Clarify requirements for /etc/shorewall/ipsec; fix PKTTYPE Handling

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2104 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 15:43:30 +01:00 · 2005-05-11 17:20:23 +00:00 · 2005-05-11 17:20:23 +00:00 · cb64f41c6e
commit cb64f41c6e
parent 911746db04
4 changed files with 17 additions and 5 deletions
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -1,3 +1,7 @@
+Changes in 2.2.5
+
+1) Correct behavior of PKTTYPE=No
+
 Changes in 2.2.4

 1) Added support for UPnP
--- a/STABLE2/firewall
+++ b/STABLE2/firewall
@ -7461,6 +7461,8 @@ do_initialize() {
 	[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
    fi

+    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities
+
    determine_capabilities

    [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
@ -7580,7 +7582,6 @@ do_initialize() {
    DISABLE_IPV6=$(added_param_value_no DISABLE_IPV6 $DISABLE_IPV6)
    BRIDGING=$(added_param_value_no BRIDGING $BRIDGING)
    DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
-    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
    STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
    RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
    DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD)
--- a/STABLE2/ipsec
+++ b/STABLE2/ipsec
@ -2,8 +2,9 @@
 # Shorewall 2.2 - /etc/shorewall/ipsec
 #
 #	This file defines the attributes of zones with respect to
-#	IPSEC. To use this file, you must be running a 2.6 kernel and
-#       both your kernel and iptables must include Policy Match Support.
+#	IPSEC. To use this file for any purpose except for setting mss, 
+#	you must be running a 2.6 kernel and both your kernel and iptables
+#	must include Policy Match Support.
 #
 #	The columns are:
 #
@ -26,7 +27,7 @@
 #
 #				proto=ah|esp|ipcomp
 #
-#				mss=<number> (sets the MSS field in TCP packets) 
+#				mss=<number> (sets the MSS field in TCP packets)
 #
 #				mode=transport|tunnel
 #
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -1,4 +1,10 @@
-Shorewall 2.2.4
+Shorewall 2.2.5
+
+-----------------------------------------------------------------------
+Problems corrected in version 2.2.5
+
+1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would
+   still be used if the kernel supported it.

 -----------------------------------------------------------------------
 Problems corrected in version 2.2.4