Bring trunk up to date with 4.0

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7227 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-shell/compiler

@@ -958,7 +958,7 @@ setup_tc1() {
     # packets that are not part of a marked connection to the 'tcpre/tcout' chains.
     #
     if [ -n "$ROUTEMARK_INTERFACES" -a -z "$TC_EXPERT" ]; then
-	[ -n "$HIGH_ROUTE_MARKS" ] && mark_part="-m mark --mark 0/0xFF00" || mark_part="-m mark --mark 0/0xFF00"
+	[ -n "$HIGH_ROUTE_MARKS" ] && mark_part="-m mark --mark 0/0xFF00" || mark_part="-m mark --mark 0/0xFF"
 	#
 	# But let marks in tcpre override those assigned by 'track'
 	#
@@ -3245,6 +3245,8 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
 
     run_user_exit $1
 
+    [ -n "$FASTACCEPT" ] || run_iptables -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
     eval policychain=\$${2}2${3}_policychain
 
     if [ -n "$policychain" ]; then
@@ -4917,7 +4919,7 @@ compile_firewall() # $1 = File Name
 		;;
 	esac
 
-	run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
+	run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS $option
     }
 
     progress_message2 "Initializing..."

Shorewall-shell/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
 #
 
-VERSION=4.0.2
+VERSION=4.0.3
 
 usage() # $1 = exit status
 {

Shorewall-shell/shorewall-shell.spec

@@ -1,5 +1,5 @@
 %define name shorewall-shell
-%define version 4.0.2
+%define version 4.0.3
 %define release 1
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@@ -81,6 +81,8 @@ fi
 %doc COPYING INSTALL 
 
 %changelog
+* Mon Aug 13 2007 Tom Eastep tom@shorewall.net
+- Updated to 4.0.3-1
 * Thu Aug 09 2007 Tom Eastep tom@shorewall.net
 - Updated to 4.0.2-1
 * Sat Jul 21 2007 Tom Eastep tom@shorewall.net