diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 8230b7b2d..783563f95 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -14,3 +14,5 @@ Changes since 1.4.6 6) Don't allow 'stop' when startup is disabled 7) Added ADMINISABSENTMINDED option. + +8) Fixed adding addresses to ppp interfaces. diff --git a/Shorewall/firewall b/Shorewall/firewall index 7eb45986e..d8fa349f2 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -3246,10 +3246,14 @@ add_ip_aliases() # Get all of the lines that contain inet addresses # ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do - if in_subnet $external $cidr; then - echo "/${cidr#*/} brd `broadcastaddress $cidr`" - break - fi + case $cidr in + */*) + if in_subnet $external $cidr; then + echo "/${cidr#*/} brd `broadcastaddress $cidr`" + break + fi + ;; + esac done } diff --git a/Shorewall/masq b/Shorewall/masq index c127c2ac8..ded26d1b8 100755 --- a/Shorewall/masq +++ b/Shorewall/masq @@ -1,4 +1,4 @@ -# +\# # Shorewall 1.4 - Masquerade file # # /etc/shorewall/masq diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 7b36ddd42..16b848e52 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -9,6 +9,19 @@ Problems Corrected since version 1.4.6: tcrules file. Previously, these addresses resulted in an invalid iptables command. +3) The "shorewall stop" command is now disabled when + /etc/shorewall/startup_disabled exists. This prevents people from + shooting themselves in the foot prior to having configured + Shorewall. + +4) A change introduced in version 1.4.6 caused error messages during + "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were + being added to a PPP interface; the addresses were successfully + added in spite of the messages. + + The firewall script has been modified to eliminate the error + messages. + Migration Issues: 1) Once you have installed this version of Shorewall, you must @@ -34,23 +47,21 @@ New Features: 2) Thanks to Steve Herber, the help command can now give command-specific help. -3) The "shorewall stop" command is now disabled when - /etc/shorewall/startup_disabled exists. This prevents people from - shooting themselves in the foot prior to having configured - Shorewall. - -4) A new option "ADMINISABSENTMINDED" has been added to +3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of - "No" in which case Shorewall's 'stopped' state continues as it has + "No" for existing Shorewall users who are upgrading to this release. + With this setting, Shorewall's 'stopped' state continues as it has been; namely, in the stopped state only traffic to/from hosts listed in /etc/shorewall/routestopped is accepted. - With ADMINISABSENTMINDED=Yes, in addition to traffic to/from the - hosts listed in /etc/shorewall/routestopped, Shorewall will allow: + The default for new users installing Shorewall for the first time is + ADMINISABSENTMINDED=Yes.With that setting, in addition to traffic + to/from the hosts listed in /etc/shorewall/routestopped, Shorewall + will allow: - a) All traffic originating from the firewall itself; and - b) All traffic that is part of or related to an already-existing - connection. + a) All traffic originating from the firewall itself; and + b) All traffic that is part of or related to an already-existing + connection. In particular, with ADMINISABSENTMINDED=Yes, a "shorewall stop" entered through an ssh session will not kill the session. @@ -75,5 +86,3 @@ New Features: stop". As part of stopping, Shorewall removes eth0:0 which kills my SSH connection to 192.168.1.5!!! - -