diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index b538bc30a..fdb5e63a0 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -41,3 +41,5 @@ Changes since 1.3.14 18. Support 802.11b devices with maclist. +19. Don't detect loopback simply by name. + diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index 22222ecfb..a6a997d9c 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=1.4.0Alpha1 +VERSION=1.4.0-Beta1 usage() # $1 = exit status { diff --git a/Shorewall/firewall b/Shorewall/firewall index 8c3b8d77f..c5e99f493 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -563,8 +563,9 @@ validate_interfaces_file() { validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\"" fi - [ "x$interface" = "xlo" ] && \ - startup_error "The loopback interface (lo) may not be defined in /etc/shorewall/interfaces" + if [ -n "`ip link show $interface 2> /dev/null | grep LOOPBACK`" ]; then + startup_error "The loopback interface ($interface) may not be defined in /etc/shorewall/interfaces" + fi list_search $interface $all_interfaces && \ startup_error "Duplicate Interface $interface" @@ -3295,6 +3296,13 @@ load_kernel_modules() { fi } +# Verify that the 'ip' program is installed + +verify_ip() { + qt which ip ||\ + startup_error "Shorewall $version requires the iproute package ('ip' utility)" +} + # # Perform Initialization # - Delete all old rules @@ -3600,11 +3608,11 @@ add_common_rules() { for interface in $norfc1918_interfaces; do for chain in `first_chains $interface`; do - run_iptables -A $chain -j rfc1918 + run_iptables -A $chain -m state --state NEW -j rfc1918 done [ -n "$MANGLE_ENABLED" ] && \ - run_iptables -t mangle -A PREROUTING -i $interface -j man1918 + run_iptables -t mangle -A PREROUTING -m state --state NEW -i $interface -j man1918 done fi @@ -3943,6 +3951,8 @@ define_firewall() # $1 = Command (Start or Restart) verify_os_version + verify_ip + load_kernel_modules echo "Initializing..." diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 91f889209..dbf3d36a2 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=1.4.0Alpha1 +VERSION=1.4.0-Beta1 usage() # $1 = exit status { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 02111a2e3..70b567973 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -62,6 +62,10 @@ Changes for 1.4 include: 7. 802.11b devices with names of the form wlan now support the 'maclist' option. +8. IMPORTANT: Shorewall now REQUIRES the iproute package ('ip' + utility). + + diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index dc2a17679..80487d244 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 1.4.0 -%define release 0Alpha1 +%define release 0Beta1 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -15,7 +15,7 @@ Source: %{name}-%{version}.tgz URL: http://www.shorewall.net/ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-root -Requires: iptables +Requires: iptables iproute Conflicts: kernel <= 2.2 %description @@ -104,6 +104,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Fri Feb 21 2003 Tom Eastep +- Changes version to 1.4.0-0Beta1 * Thu Feb 06 2003 Tom Eastep - Changes version to 1.4.0Alpha1 - Delete icmp.def diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index d17eab351..b778e2082 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=1.4.0Alpha1 +VERSION=1.4.0-Beta1 usage() # $1 = exit status {