable
+   d) Otherwise - ICMP host prohibited
+
+   If you are running earlier software, Shorewall will follow it's
+   traditional convention:
+
+   a) tcp - RST
+   b) Otherwise - ICMP port unreachable
+
+4) UDP Port 135 is now silently dropped in the common.def chain.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,5 +1,5 @@
 %define name shorewall
-%define version 1.4.3
+%define version 1.4.3a
 %define release 1
 %define prefix /usr

@ -105,6 +105,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel

 %changelog
+* Mon May 19 2003 Tom Eastep <tom@shorewall.net>
+- Changed version to 1.4.3a-1
 * Sun May 18 2003 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.3-1
 * Mon Apr 07 2003 Tom Eastep <tom@shorewall.net>
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall

-VERSION=1.4.3
+VERSION=1.4.3a

 usage() # $1 = exit status
 {