Initialize 4.4.3

2025-01-10 23:58:14 +01:00 · 2009-10-02 11:31:08 -07:00 · 2009-10-02 11:31:08 -07:00 · 964cba79a9
commit 964cba79a9
parent 065808be16
19 changed files with 122 additions and 98 deletions
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,5 +1,5 @@
 %define name shorewall-lite
-%define version 4.4.2
+%define version 4.4.3
 %define release 0base
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.3-0base
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -328,7 +328,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.2",
+		    VERSION => "4.4.3",
 		    CAPVERSION => 40402 ,
 		  );
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,3 +1,7 @@
 Changes in Shorewall 4.4.3
 None.
 Changes in Shorewall 4.4.2
 1)  BUGFIX: Correct detection of Persistent SNAT support
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -1 +1 @@
-There are no known problems in Shorewall version 4.4.2
+There are no known problems in Shorewall version 4.4.3
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -1,4 +1,4 @@
-Shorewall 4.4.2
+Shorewall 4.4.3
 ----------------------------------------------------------------------------
               R E L E A S E  4 . 4  H I G H L I G H T S
@ -170,58 +170,10 @@ Shorewall 4.4.2
    then it may have no additional members in /etc/shorewall/hosts.
 ----------------------------------------------------------------------------
-          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2
+          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 3
 ----------------------------------------------------------------------------
-1)  Detection of Persistent SNAT was broken in the rules compiler. 
+None.
 2)  Initialization of the compiler's chain table was occurring before 
    shorewall.conf had been read and before the capabilities had been
    determined. This could lead to incorrect rules and Perl runtime
    errors.
 3)  The 'shorewall check' command previously did not detect errors in
    /etc/shorewall/routestopped.
 4)  In earlier versions, if a file with the same name as a built-in
    action were present in the CONFIG_PATH, then the compiler would
    process that file like it was an extension script.
    The compiler now ignores the presence of such files.
 5)  Several configuration issues which previously produced an error or
    warning are now handled differently.
    a)  MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
        handled as they were by the old shell-based compiler. That is,
        they cause pre-3.0 built-in actions to be mapped automatically
        to the corresponding macro invocation.
    b)  SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a
        warning.
    c)  DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now
        a warning.
    d)  RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
        a warning.
 6)  Previously, it was not possible to specify an IP address range in
    ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
    for the patch.
 7)  The 'wait4ifup' script included for Debian compatibility now runs
    correctly with no PATH.
 8)  The new per-IP LIMIT feature now works with ancient iptables
    releases (e.g., 1.3.5 as found on RHEL 5). This change required
    testing for an additional capability which means that those who use
    a capabilities file should regenerate that file after installing
    4.4.2.
 9)  One unintended difference between Shorewall-shell and
    Shorewall-perl was that Shorewall-perl did not support the MARK
    column in action bodies. This has been corrected.
 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
@ -230,38 +182,10 @@ Shorewall 4.4.2
 None.
 ----------------------------------------------------------------------------
-                N E W   F E A T U R E S   I N   4 . 4 . 2
+                N E W   F E A T U R E S   I N   4 . 4 . 3
 ----------------------------------------------------------------------------
-1)  Prior to this release, line continuation has taken precedence over 
+None.
    #-style comments. This prevented us from doing the following:
    	    ACCEPT    net:206.124.146.176,\   #Gateway
 	    	          206.124.146.177,\   #Mail
 			  206.124.146.178\    #Server
 			  		      ...
    Now, unless a line ends with '\', any trailing comment is stripped
    off (including any white-space preceding the '#'). Then if the line
    ends with '\', it is treated as a continuation line as normal.
 2)  Three new columns have been added to FORMAT-2 macro bodies.
    	  MARK
 	  CONNLIMIT
 	  TIME
    These three columns correspond to the similar columns in
    /etc/shorewall/rules and must be empty in macros invoked from an
    action.
 3)  Accounting chains may now have extension scripts. Simply place your
    Perl script in the file /etc/shorewall/<chain> and when the
    accounting chain named <chain> is created, your script will be
    invoked.
    As usual, the variable $chainref will contain a reference to the
    chain's table entry.
 ----------------------------------------------------------------------------
                N E W   F E A T U R E S   I N   4 . 4 . 0
@ -1005,3 +929,91 @@ None.
 5)  A flaw in the parsing logic for the zones file allowed most zone
    types containing the character string 'ip' to be accepted as a
    synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration).
 ----------------------------------------------------------------------------
          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2
 ----------------------------------------------------------------------------
 1)  Detection of Persistent SNAT was broken in the rules compiler. 
 2)  Initialization of the compiler's chain table was occurring before 
    shorewall.conf had been read and before the capabilities had been
    determined. This could lead to incorrect rules and Perl runtime
    errors.
 3)  The 'shorewall check' command previously did not detect errors in
    /etc/shorewall/routestopped.
 4)  In earlier versions, if a file with the same name as a built-in
    action were present in the CONFIG_PATH, then the compiler would
    process that file like it was an extension script.
    The compiler now ignores the presence of such files.
 5)  Several configuration issues which previously produced an error or
    warning are now handled differently.
    a)  MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
        handled as they were by the old shell-based compiler. That is,
        they cause pre-3.0 built-in actions to be mapped automatically
        to the corresponding macro invocation.
    b)  SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a
        warning.
    c)  DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now
        a warning.
    d)  RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
        a warning.
 6)  Previously, it was not possible to specify an IP address range in
    ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
    for the patch.
 7)  The 'wait4ifup' script included for Debian compatibility now runs
    correctly with no PATH.
 8)  The new per-IP LIMIT feature now works with ancient iptables
    releases (e.g., 1.3.5 as found on RHEL 5). This change required
    testing for an additional capability which means that those who use
    a capabilities file should regenerate that file after installing
    4.4.2.
 9)  One unintended difference between Shorewall-shell and
    Shorewall-perl was that Shorewall-perl did not support the MARK
    column in action bodies. This has been corrected.
 ----------------------------------------------------------------------------
                N E W   F E A T U R E S   I N   4 . 4 . 2
 ----------------------------------------------------------------------------
 1)  Prior to this release, line continuation has taken precedence over 
    #-style comments. This prevented us from doing the following:
    	    ACCEPT    net:206.124.146.176,\   #Gateway
 	    	          206.124.146.177,\   #Mail
 			  206.124.146.178\    #Server
 			  		      ...
    Now, unless a line ends with '\', any trailing comment is stripped
    off (including any white-space preceding the '#'). Then if the line
    ends with '\', it is treated as a continuation line as normal.
 2)  Three new columns have been added to FORMAT-2 macro bodies.
    	  MARK
 	  CONNLIMIT
 	  TIME
    These three columns correspond to the similar columns in
    /etc/shorewall/rules and must be empty in macros invoked from an
    action.
 3)  Accounting chains may now have extension scripts. Simply place your
    Perl script in the file /etc/shorewall/<chain> and when the
    accounting chain named <chain> is created, your script will be
    invoked.
    As usual, the variable $chainref will contain a reference to the
    chain's table entry.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,5 +1,5 @@
 %define name shorewall
-%define version 4.4.2
+%define version 4.4.3
 %define release 0base
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 %changelog
 * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.3-0base
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/fallback.sh
+++ b/Shorewall6-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -1,5 +1,5 @@
 %define name shorewall6-lite
-%define version 4.4.2
+%define version 4.4.3
 %define release 0base
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.3-0base
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/fallback.sh
+++ b/Shorewall6/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -1,5 +1,5 @@
 %define name shorewall6
-%define version 4.4.2
+%define version 4.4.3
 %define release 0base
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 %changelog
 * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.3-0base
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.2
+VERSION=4.4.3
 usage() # $1 = exit status
 {
`@ -1 +1 @@`
	`There are no known problems in Shorewall version 4.4.2`	`There are no known problems in Shorewall version 4.4.3`