From 9b1e179b6b89c38bf5efc38ae322b0ff7ef7ead9 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 22 Jan 2007 16:04:11 +0000 Subject: [PATCH] Update Version to Beta3 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5276 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/fallback.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +++- Shorewall-lite/uninstall.sh | 2 +- Shorewall/changelog.txt | 3 +++ Shorewall/compiler | 22 ++++++++++++++++------ Shorewall/fallback.sh | 2 +- Shorewall/install.sh | 2 +- Shorewall/releasenotes.txt | 3 +++ Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- tools/build/publish | 4 +--- 12 files changed, 35 insertions(+), 17 deletions(-) diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index 00dfde6ec..7538422c2 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 4b3db2b69..6a7329262 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index 7270da4c7..e4b4c8766 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 3.4.0 -%define release 0Beta2 +%define release 0Beta3 %define prefix /usr Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -99,6 +99,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Mon Jan 22 2007 Tom Eastep tom@shorewall.net +- Updated to 3.4.0-0Beta3 * Wed Jan 03 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0Beta2 - Handle rename of shorewall.conf diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 589434e81..35affc04c 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c417e3671..21c3c917e 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -8,6 +8,9 @@ Changes in 3.4.0 Beta 3 4) 'noah' is implied by ipsecnat in /etc/shorewall/tunnels. +5) Reduce the number of rules in the 'blacklst' chain when + BLACKLIST_LOGLEVEL is specified. + Changes in 3.4.0 Beta 2 1) Fix for empty blacklist file. diff --git a/Shorewall/compiler b/Shorewall/compiler index bc96a757f..8ae766f1b 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -3208,11 +3208,7 @@ rules_chain() # $1 = source zone, $2 = destination zone # $dport = destination port selector # add_blacklist_rule() { - if [ -n "$BLACKLIST_LOGLEVEL" ]; then - log_rule $BLACKLIST_LOGLEVEL blacklst $BLACKLIST_DISPOSITION $(fix_bang $source $proto $dport) - fi - - run_iptables2 -A blacklst $source $proto $dport -j $disposition + run_iptables2 -A blacklst $source $proto $dport -j $target } # @@ -3299,11 +3295,14 @@ process_blacklist() { local disposition=$BLACKLIST_DISPOSITION local f=$(find_file blacklist) + local target if [ -s $TMP_DIR/blacklist ]; then [ "$disposition" = REJECT ] && disposition=reject + [ -n "$BLACKLIST_LOGLEVEL" ] && target=blacklog || target=$disposition + progress_message2 "Compiling $f..." cat >&3 << __EOF__ @@ -3314,7 +3313,7 @@ load_blacklist() { __EOF__ INDENT=" " - + while read networks protocol ports; do process_blacklist_rec done < $TMP_DIR/blacklist @@ -3337,6 +3336,17 @@ setup_blacklist() { createchain blacklst no + if [ -n "$BLACKLIST_LOGLEVEL" ]; then + createchain blacklog no + log_rule_limit $BLACKLIST_LOGLEVEL blacklog blacklst $BLACKLIST_DISPOSITION "$LOGLIMIT" "" -A + + if [ $BLACKLIST_DISPOSITION = REJECT ]; then + run_iptables -A blacklog -j reject + else + run_iptables -A blacklog -j $BLACKLIST_DISPOSITION + fi + fi + [ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state= for host in $hosts; do diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index 5bf46f84b..30350d7fe 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 05f95bf7e..b87c1e019 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index cc85ac8e6..c55272e3f 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -61,6 +61,9 @@ Other Changes in 3.4.0 Beta 3 (unless 'isecnat:noah' was given). Given that AH is incompatible with nat-traversal, 'ipsecnat' now implies 'ipsecnat:noah'. +2) Shorewall now generates half as many rules as previously in the + 'blacklst' chain when BLACKLIST_LOGLEVEL is specified. + Migration Considerations: 1) Shorewall supports the notion of "default actions". A default diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 910233776..cf78df17e 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 3.4.0 -%define release 0Beta2 +%define release 0Beta3 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -257,6 +257,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %changelog +* Mon Jan 22 2007 Tom Eastep tom@shorewall.net +- Updated to 3.4.0-0Beta3 * Wed Jan 03 2007 Tom Eastep tom@shorewall.net - Updated to 3.4.0-0Beta2 * Thu Dec 14 2006 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 77057f2c9..0b852dd13 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.4.0-Beta2 +VERSION=3.4.0-Beta3 usage() # $1 = exit status { diff --git a/tools/build/publish b/tools/build/publish index 335616574..447fc7f98 100755 --- a/tools/build/publish +++ b/tools/build/publish @@ -93,9 +93,7 @@ while [ $# -gt 0 ]; do f="$WEBSITE/$b" fi - GENTOC= - - list_search $1 $NOTOC && GENTOC="--stringparam generate.toc ''" + list_search $1 $NOTOC && GENTOC="--stringparam generate.toc ''" || GENTOC= echo "Converting $1 from XML to HTML ($b) ..."