diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 93351deed..e1d3bf09a 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -27,3 +27,7 @@ Changes since 1.4.9 12) Allow maclist with Atheros cards 13) Fix masq file problem with exclusion in the source column. + +14) Fix silly tcrules file problem. + +15) Fix multiple excluded zones in DNAT/REDIRECT rules. diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index cd7fe2157..0728db7e6 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=1.4.10a +VERSION=1.4.10c usage() # $1 = exit status { diff --git a/Shorewall/firewall b/Shorewall/firewall index b609e0dff..1fc453b56 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1730,7 +1730,7 @@ process_tc_rule() esac fi - if [ "x$user" != "x-" ]; then + if [ "x${user:--}" != "x-" ]; then [ "$chain" != tcout ] && \ fatal_error "Invalid use of a user/group: rule \"$rule\"" @@ -2632,7 +2632,7 @@ add_nat_rule() { addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -d $adr -j $chain done - for z in $excludezones; do + for z in $(separate_list $excludezones); do eval hosts=\$${z}_hosts for host in $hosts; do addnatrule $chain -s ${host#*:} -j RETURN diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 266ddac0d..35c5f9a63 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=1.4.10a +VERSION=1.4.10c usage() # $1 = exit status { diff --git a/Shorewall/interfaces b/Shorewall/interfaces index b5bc8c799..d60544a0d 100644 --- a/Shorewall/interfaces +++ b/Shorewall/interfaces @@ -62,10 +62,13 @@ # interface (anti-spoofing measure). This # option can also be enabled globally in # the /etc/shorewall/shorewall.conf file. -# dropunclean - Logs and drops mangled/invalid packets -# +# dropunclean - Logs and drops mangled/invalid +# packets. USE OF THIS OPTION IS +# NOT RECOMMENDED. It will be removed in +# Shorewall 2.0. # logunclean - Logs mangled/invalid packets but does -# not drop them. +# not drop them. This option will be +# removed in Shorewall 2.0. # . . blacklist - Check packets arriving on this interface # against the /etc/shorewall/blacklist # file. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index dc3dead77..d73f12ac7 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -31,6 +31,16 @@ Problems Corrected since version 1.4.9: the !10.1.0.0/16 is ignored. +9. A startup error occurs if the USER/GROUP column of the tcrules file + is empty. + +10. The following syntax previously produced a startup error: + + DNAT z1!z2,z3 z4:... + + That has been corrected so that multiple excluded zones may now be + listed in a DNAT or REDIRECT rule. + Migration Issues: None. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 84d04ce63..7637102ce 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 1.4.10a +%define version 1.4.10c %define release 1 %define prefix /usr @@ -109,6 +109,10 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Sun Feb 15 2004 Tom Eastep +- Changed version to 1.4.10c-1 +* Thu Feb 12 2004 Tom Eastep +- Changed version to 1.4.10b-1 * Sun Feb 08 2004 Tom Eastep - Changed version to 1.4.10a-1 * Fri Jan 30 2004 Tom Eastep diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 86538f9be..2895e6603 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=1.4.10a +VERSION=1.4.10c usage() # $1 = exit status {