final 1.4.0 Beta1 Changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@461 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -41,3 +41,5 @@ Changes since 1.3.14
 
 18. Support 802.11b devices with maclist.
 
+19. Don't detect loopback simply by name.
+

Shorewall/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of 
 #       Shoreline Firewall.
 
-VERSION=1.4.0Alpha1
+VERSION=1.4.0-Beta1
 
 usage() # $1 = exit status
 {

Shorewall/firewall

@@ -563,8 +563,9 @@ validate_interfaces_file() {
 	    validate_zone $z || startup_error "Invalid zone ($z) in record \"$r\""
 	fi
 
-	[ "x$interface" = "xlo" ] && \
+	if [ -n "`ip link show $interface 2> /dev/null | grep LOOPBACK`" ]; then
-	    startup_error "The loopback interface (lo) may not be defined in /etc/shorewall/interfaces"
+	    startup_error "The loopback interface ($interface) may not be defined in /etc/shorewall/interfaces"
+	fi
 
 	list_search $interface $all_interfaces && \
 	    startup_error "Duplicate Interface $interface"
@@ -3295,6 +3296,13 @@ load_kernel_modules() {
     fi
 }
 
+# Verify that the 'ip' program is installed
+
+verify_ip() {
+    qt which ip ||\
+	startup_error "Shorewall $version requires the iproute package ('ip' utility)"
+}
+
 #
 # Perform Initialization
 #	- Delete all old rules
@@ -3600,11 +3608,11 @@ add_common_rules() {
 	    
 	for interface in $norfc1918_interfaces; do
 	    for chain in `first_chains $interface`; do
-		run_iptables -A $chain -j rfc1918
+		run_iptables -A $chain -m state --state NEW -j rfc1918
 	    done
 	    
 	    [ -n "$MANGLE_ENABLED" ] && \
-		run_iptables -t mangle -A PREROUTING -i $interface -j man1918
+		run_iptables -t mangle -A PREROUTING -m state --state NEW -i $interface -j man1918
 	done
 
     fi
@@ -3943,6 +3951,8 @@ define_firewall() # $1 = Command (Start or Restart)
 
     verify_os_version
 
+    verify_ip
+
     load_kernel_modules
 
     echo "Initializing..."

Shorewall/install.sh

@@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
 
-VERSION=1.4.0Alpha1
+VERSION=1.4.0-Beta1
 
 usage() # $1 = exit status
 {

Shorewall/releasenotes.txt

@@ -62,6 +62,10 @@ Changes for 1.4 include:
 7. 802.11b devices with names of the form wlan<n> now support the
    'maclist' option.
 
+8. IMPORTANT: Shorewall now REQUIRES the iproute package ('ip'
+   utility).
+
+
 
 
  

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 1.4.0
-%define release 0Alpha1
+%define release 0Beta1
 %define prefix /usr
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@@ -15,7 +15,7 @@ Source: %{name}-%{version}.tgz
 URL: http://www.shorewall.net/
 BuildArch: noarch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
-Requires: iptables
+Requires: iptables iproute
 Conflicts: kernel <= 2.2
 
 %description
@@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Fri Feb 21 2003 Tom Eastep <tom@shorewall.net>
+- Changes version to 1.4.0-0Beta1
 * Thu Feb 06 2003 Tom Eastep <tom@shorewall.net>
 - Changes version to 1.4.0Alpha1
 - Delete icmp.def

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=1.4.0Alpha1
+VERSION=1.4.0-Beta1
 
 usage() # $1 = exit status
 {