Shorewall 1.4.8-RC1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -30,3 +30,6 @@ Changes since 1.4.7
     lengthening the variable name.
 
 13) Applied and improved Eric Bowles's fix for route filtering.
+
+14) Corrected handling of /32 addresses with broadcast in maclist
+    processing.

Shorewall/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {

Shorewall/install.sh

@@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {

Shorewall/releasenotes.txt

@@ -46,13 +46,18 @@ Problems Corrected since version 1.4.7:
 
 9) Previously, neither the 'routefilter' interface option nor the
    ROUTE_FILTER parameter were working properly. This has been
-   corrected. The definition of the ROUTE_FILTER option has changed
-   however. Previously, ROUTE_FILTER=Yes was documented as enabling
-   route filtering on all interfaces (which didn't work). Beginning
-   with this release, setting ROUTE_FILTER=Yes will enable route
-   filtering of all interfaces brought up while Shorewall is
-   started. As a consequence, ROUTE_FILTER=Yes can coexist with the use
-   of the 'routefilter' option in the interfaces file.
+   corrected (thanks to Eric Bowles for his patch). The definition
+   of the ROUTE_FILTER option has changed however. Previously,
+   ROUTE_FILTER=Yes was documented as enabling route filtering on all
+   interfaces (which didn't work). Beginning with this release, setting
+   ROUTE_FILTER=Yes will enable route filtering of all interfaces
+   brought up while Shorewall is started. As a consequence,
+   ROUTE_FILTER=Yes can coexist with the use of the 'routefilter'
+   option in the interfaces file.
+
+10) If MAC verification was enabled on an interface that had a /32
+    address with a broadcast address then an error would occur during
+    startup.
 
 Migration Issues:
 
@@ -62,22 +67,23 @@ Migration Issues:
 New Features:
 
 1. A new QUEUE action has been introduced for rules. QUEUE allows you
-   to pass connection requests to a user-space filter such as p2pwall
-   (http://p2pwall.sourceforge.net).
+   to pass connection requests to a user-space filter such as ftwall
+   (http://p2pwall.sourceforge.net). The ftwall program allows for
+   effective filtering of p2p applications such as Kazaa.
 
-   For example, to use p2pwall to filter P2P applications, you would
-   add the following rules:
+   For example, to use ftwall to filter P2P clients in your 'loc' zone,
+   you would add the following rules:
 
    QUEUE   loc	     net	tcp
    QUEUE   loc	     net	udp
    QUEUE   loc	     fw		udp
 
-   You would normally want to place those two rules BEFORE any ACCEPT
-   rules for loc->net.
+   You would normally want to place those three rules BEFORE any ACCEPT
+   rules for loc->net or loc->fw udp or tcp.
 
    Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
    Shorewall will only pass connection requests (SYN packets) to user
-   space. This is for compatibility with p2pwall.
+   space. This is for compatibility with ftwall.
 
 2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
    this option is set to "Yes", the blacklists (dynamic and static)

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
-%define version 1.4.7
-%define release 1
+%define version 1.4.8
+%define release 0RC1
 %define prefix /usr
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@@ -108,6 +108,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Thu Oct 30 2003 Tom Eastep <tom@shorewall.net>
+- Changed version to 1.4.8-0RC1
 * Sat Oct 04 2003 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.7-1
 - Removed conflict with 2.2 Kernels

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {