Initiate 4.4.16

Shorewall-init/install.sh

@@ -23,7 +23,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall-init/shorewall-init.spec

@@ -1,6 +1,6 @@
 %define name shorewall-init
-%define version 4.4.15
-%define release 0base
+%define version 4.4.16
+%define release 0Beta1
 
 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
 Name: %{name}
@@ -99,6 +99,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.16-0Beta1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall-init/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
-%define version 4.4.15
-%define release 0base
+%define version 4.4.16
+%define release 0Beta1
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -102,6 +102,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.16-0Beta1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Config.pm

@@ -353,7 +353,7 @@ sub initialize( $ ) {
 		    EXPORT => 0,
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED => 0,
-		    VERSION => "4.4.15",
+		    VERSION => "4.4.16-Beta1",
 		    CAPVERSION => 40415 ,
 		  );
 

Shorewall/changelog.txt

@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.16
+
+None.
+
 Changes in Shorewall 4.4.15
 
 1)  Add macros from Tuomo Soini.

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -1 +1 @@
-There are no known problems in Shorewall 4.4.15
+There are no known problems in Shorewall 4.4.16-Beta1

Shorewall/releasenotes.txt

@@ -13,65 +13,7 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
   I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-1)  Previously, if 
-
-    a) syn flood protection was enabled in a policy that
-       specified 'all' for the SOURCE or DEST, and
-    b) there was only one pair of zones matching that policy, and
-    c) PROPAGATE_POLICIES=Yes in shorewall.conf, and
-    d) logging was specified on the policy
-
-    then the chain implementing the chain had "all" in its name while
-    the logging rule did not.
-
-    Example
-
-	On a simple standalone configuration, /etc/shorewall/policy
-	has:
-
-	     #SOURCE	DEST	POLICY	LOGGING
-    	     net	all	DROP	info
-
-	then the chain implementing syn flood protection would be named
-	@net2all while the logging rule would indicate net2fw.
-
-    Now, the chain will be named @net2fw.
-
-2)  If the current environment exported the VERBOSE variable with a
-    non-zero value, then startup would fail.
-
-3)  If a route existed for an entire RFC1918 subnet (10.0.0.0/8,
-    172.20.0.0/12 or 192.168.0.0/16), then setting
-    NULL_ROUTE_RFC1918=Yes would cause the route to be replaced with an
-    'unreachable' one.
-
-4)  Shorewall6 failed to start correctly if all the following were true:
-
-    - Shorewall was installed using the tarball. It may have
-      subsequently been installed using a distribution-specific package
-      or the rpm from shorewall.net without first unstalling the
-      tarball components.
-
-    - Shorewall6 was installed using a distribution-specific package or
-      the rpm from shorewall.net.
-
-    - The file /etc/shorewall6/init was not created.
-
-5)  If an interface with physical='+' is given the 'optional' or
-    'required' option, then invalid shell variables names were
-    generated by the compiler.
-
-6)  The contributed macro macro.JAP generated a fatal error when used.
-    The root cause was a defect in parameter processing in nested
-    macros (if 'PARAM' was passed to an nested macro invocation, it was
-    not expanded to the current parameter value).
-
-7)  Previously, if find_first_interface_address() failed when running
-    shorewall-lite or shoreawll6-lite, the following unhelpful message
-    was issued:
-
-    	/usr/share/shorewall-lite/lib.common: line 449: startup_error: command
-                                              not found
+None.
 
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
@@ -84,79 +26,7 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-1)   Munin and Squid macros have been contributed by Tuomo Soini.
-
-2)   The Shorewall6 accounting, tcrules and rules files now include a
-     HEADERS column which allows matching based on the IPv6 extension and
-     protocol headers included in a packet.
-
-     The contents of the column are:
-
-     	 [any:|exactly:]<header list>
-
-     where <header list> is a comma-separated list of headers from the
-     following:
-
-	Long Name	Short Name	Number
-        --------------------------------------
-	auth   		ah    		51
-	esp		esp		50
-d	hop-by-hop	hop		0
-	route		ipv6-route	41
-	frag		ipv6-frag	44
-	none		ipv6-nonxt	59	
-	protocol	proto		255
-
-     If 'any:' is specified, the rule will match if any of the listed
-     headers are present. If 'exactly:' is specified, the will match
-     packets that exactly include all specified headers. If neither is
-     given, 'any:' is assumed.
-
-     This change adds a new capability (Header Match) so if you use a
-     capabilities file, you will need to regenerate using this release.
-
-3)  It is now possible to add explicit routes to individual provider
-    routing tables using the /etc/shorewall/routes (/etc/shorewall6/routes)
-    file.
-
-    See the shorewall-routes (5) and/or the shorewall6-routes (5)  manpage.
-
-4)  Previously, /usr/share/shorewall/compiler.pl expected the contents
-    of the params file to be passed in the environment. Now, the
-    compiler invokes a small shell program
-    (/usr/share/shorewall/getparams) to process the file and to pass
-    the (variable,value) pairs back to the compiler.
-
-    Shell variable expansion uses the value from the params file if the
-    parameter was set in that file. Otherwise the current environment
-    is used. If the variable does not appear in either place, an error
-    message is generated.
-
-5)  Shared IPv4/IPv6 traffic shaping configuraiton is now
-    available. The device and class configuration can be included in
-    either the Shorewall or the Shorewall6 configuration. To place it
-    in the Shorewall configuration:
-
-    a) Set TC_ENABLED=Internal in shorewall.conf
-    b) Set TC_ENABLED=Shared in shorewall6.conf
-    c) Create symbolic link /etc/shorewall6/tcdevices pointing to
-       /etc/shorewall/tcdevices.
-    d) Create symbolic link /etc/shorewall6/tcclasses pointing to
-       /etc/shorewall/tcclasses.
-    e) Entries for both IPv4 and IPv6 can be included in
-       /etc/shorewall/tcfilters. This file has been extended to allow
-       both IPv4 and IPv6 entries to be included in a single file.
-    f) Packet marking rules are included in both configurations'
-       tcrules file as needed. CLASSIFY rules in
-       /etc/shorewall6/tcrules are validated against the Shorewall TC
-       configuration.
-  
-    In this setup, the tcdevices and tcclasses will only be updated
-    when Shorewall is restarted. The IPv6 marking rules are updated
-    when Shorewall6 is restarted.
-
-    The above configuration may be reversed to allow Shorewall6 to
-    control the TC configuration.
+None.
 
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
@@ -377,6 +247,148 @@ d	hop-by-hop	hop		0
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
       I N   P R I O R  R E L E A S E S
+----------------------------------------------------------------------------
+         P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 1 5
+----------------------------------------------------------------------------
+
+1)  Previously, if 
+
+    a) syn flood protection was enabled in a policy that
+       specified 'all' for the SOURCE or DEST, and
+    b) there was only one pair of zones matching that policy, and
+    c) PROPAGATE_POLICIES=Yes in shorewall.conf, and
+    d) logging was specified on the policy
+
+    then the chain implementing the chain had "all" in its name while
+    the logging rule did not.
+
+    Example
+
+	On a simple standalone configuration, /etc/shorewall/policy
+	has:
+
+	     #SOURCE	DEST	POLICY	LOGGING
+    	     net	all	DROP	info
+
+	then the chain implementing syn flood protection would be named
+	@net2all while the logging rule would indicate net2fw.
+
+    Now, the chain will be named @net2fw.
+
+2)  If the current environment exported the VERBOSE variable with a
+    non-zero value, then startup would fail.
+
+3)  If a route existed for an entire RFC1918 subnet (10.0.0.0/8,
+    172.20.0.0/12 or 192.168.0.0/16), then setting
+    NULL_ROUTE_RFC1918=Yes would cause the route to be replaced with an
+    'unreachable' one.
+
+4)  Shorewall6 failed to start correctly if all the following were true:
+
+    - Shorewall was installed using the tarball. It may have
+      subsequently been installed using a distribution-specific package
+      or the rpm from shorewall.net without first unstalling the
+      tarball components.
+
+    - Shorewall6 was installed using a distribution-specific package or
+      the rpm from shorewall.net.
+
+    - The file /etc/shorewall6/init was not created.
+
+5)  If an interface with physical='+' is given the 'optional' or
+    'required' option, then invalid shell variables names were
+    generated by the compiler.
+
+6)  The contributed macro macro.JAP generated a fatal error when used.
+    The root cause was a defect in parameter processing in nested
+    macros (if 'PARAM' was passed to an nested macro invocation, it was
+    not expanded to the current parameter value).
+
+7)  Previously, if find_first_interface_address() failed when running
+    shorewall-lite or shoreawll6-lite, the following unhelpful message
+    was issued:
+
+    	/usr/share/shorewall-lite/lib.common: line 449: startup_error: command
+                                              not found
+
+----------------------------------------------------------------------------
+               N E W   F E A T U R E S   I N   4 . 4 . 1 5
+----------------------------------------------------------------------------
+
+1)   Munin and Squid macros have been contributed by Tuomo Soini.
+
+2)   The Shorewall6 accounting, tcrules and rules files now include a
+     HEADERS column which allows matching based on the IPv6 extension and
+     protocol headers included in a packet.
+
+     The contents of the column are:
+
+     	 [any:|exactly:]<header list>
+
+     where <header list> is a comma-separated list of headers from the
+     following:
+
+	Long Name	Short Name	Number
+        --------------------------------------
+	auth   		ah    		51
+	esp		esp		50
+d	hop-by-hop	hop		0
+	route		ipv6-route	41
+	frag		ipv6-frag	44
+	none		ipv6-nonxt	59	
+	protocol	proto		255
+
+     If 'any:' is specified, the rule will match if any of the listed
+     headers are present. If 'exactly:' is specified, the will match
+     packets that exactly include all specified headers. If neither is
+     given, 'any:' is assumed.
+
+     This change adds a new capability (Header Match) so if you use a
+     capabilities file, you will need to regenerate using this release.
+
+3)  It is now possible to add explicit routes to individual provider
+    routing tables using the /etc/shorewall/routes (/etc/shorewall6/routes)
+    file.
+
+    See the shorewall-routes (5) and/or the shorewall6-routes (5)  manpage.
+
+4)  Previously, /usr/share/shorewall/compiler.pl expected the contents
+    of the params file to be passed in the environment. Now, the
+    compiler invokes a small shell program
+    (/usr/share/shorewall/getparams) to process the file and to pass
+    the (variable,value) pairs back to the compiler.
+
+    Shell variable expansion uses the value from the params file if the
+    parameter was set in that file. Otherwise the current environment
+    is used. If the variable does not appear in either place, an error
+    message is generated.
+
+5)  Shared IPv4/IPv6 traffic shaping configuraiton is now
+    available. The device and class configuration can be included in
+    either the Shorewall or the Shorewall6 configuration. To place it
+    in the Shorewall configuration:
+
+    a) Set TC_ENABLED=Internal in shorewall.conf
+    b) Set TC_ENABLED=Shared in shorewall6.conf
+    c) Create symbolic link /etc/shorewall6/tcdevices pointing to
+       /etc/shorewall/tcdevices.
+    d) Create symbolic link /etc/shorewall6/tcclasses pointing to
+       /etc/shorewall/tcclasses.
+    e) Entries for both IPv4 and IPv6 can be included in
+       /etc/shorewall/tcfilters. This file has been extended to allow
+       both IPv4 and IPv6 entries to be included in a single file.
+    f) Packet marking rules are included in both configurations'
+       tcrules file as needed. CLASSIFY rules in
+       /etc/shorewall6/tcrules are validated against the Shorewall TC
+       configuration.
+  
+    In this setup, the tcdevices and tcclasses will only be updated
+    when Shorewall is restarted. The IPv6 marking rules are updated
+    when Shorewall6 is restarted.
+
+    The above configuration may be reversed to allow Shorewall6 to
+    control the TC configuration.
+
 ----------------------------------------------------------------------------
          P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 1 4
 ----------------------------------------------------------------------------

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
-%define version 4.4.15
-%define release 0base
+%define version 4.4.16
+%define release 0Beta1
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -109,6 +109,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
 
 %changelog
+* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.16-0Beta1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
-%define version 4.4.15
-%define release 0base
+%define version 4.4.16
+%define release 0Beta1
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -93,6 +93,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.16-0Beta1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
-%define version 4.4.15
-%define release 0base
+%define version 4.4.16
+%define release 0Beta1
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Tue Nov 30 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.16-0Beta1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.16-Beta1
 
 usage() # $1 = exit status
 {