Shorewall 1.4.10d +

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1216 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-19 17:28:35 +02:00 · 2004-03-20 15:40:06 +00:00 · 2004-03-20 15:40:06 +00:00 · ccd528ec8c
commit ccd528ec8c
parent f37f1d4243
7 changed files with 26 additions and 10 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -31,3 +31,7 @@ Changes since 1.4.9
 14) Fix silly tcrules file problem.
 15) Fix multiple excluded zones in DNAT/REDIRECT rules.
 16) Correct reporting of POLICY rules.
 17) Implement Sean Mathews's fix for Proxy ARP/IPSEC.
--- a/Shorewall/fallback.sh
+++ b/Shorewall/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=1.4.10c
+VERSION=1.4.10d
 usage() # $1 = exit status
 {
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1396,7 +1396,7 @@ setup_proxy_arp() {
 	[ -z "$haveroute" ] && run_ip route replace $address dev $interface
-	run_arp -Ds $address $external pub
+	run_arp -i $external -Ds $address $external pub
 	echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
 	echo 0 > /proc/sys/net/ipv4/conf/$external/proxy_arp
@ -2843,11 +2843,15 @@ add_a_rule()
    # Complain if the rule is really a policy
-    if [ -z "$proto" -a -z "$cli" -a -z "$serv" -a -z "$servport" -a -z "$userset" -a "$logtarget" != LOG ]; then
+    case $logtarget in
-	error_message "Warning -- Rule \"$rule\" is a POLICY"
+	ACCEPT|DROP|REJECT)	
-	error_message "	       -- and should be moved to the policy file"
+	    if [ -z "$proto" -a -z "$cli" -a -z "$serv" -a -z "$servport" -a -z "$userspec" ] ; then
-    fi
+		error_message "Warning -- Rule \"$rule\" is a POLICY"
-
+		error_message "	       -- and should be moved to the policy file"
 	    fi
 	    ;;
    esac
    if [ -n "${serv}${servport}" ]; then
 	if [ $command != check ]; then
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
-VERSION=1.4.10c
+VERSION=1.4.10d
 usage() # $1 = exit status
 {
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -41,6 +41,12 @@ Problems Corrected since version 1.4.9:
    That has been corrected so that multiple excluded zones may now be
    listed in a DNAT or REDIRECT rule.
 11. Use of user-defined actions frequently resulted in a WARNING that
    the rule was a policy.
 12. Thanks to Sean Mathews, a long-standing problem with proxy ARP and
    IPSEC has been corrected!!
 Migration Issues:
 None.
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,5 +1,5 @@
 %define name shorewall
-%define version 1.4.10c
+%define version 1.4.10d
 %define release 1
 %define prefix /usr
@ -109,6 +109,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 %changelog
 * Tue Mar 16 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10d-1
 * Sun Feb 15 2004 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.10c-1
 * Thu Feb 12 2004 Tom Eastep <tom@shorewall.net>
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
-VERSION=1.4.10c
+VERSION=1.4.10d
 usage() # $1 = exit status
 {