From 97c6eae79e3b77cee8bc88e535fd362a40727d8d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 19 Dec 2002 20:14:10 +0000
Subject: [PATCH] Release 1.3.12-Beta1 Changes; bug fix from Tuomo Soini

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    |  5 +++++
 Shorewall/fallback.sh      | 10 ++++++++-
 Shorewall/firewall         |  2 +-
 Shorewall/init             |  6 ++++++
 Shorewall/install.sh       | 42 +++++++++++++++++++++++++++++++++++++-
 Shorewall/releasenotes.txt | 16 ++++++++++++++-
 Shorewall/shorewall.spec   | 11 ++++++++--
 Shorewall/start            |  6 ++++++
 Shorewall/stop             |  6 ++++++
 Shorewall/stopped          |  6 ++++++
 Shorewall/uninstall.sh     |  2 +-
 11 files changed, 105 insertions(+), 7 deletions(-)
 create mode 100644 Shorewall/init
 create mode 100644 Shorewall/start
 create mode 100644 Shorewall/stop
 create mode 100644 Shorewall/stopped

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 86815d756..b03562be7 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -34,3 +34,8 @@ Changes since 1.3.11
 
 15. Added ULOG target support.
  
+16. Add MARK_IN_FORWARD option.
+
+17. General Cleanup for Release
+
+18. Release changes and add init, start, stop and stopped files.
diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh
index 0ec037a7d..32e2ce85b 100755
--- a/Shorewall/fallback.sh
+++ b/Shorewall/fallback.sh
@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of 
 #       Shoreline Firewall.
 
-VERSION=1.3.11a
+VERSION=1.3.12-Beta1
 
 usage() # $1 = exit status
 {
@@ -119,6 +119,14 @@ restore_file /etc/shorewall/whitelist
 
 restore_file /etc/shorewall/rfc1918
 
+restore_file /etc/shorewall/init
+
+restore_file /etc/shorewall/start
+
+restore_file /etc/shorewall/stop
+
+restore_file /etc/shorewall/stopped
+
 if [ -f /usr/lib/shorewall/version-${VERSION}.bkout ]; then
     restore_file /usr/lib/shorewall/version
     oldversion="`cat /usr/lib/shorewall/version`"
diff --git a/Shorewall/firewall b/Shorewall/firewall
index dd8ab5a08..a86460697 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -234,7 +234,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
 	[ -n "$ALLOWRELATED" ] && state="$state,RELATED"
 	run_iptables -A $1 -m state --state $state -j ACCEPT
 	[ -z "$NEWNOTSYN" ] && \
-	    run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
+	    run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
     fi
 
     eval ${1}_exists=Yes
diff --git a/Shorewall/init b/Shorewall/init
new file mode 100644
index 000000000..d7bee1d0a
--- /dev/null
+++ b/Shorewall/init
@@ -0,0 +1,6 @@
+############################################################################
+# Shorewall 1.3 -- /etc/shorewall/init
+#
+# Add commands below that you want to be executed at the beginning of
+# a "shorewall start" or "shorewall restart" command.
+#
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 1b57b98e2..42286525b 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
 
-VERSION=1.3.11a
+VERSION=1.3.12-Beta1
 
 usage() # $1 = exit status
 {
@@ -488,6 +488,46 @@ else
     echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918"
 fi
 #
+# Install the init file
+#
+if [ -f ${PREFIX}/etc/shorewall/init ]; then
+    backup_file /etc/shorewall/init
+else
+    run_install -o $OWNER -g $GROUP -m 0600 init ${PREFIX}/etc/shorewall/init
+    echo
+    echo "Init file installed as ${PREFIX}/etc/shorewall/init"
+fi
+#
+# Install the start file
+#
+if [ -f ${PREFIX}/etc/shorewall/start ]; then
+    backup_file /etc/shorewall/start
+else
+    run_install -o $OWNER -g $GROUP -m 0600 start ${PREFIX}/etc/shorewall/start
+    echo
+    echo "Start file installed as ${PREFIX}/etc/shorewall/start"
+fi
+#
+# Install the stop file
+#
+if [ -f ${PREFIX}/etc/shorewall/stop ]; then
+    backup_file /etc/shorewall/stop
+else
+    run_install -o $OWNER -g $GROUP -m 0600 stop ${PREFIX}/etc/shorewall/stop
+    echo
+    echo "Stop file installed as ${PREFIX}/etc/shorewall/stop"
+fi
+#
+# Install the stopped file
+#
+if [ -f ${PREFIX}/etc/shorewall/stopped ]; then
+    backup_file /etc/shorewall/stopped
+else
+    run_install -o $OWNER -g $GROUP -m 0600 stopped ${PREFIX}/etc/shorewall/stopped
+    echo
+    echo "Stopped file installed as ${PREFIX}/etc/shorewall/stopped"
+fi
+#
 # Backup the version file
 #
 if [ -z "$PREFIX" ]; then
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 07bbf95e0..f4023ad24 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -4,10 +4,12 @@ New features include:
 
 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
    and tcstart).
+
 2) "shorewall debug [re]start" now turns off debugging after an error
    occurs. This places the point of the failure near the end of the
    trace rather than up in the middle of it.
-3) "shorewall [re]start" has been speeded up by approximately 40% with
+
+3) "shorewall [re]start" has been speeded up by more than 40% with
    my configuration. Your milage may vary. 
 
 4) A "shorewall show classifiers" command has been added which shows
@@ -19,3 +21,15 @@ New features include:
    than the LOG target. This allows you to run ulogd (available from
    www.gnumonks.org/projects/ulogd) and log all Shorewall messages to
    a separate log file.
+
+6) If you are running a kernel that has a FORWARD chain in the mangle
+   table ("shorewall show mangle" will show you the chains in the
+   mangle table), you can set MARK_IN_FORWARD=Yes in
+   shorewall.conf. This allows for marking input packets based on their
+   destination even when you are using Masquerading or SNAT.
+
+7) Since adding commands to files that don't already exist seems to be a
+   challenging notion for some users, I have cluttered up the
+   /etc/shorewall directory with empty 'init', 'start', 'stop' and
+   'stopped' files. If you already have a file with one of these names,
+   don't worry -- the upgrade process won't overwrite your file.
diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec
index 8ad1f1ddf..02bdd0601 100644
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@@ -1,6 +1,6 @@
 %define name shorewall
-%define version 1.3.11a
-%define release 1
+%define version 1.3.12
+%define release 0Beta1
 %define prefix /usr
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@@ -94,6 +94,10 @@ fi
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
 %attr(0544,root,root) /sbin/shorewall
 %attr(0444,root,root) /usr/lib/shorewall/functions
 %attr(0544,root,root) /usr/lib/shorewall/firewall
@@ -101,6 +105,9 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Wed Dec 18 2002 Tom Eastep <tom@shorewall.net>
+- Changes version to 1.3.12
+- Add init, start, stop and stopped files.
 * Tue Dec 03 2002 Tom Eastep <tom@shorewall.net>
 - Changes version to 1.3.11a
 * Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>
diff --git a/Shorewall/start b/Shorewall/start
new file mode 100644
index 000000000..bd36e8544
--- /dev/null
+++ b/Shorewall/start
@@ -0,0 +1,6 @@
+############################################################################
+# Shorewall 1.3 -- /etc/shorewall/start
+#
+# Add commands below that you want to be executed after shorewall has 
+# been started or restarted.
+#
diff --git a/Shorewall/stop b/Shorewall/stop
new file mode 100644
index 000000000..5f097b037
--- /dev/null
+++ b/Shorewall/stop
@@ -0,0 +1,6 @@
+############################################################################
+# Shorewall 1.3 -- /etc/shorewall/stop
+#
+# Add commands below that you want to be executed at the beginning of a
+# "shorewall stop" command.
+#
diff --git a/Shorewall/stopped b/Shorewall/stopped
new file mode 100644
index 000000000..90afeb3ac
--- /dev/null
+++ b/Shorewall/stopped
@@ -0,0 +1,6 @@
+############################################################################
+# Shorewall 1.3 -- /etc/shorewall/stopped
+#
+# Add commands below that you want to be executed at the completion of a
+# "shorewall stop" command.
+#
diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh
index 35c77e5d9..478133cc0 100755
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=1.3.11a
+VERSION=1.3.12-Beta1
 
 usage() # $1 = exit status
 {