extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 01:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Shorewall 1.4.8-RC1

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-10-31 15:29:30 +00:00
parent f046ea3ab1
commit c334e92103
6 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -30,3 +30,6 @@ Changes since 1.4.7
lengthening the variable name. lengthening the variable name.
13) Applied and improved Eric Bowles's fix for route filtering. 13) Applied and improved Eric Bowles's fix for route filtering.
14) Corrected handling of /32 addresses with broadcast in maclist
processing.

2
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=1.4.7 VERSION=1.4.8-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall. # /etc/rc.d/rc.local file is modified to start the firewall.
# #
VERSION=1.4.7 VERSION=1.4.8-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {

34
Shorewall/releasenotes.txt
View File

@ -46,13 +46,18 @@ Problems Corrected since version 1.4.7:
9) Previously, neither the 'routefilter' interface option nor the 9) Previously, neither the 'routefilter' interface option nor the
ROUTE_FILTER parameter were working properly. This has been ROUTE_FILTER parameter were working properly. This has been
corrected. The definition of the ROUTE_FILTER option has changed corrected (thanks to Eric Bowles for his patch). The definition
however. Previously, ROUTE_FILTER=Yes was documented as enabling of the ROUTE_FILTER option has changed however. Previously,
route filtering on all interfaces (which didn't work). Beginning ROUTE_FILTER=Yes was documented as enabling route filtering on all
with this release, setting ROUTE_FILTER=Yes will enable route interfaces (which didn't work). Beginning with this release, setting
filtering of all interfaces brought up while Shorewall is ROUTE_FILTER=Yes will enable route filtering of all interfaces
started. As a consequence, ROUTE_FILTER=Yes can coexist with the use brought up while Shorewall is started. As a consequence,
of the 'routefilter' option in the interfaces file. ROUTE_FILTER=Yes can coexist with the use of the 'routefilter'
option in the interfaces file.
10) If MAC verification was enabled on an interface that had a /32
address with a broadcast address then an error would occur during
startup.
Migration Issues: Migration Issues:
@ -62,22 +67,23 @@ Migration Issues:
New Features: New Features:
1. A new QUEUE action has been introduced for rules. QUEUE allows you 1. A new QUEUE action has been introduced for rules. QUEUE allows you
to pass connection requests to a user-space filter such as p2pwall to pass connection requests to a user-space filter such as ftwall
(http://p2pwall.sourceforge.net). (http://p2pwall.sourceforge.net). The ftwall program allows for
effective filtering of p2p applications such as Kazaa.
For example, to use p2pwall to filter P2P applications, you would For example, to use ftwall to filter P2P clients in your 'loc' zone,
add the following rules: you would add the following rules:
QUEUE loc net tcp QUEUE loc net tcp
QUEUE loc net udp QUEUE loc net udp
QUEUE loc fw udp QUEUE loc fw udp
You would normally want to place those two rules BEFORE any ACCEPT You would normally want to place those three rules BEFORE any ACCEPT
rules for loc->net. rules for loc->net or loc->fw udp or tcp.
Note: When the protocol specified is TCP ("tcp", "TCP" or "6"), Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
Shorewall will only pass connection requests (SYN packets) to user Shorewall will only pass connection requests (SYN packets) to user
space. This is for compatibility with p2pwall. space. This is for compatibility with ftwall.
2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When 2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
this option is set to "Yes", the blacklists (dynamic and static) this option is set to "Yes", the blacklists (dynamic and static)

6
Shorewall/shorewall.spec
View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 1.4.7 %define version 1.4.8
%define release 1 %define release 0RC1
%define prefix /usr %define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -108,6 +108,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Thu Oct 30 2003 Tom Eastep <tom@shorewall.net>
- Changed version to 1.4.8-0RC1
* Sat Oct 04 2003 Tom Eastep <tom@shorewall.net> * Sat Oct 04 2003 Tom Eastep <tom@shorewall.net>
- Changed version to 1.4.7-1 - Changed version to 1.4.7-1
- Removed conflict with 2.2 Kernels - Removed conflict with 2.2 Kernels

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=1.4.7 VERSION=1.4.8-RC1
usage() # $1 = exit status usage() # $1 = exit status
{ {