mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Bring trunk up to date with branch/4.0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7113 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e2174e5496
commit
aa523ea52c
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1424,7 +1424,7 @@ undo_routing() {
|
|||||||
# Restore rt_tables database
|
# Restore rt_tables database
|
||||||
#
|
#
|
||||||
if [ -f ${VARDIR}/rt_tables ]; then
|
if [ -f ${VARDIR}/rt_tables ]; then
|
||||||
cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
|
[ -w /etc/iproute2/rt_table ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
|
||||||
rm -f ${VARDIR}/rt_tables
|
rm -f ${VARDIR}/rt_tables
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall-common
|
%define name shorewall-common
|
||||||
%define version 4.0.1
|
%define version 4.0.2
|
||||||
%define release 1
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -240,6 +240,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.0.2-1
|
||||||
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.0.1-1
|
- Updated to 4.0.1-1
|
||||||
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall-lite
|
%define name shorewall-lite
|
||||||
%define version 4.0.1
|
%define version 4.0.2
|
||||||
%define release 1
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||||
@ -98,6 +98,8 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.0.2-1
|
||||||
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.0.1-1
|
- Updated to 4.0.1-1
|
||||||
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -35,7 +35,7 @@ use strict;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( setup_accounting );
|
our @EXPORT = qw( setup_accounting );
|
||||||
our @EXPORT_OK = qw( );
|
our @EXPORT_OK = qw( );
|
||||||
our $VERSION = 4.00;
|
our $VERSION = 4.01;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Initialize globals -- we take this novel approach to globals initialization to allow
|
||||||
@ -64,6 +64,11 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
|||||||
|
|
||||||
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark ) = @_;
|
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark ) = @_;
|
||||||
|
|
||||||
|
sub check_for_builtin( $ ) {
|
||||||
|
my $chainref = shift;
|
||||||
|
fatal_error "A builtin Chain ($jumpchainref->{name}) may not appear in the accounting file" if $chainref->{builtin};
|
||||||
|
}
|
||||||
|
|
||||||
sub accounting_error() {
|
sub accounting_error() {
|
||||||
warning_message "Invalid Accounting rule";
|
warning_message "Invalid Accounting rule";
|
||||||
}
|
}
|
||||||
@ -71,6 +76,7 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
|||||||
sub jump_to_chain( $ ) {
|
sub jump_to_chain( $ ) {
|
||||||
my $jumpchain = $_[0];
|
my $jumpchain = $_[0];
|
||||||
$jumpchainref = ensure_chain( 'filter', $jumpchain );
|
$jumpchainref = ensure_chain( 'filter', $jumpchain );
|
||||||
|
check_for_builtin( $jumpchainref );
|
||||||
mark_referenced $jumpchainref;
|
mark_referenced $jumpchainref;
|
||||||
"-j $jumpchain";
|
"-j $jumpchain";
|
||||||
}
|
}
|
||||||
@ -129,12 +135,14 @@ sub process_accounting_rule( $$$$$$$$$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$chain = 'accounting';
|
$chain = 'accounting' unless $chain and $chain ne '-';
|
||||||
$dest = ALLIPv4 if $dest eq 'any' || $dest eq 'all';
|
$dest = ALLIPv4 if $dest eq 'any' || $dest eq 'all';
|
||||||
}
|
}
|
||||||
|
|
||||||
my $chainref = ensure_filter_chain $chain , 0;
|
my $chainref = ensure_filter_chain $chain , 0;
|
||||||
|
|
||||||
|
check_for_builtin( $chainref );
|
||||||
|
|
||||||
expand_rule
|
expand_rule
|
||||||
$chainref ,
|
$chainref ,
|
||||||
$restriction ,
|
$restriction ,
|
||||||
|
@ -128,7 +128,7 @@ our @EXPORT = qw( STANDARD
|
|||||||
%targets
|
%targets
|
||||||
);
|
);
|
||||||
our @EXPORT_OK = qw( initialize );
|
our @EXPORT_OK = qw( initialize );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Chain Table
|
# Chain Table
|
||||||
|
@ -41,7 +41,7 @@ use Shorewall::Proxyarp;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG );
|
our @EXPORT = qw( compiler EXPORT TIMESTAMP DEBUG );
|
||||||
our @EXPORT_OK = qw( $export );
|
our @EXPORT_OK = qw( $export );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
our $export;
|
our $export;
|
||||||
|
|
||||||
|
@ -93,7 +93,7 @@ our @EXPORT = qw(
|
|||||||
%capabilities );
|
%capabilities );
|
||||||
|
|
||||||
our @EXPORT_OK = qw( $shorewall_dir initialize read_a_line1 set_config_path );
|
our @EXPORT_OK = qw( $shorewall_dir initialize read_a_line1 set_config_path );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
#
|
#
|
||||||
# describe the current command, it's present progressive, and it's completion.
|
# describe the current command, it's present progressive, and it's completion.
|
||||||
@ -198,7 +198,7 @@ sub initialize() {
|
|||||||
ORIGINAL_POLICY_MATCH => '',
|
ORIGINAL_POLICY_MATCH => '',
|
||||||
LOGPARMS => '',
|
LOGPARMS => '',
|
||||||
TC_SCRIPT => '',
|
TC_SCRIPT => '',
|
||||||
VERSION => '4.0.1',
|
VERSION => '4.0.2',
|
||||||
CAPVERSION => 30405 ,
|
CAPVERSION => 30405 ,
|
||||||
);
|
);
|
||||||
#
|
#
|
||||||
@ -288,6 +288,7 @@ sub initialize() {
|
|||||||
EXPORTPARAMS => undef,
|
EXPORTPARAMS => undef,
|
||||||
SHOREWALL_COMPILER => undef,
|
SHOREWALL_COMPILER => undef,
|
||||||
EXPAND_POLICIES => undef,
|
EXPAND_POLICIES => undef,
|
||||||
|
ACCOUNTING_EXPERT => undef,
|
||||||
#
|
#
|
||||||
# Packet Disposition
|
# Packet Disposition
|
||||||
#
|
#
|
||||||
@ -1417,6 +1418,7 @@ sub get_configuration( $ ) {
|
|||||||
|
|
||||||
default_yes_no 'EXPORTPARAMS' , '';
|
default_yes_no 'EXPORTPARAMS' , '';
|
||||||
default_yes_no 'EXPAND_POLICIES' , '';
|
default_yes_no 'EXPAND_POLICIES' , '';
|
||||||
|
default_yes_no 'ACCOUNTING_EXPERT' , '';
|
||||||
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
|
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
|
||||||
|
|
||||||
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};
|
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};
|
||||||
|
@ -34,7 +34,7 @@ use strict;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( validate_policy apply_policy_rules complete_standard_chain sub setup_syn_flood_chains );
|
our @EXPORT = qw( validate_policy apply_policy_rules complete_standard_chain sub setup_syn_flood_chains );
|
||||||
our @EXPORT_OK = qw( );
|
our @EXPORT_OK = qw( );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Create a new policy chain and return a reference to it.
|
# Create a new policy chain and return a reference to it.
|
||||||
|
@ -35,7 +35,7 @@ use strict;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( setup_providers @routemarked_interfaces);
|
our @EXPORT = qw( setup_providers @routemarked_interfaces);
|
||||||
our @EXPORT_OK = qw( initialize );
|
our @EXPORT_OK = qw( initialize );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
use constant { LOCAL_NUMBER => 255,
|
use constant { LOCAL_NUMBER => 255,
|
||||||
MAIN_NUMBER => 254,
|
MAIN_NUMBER => 254,
|
||||||
@ -412,7 +412,10 @@ sub setup_providers() {
|
|||||||
'restore_default_route' );
|
'restore_default_route' );
|
||||||
}
|
}
|
||||||
|
|
||||||
emit 'cat > /etc/iproute2/rt_tables <<EOF';
|
emit( 'if [ -w /etc/iproute2/rt_tables ]; then',
|
||||||
|
' cat > /etc/iproute2/rt_tables <<EOF' );
|
||||||
|
|
||||||
|
push_indent;
|
||||||
|
|
||||||
emit_unindented join( "\n",
|
emit_unindented join( "\n",
|
||||||
'#',
|
'#',
|
||||||
@ -433,6 +436,10 @@ sub setup_providers() {
|
|||||||
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pop_indent;
|
||||||
|
|
||||||
|
emit "fi\n";
|
||||||
|
|
||||||
my $fn = open_file 'route_rules';
|
my $fn = open_file 'route_rules';
|
||||||
|
|
||||||
if ( $fn ) {
|
if ( $fn ) {
|
||||||
|
@ -47,7 +47,7 @@ our @EXPORT = qw( process_tos
|
|||||||
dump_rule_chains
|
dump_rule_chains
|
||||||
);
|
);
|
||||||
our @EXPORT_OK = qw( process_rule process_rule1 initialize );
|
our @EXPORT_OK = qw( process_rule process_rule1 initialize );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Keep track of chains for the /var/lib/shorewall[-lite]/chains file
|
# Keep track of chains for the /var/lib/shorewall[-lite]/chains file
|
||||||
@ -808,13 +808,27 @@ sub setup_mac_lists( $ ) {
|
|||||||
" echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3",
|
" echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3",
|
||||||
'done' );
|
'done' );
|
||||||
} else {
|
} else {
|
||||||
my $variable1 = get_interface_bcasts $interfaces{$interface}{bridge};
|
my $bridge = $interfaces{$interface}{bridge};
|
||||||
|
my $bridgeref = $interfaces{$bridge};
|
||||||
|
|
||||||
|
add_commands( $chainref,
|
||||||
|
"for address in $variable; do" );
|
||||||
|
|
||||||
|
if ( $bridgeref->{broadcasts} ) {
|
||||||
|
for my $address ( @{$bridgeref->{broadcasts}}, '255.255.255.255' ) {
|
||||||
|
add_commands( $chainref ,
|
||||||
|
" echo \"-A $chainref->{name} -s \$address -d $address -j RETURN\" >&3" );
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
my $variable1 = get_interface_bcasts $bridge;
|
||||||
|
|
||||||
add_commands( $chainref,
|
add_commands( $chainref,
|
||||||
"for address in $variable; do",
|
|
||||||
" for address1 in $variable1; do" ,
|
" for address1 in $variable1; do" ,
|
||||||
" echo \"-A $chainref->{name} -s \$address -d \$address1 -j RETURN\" >&3",
|
" echo \"-A $chainref->{name} -s \$address -d \$address1 -j RETURN\" >&3",
|
||||||
" done",
|
" done" );
|
||||||
|
}
|
||||||
|
|
||||||
|
add_commands( $chainref,
|
||||||
" echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3",
|
" echo \"-A $chainref->{name} -s \$address -d 224.0.0.0/4 -j RETURN\" >&3",
|
||||||
'done' );
|
'done' );
|
||||||
}
|
}
|
||||||
@ -1583,15 +1597,23 @@ sub generate_matrix() {
|
|||||||
if ( $capabilities{ADDRTYPE} ) {
|
if ( $capabilities{ADDRTYPE} ) {
|
||||||
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
|
add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
|
||||||
} else {
|
} else {
|
||||||
my $variable = get_interface_bcasts $interface;
|
my $interfaceref = $interfaces{$interface};
|
||||||
my $chain = output_chain $interface;
|
my $chain = output_chain $interface;
|
||||||
my $chainref = $filter_table->{$chain};
|
my $chainref = $filter_table->{$chain};
|
||||||
|
|
||||||
|
if ( $interfaceref->{broadcasts} ) {
|
||||||
|
for my $address ( @{$interfaceref->{broadcasts}} , '255.255.255.255' ) {
|
||||||
|
add_rule( $chainref, "-d $address -j $chain1" );
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
my $variable = get_interface_bcasts $interface;
|
||||||
|
|
||||||
add_commands( $chainref,
|
add_commands( $chainref,
|
||||||
"for address in $variable; do",
|
"for address in $variable; do",
|
||||||
" echo \"-A $chain -d \$address -j $chain1\" >&3",
|
" echo \"-A $chain -d \$address -j $chain1\" >&3",
|
||||||
'done' );
|
'done' );
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
|
add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4 -j $chain1";
|
||||||
}
|
}
|
||||||
|
@ -39,7 +39,7 @@ use strict;
|
|||||||
our @ISA = qw(Exporter);
|
our @ISA = qw(Exporter);
|
||||||
our @EXPORT = qw( setup_tc );
|
our @EXPORT = qw( setup_tc );
|
||||||
our @EXPORT_OK = qw( process_tc_rule initialize );
|
our @EXPORT_OK = qw( process_tc_rule initialize );
|
||||||
our $VERSION = 4.01;
|
our $VERSION = 4.02;
|
||||||
|
|
||||||
our %tcs = ( T => { chain => 'tcpost',
|
our %tcs = ( T => { chain => 'tcpost',
|
||||||
connmark => 0,
|
connmark => 0,
|
||||||
|
@ -59,7 +59,7 @@ our @EXPORT = qw( NOTHING
|
|||||||
@bridges );
|
@bridges );
|
||||||
|
|
||||||
our @EXPORT_OK = qw( initialize );
|
our @EXPORT_OK = qw( initialize );
|
||||||
our $VERSION = 4.00;
|
our $VERSION = 4.01;
|
||||||
|
|
||||||
#
|
#
|
||||||
# IPSEC Option types
|
# IPSEC Option types
|
||||||
@ -121,6 +121,7 @@ our %reservedName = ( all => 1,
|
|||||||
# }
|
# }
|
||||||
# zone => <zone name>
|
# zone => <zone name>
|
||||||
# bridge => <bridge>
|
# bridge => <bridge>
|
||||||
|
# broadcasts => 'none', 'detect' or [ <addr1>, <addr2>, ... ]
|
||||||
# }
|
# }
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
@ -627,12 +628,17 @@ sub validate_interfaces_file( $ )
|
|||||||
}
|
}
|
||||||
|
|
||||||
unless ( $networks eq '' || $networks eq 'detect' ) {
|
unless ( $networks eq '' || $networks eq 'detect' ) {
|
||||||
|
my @broadcasts = split /,/, $networks;
|
||||||
|
|
||||||
for my $address ( split /,/, $networks ) {
|
for my $address ( @broadcasts ) {
|
||||||
fatal_error 'Invalid BROADCAST address' unless $address =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/;
|
fatal_error 'Invalid BROADCAST address' unless $address =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/;
|
||||||
}
|
}
|
||||||
|
|
||||||
warning_message 'Shorewall no longer uses broadcast addresses in rule generation';
|
if ( $capabilities{ADDRTYPE} ) {
|
||||||
|
warning_message 'Shorewall no longer uses broadcast addresses in rule generation when Address Type Match is available';
|
||||||
|
} else {
|
||||||
|
$interfaces{$interface}{broadcasts} = \@broadcasts;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
my $optionsref = {};
|
my $optionsref = {};
|
||||||
|
@ -34,7 +34,8 @@
|
|||||||
# --debug # Print stack trace on warnings and fatal error.
|
# --debug # Print stack trace on warnings and fatal error.
|
||||||
#
|
#
|
||||||
use strict;
|
use strict;
|
||||||
use lib '/usr/share/shorewall-perl';
|
use FindBin;
|
||||||
|
use lib "$FindBin::Bin";
|
||||||
use Shorewall::Compiler;
|
use Shorewall::Compiler;
|
||||||
use Getopt::Long;
|
use Getopt::Long;
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -819,7 +819,7 @@ undo_routing() {
|
|||||||
# Restore rt_tables database
|
# Restore rt_tables database
|
||||||
#
|
#
|
||||||
if [ -f ${VARDIR}/rt_tables ]; then
|
if [ -f ${VARDIR}/rt_tables ]; then
|
||||||
cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
|
[ -w /etc/iproute2/rt_table ] && cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
|
||||||
rm -f ${VARDIR}/rt_tables
|
rm -f ${VARDIR}/rt_tables
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall-perl
|
%define name shorewall-perl
|
||||||
%define version 4.0.1
|
%define version 4.0.2
|
||||||
%define release 1
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall Perl-based compiler.
|
Summary: Shoreline Firewall Perl-based compiler.
|
||||||
@ -72,6 +72,8 @@ fi
|
|||||||
%doc COPYING releasenotes.txt
|
%doc COPYING releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.0.2-1
|
||||||
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.0.1-1
|
- Updated to 4.0.1-1
|
||||||
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.0.1
|
VERSION=4.0.2
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -372,6 +372,8 @@ __EOF__
|
|||||||
save_command restore_default_route
|
save_command restore_default_route
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
save_command "if [ -w /etc/iproute2/rt_tables ]; then"
|
||||||
|
|
||||||
cat >&3 << __EOF__
|
cat >&3 << __EOF__
|
||||||
${INDENT} cat > /etc/iproute2/rt_tables <<EOF
|
${INDENT} cat > /etc/iproute2/rt_tables <<EOF
|
||||||
#
|
#
|
||||||
@ -395,6 +397,9 @@ __EOF__
|
|||||||
__EOF__
|
__EOF__
|
||||||
done
|
done
|
||||||
|
|
||||||
|
save_command "fi"
|
||||||
|
save_command
|
||||||
|
|
||||||
if [ -s $TMP_DIR/route_rules ]; then
|
if [ -s $TMP_DIR/route_rules ]; then
|
||||||
progress_message2 "$DOING $(find_file route_rules)..."
|
progress_message2 "$DOING $(find_file route_rules)..."
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define name shorewall-shell
|
%define name shorewall-shell
|
||||||
%define version 4.0.1
|
%define version 4.0.2
|
||||||
%define release 1
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -81,6 +81,8 @@ fi
|
|||||||
%doc COPYING INSTALL
|
%doc COPYING INSTALL
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 09 2007 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.0.2-1
|
||||||
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
* Sat Jul 21 2007 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.0.1-1
|
- Updated to 4.0.1-1
|
||||||
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
* Wed Jul 11 2007 Tom Eastep tom@shorewall.net
|
||||||
|
92
web/News.htm
92
web/News.htm
@ -24,9 +24,99 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
|
|||||||
License</a></span>”.<br>
|
License</a></span>”.<br>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>July 30, 2007</p>
|
<p>August 10, 2007</p>
|
||||||
<hr style="width: 100%; height: 2px;">
|
<hr style="width: 100%; height: 2px;">
|
||||||
|
|
||||||
|
<p><strong>2007-08-10 Shorewall 4.0.2</strong></p>
|
||||||
|
<pre>Problems corrected in 4.0.2
|
||||||
|
|
||||||
|
1) The Shorewall-perl compiler was still generating invalid
|
||||||
|
iptables-restore input from entries in /etc/shorewall/ecn.
|
||||||
|
|
||||||
|
2) When using Shorewall-perl, unless an interface was specified as
|
||||||
|
'optional' in the interfaces file, the 'restore' command would
|
||||||
|
fail if the routes through the interface or the addresses on the
|
||||||
|
interface could not be detected.
|
||||||
|
|
||||||
|
Route detection occurs when the interface is named in the SOURCE
|
||||||
|
column of the masq file. Address detection occurs when
|
||||||
|
DETECT_DNAT_IPADDRS=Yes and the interface is the SOURCE for a DNAT
|
||||||
|
or REDIRECT rule or when 'maclist' is specified for the interface.
|
||||||
|
|
||||||
|
Since the 'restore' command doesn't use the detected information,
|
||||||
|
detection is now skipped if the command is 'restore'.
|
||||||
|
|
||||||
|
3) It was not previously possible to define traffic shaping on a
|
||||||
|
bridge port; the generated script complained that the
|
||||||
|
interface was not up and configured.
|
||||||
|
|
||||||
|
4) When Shorewall-shell was not installed, certain options in
|
||||||
|
/etc/shorewall/interfaces and /etc/shorewall/hosts would cause the
|
||||||
|
'add' and 'delete' commands to fail with a missing library error.
|
||||||
|
|
||||||
|
OPTION FILE
|
||||||
|
maclist interfaces,hosts
|
||||||
|
proxyarp interfaces
|
||||||
|
|
||||||
|
5) The /var/lib/shorewall/zones file was being overwritten during
|
||||||
|
processing of the 'refresh' command by a script generated with
|
||||||
|
Shorewall-perl. The result was that hosts previously added to
|
||||||
|
dynamic zones could not be deleted after the 'refresh'.
|
||||||
|
|
||||||
|
6) If the file named as the output file in a Shorewall-perl 'compile'
|
||||||
|
command was a symbolic link, the generated error message
|
||||||
|
erroneously stated that the file's parent directory was a symbolic
|
||||||
|
link.
|
||||||
|
|
||||||
|
As part of this change, cosmetic changes were made to a number of
|
||||||
|
other error messages.
|
||||||
|
|
||||||
|
7) Some intra-zone rules were missing when a zone involved multiple
|
||||||
|
interfaces or when a zone included both IPSEC and non-IPSEC
|
||||||
|
networks.
|
||||||
|
|
||||||
|
8) Shorewall was not previously loading the xt_multiport kernel
|
||||||
|
module.
|
||||||
|
|
||||||
|
9) The Russian and French translations no longer have English headings
|
||||||
|
on notes, cautions, etc..
|
||||||
|
|
||||||
|
10) Previously, using a port list in the DEST PORT(S) column of the
|
||||||
|
rules file or in an action file could cause an invalid iptables
|
||||||
|
command to be generated by Shorewall-shell.
|
||||||
|
|
||||||
|
11) If there were no bridges in a configuration, Shorewall-perl would
|
||||||
|
ignore the CHAIN column in /etc/shorewall/accounting.
|
||||||
|
|
||||||
|
Other changes in 4.0.2
|
||||||
|
|
||||||
|
1) Shorewall-perl now detects when a port range is included in a list
|
||||||
|
of ports and iptables/kernel support for Extended Multi-port Match
|
||||||
|
is not available. This avoids an iptables-restore failure at
|
||||||
|
run-time.
|
||||||
|
|
||||||
|
2) Most chains created by Shorewall-shell have names that can be
|
||||||
|
embedded within shell variable names. This is a workaround for
|
||||||
|
limitations in the shell programming language which has no
|
||||||
|
equivalent to Perl hashes. Often chain names must have the name of
|
||||||
|
a network interface encoded in them. Given that interface names can
|
||||||
|
contain characters that are invalid in a shell variable name,
|
||||||
|
Shorewall-shell performs a name mapping which was carried forward to
|
||||||
|
Shorewall-perl:
|
||||||
|
|
||||||
|
- Trailing '+' is dropped.
|
||||||
|
- The characters ".", "-", "%' and "@" are translated to "_".
|
||||||
|
|
||||||
|
This mapping has been elminated in the 4.0.2 release of Shorewall-
|
||||||
|
perl. So where before you would see chain "eth0_0_in", you may now
|
||||||
|
see the same chain named "eth0.0_in". Similarly, a chain previously
|
||||||
|
named "ppp_fwd" may now be called "ppp+_fwd".
|
||||||
|
|
||||||
|
3) Shorewall-perl now uses the contents of the BROADCAST column in
|
||||||
|
/etc/shorewall/interfaces when the Address Type match capability is
|
||||||
|
not available.</pre>
|
||||||
|
<hr>
|
||||||
|
|
||||||
<p><strong>2007-07-30 Shorewall 4.0.1</strong></p>
|
<p><strong>2007-07-30 Shorewall 4.0.1</strong></p>
|
||||||
<pre>Problems corrected in 4.0.1.
|
<pre>Problems corrected in 4.0.1.
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
|
|||||||
license is included in the section entitled “<a href="GnuCopyright.htm"
|
license is included in the section entitled “<a href="GnuCopyright.htm"
|
||||||
target="_self">GNU Free Documentation License</a>”.</p>
|
target="_self">GNU Free Documentation License</a>”.</p>
|
||||||
|
|
||||||
<p>2007-07-30</p>
|
<p>2007-08-10</p>
|
||||||
<hr style="width: 100%; height: 2px;">
|
<hr style="width: 100%; height: 2px;">
|
||||||
|
|
||||||
<h2>Table of Contents</h2>
|
<h2>Table of Contents</h2>
|
||||||
@ -103,17 +103,17 @@ Features page</a>.<br>
|
|||||||
<h3><a name="Releases"></a>Current Shorewall Releases</h3>
|
<h3><a name="Releases"></a>Current Shorewall Releases</h3>
|
||||||
|
|
||||||
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current
|
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current
|
||||||
Stable Release</span> version is 4.0.1<br>
|
Stable Release</span> version is 4.0.2<br>
|
||||||
</p>
|
</p>
|
||||||
<ul style="margin-left: 40px;">
|
<ul style="margin-left: 40px;">
|
||||||
<li>Here are the <a
|
<li>Here are the <a
|
||||||
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.1/releasenotes.txt">release
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/releasenotes.txt">release
|
||||||
notes</a> <br>
|
notes</a> <br>
|
||||||
</li>
|
</li>
|
||||||
<li>Here are the <a
|
<li>Here are the <a
|
||||||
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.1/known_problems.txt">known
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/known_problems.txt">known
|
||||||
problems</a> and <a
|
problems</a> and <a
|
||||||
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.1/errata/">updates</a>.
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/">updates</a>.
|
||||||
<p>Read more about the <a href="Shorewall-4.html">Release here</a>.<br>
|
<p>Read more about the <a href="Shorewall-4.html">Release here</a>.<br>
|
||||||
</p>
|
</p>
|
||||||
</li>
|
</li>
|
||||||
|
Loading…
Reference in New Issue
Block a user