diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c78bad401..21141406b 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,10 +1,15 @@ -Changes in 3.2.0 RC 5 +Changes in 3.2.0 Final + +1) Avoid extraneous double quotes in log rules generated at run-time. + +Changes in 3.2.0 RC 6 1) Correct generation of the balanced default route. 2) Allow 'detect' in the ADDRESS column of the masq file. 3) Correct some permission problems. + ------------------------------------------------------------------------------- Changes in 3.2.0 RC 5 diff --git a/Shorewall/functions b/Shorewall/functions index cea7f77c8..560774552 100644 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -1478,14 +1478,25 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi error_message "WARNING: Log Prefix shortened to \"$prefix\"" fi - case $level in - ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\" - ;; - *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\" - ;; - esac + if [ "$COMMAND" = compile ]; then + case $level in + ULOG) + run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\" + ;; + *) + run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\" + ;; + esac + else + case $level in + ULOG) + run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + ;; + *) + run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + ;; + esac + fi if [ $? -ne 0 ] ; then [ -z "$STOPPING" ] && { stop_firewall; exit 2; } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 6d0fd6e21..ac89426b8 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.2.0 RC 6 +Shorewall 3.2.0 Note to users upgrading from Shorewall 2.x or 3.0 @@ -31,27 +31,14 @@ Note to users upgrading from Shorewall 2.x or 3.0 Please see the "Migration Considerations" below for additional upgrade information. -Problems Corrected in 3.2.0 RC 6 +Problems Corrected in 3.2.0 Final -1) When 'balance' is specified in more than one provider, only the - last such provider appears in the default route. +1) Logging rules generated at run-time (such as smurf rules) contained + extraneous double quotes around the log prefix. -2) The permission settings of /etc/shorewall/params and of several - files in /usr/share/shorewall/configfiles were incorrect. +Other changes in 3.2.0 Final -Other changes in 3.2.0 RC 6 - -1) This change will be in 3.0.9 so I'm slipping it into this RC for - compatibility. - - It is now possible to use the special value 'detect' in the ADDRESS - column of /etc/shorewall/masq. This allows you to specify SNAT (as - opposed to MASQUERADE) without having to know the ip address of the - external interface. Shorewall must be restarted each time that the - external address (the address of the interface named in the - INTERFACE column) changes. Note that if you have done a 'shorewall - save' then it is sufficient to "shorewall restore" since the - restore script will re-detect the interface's IP address(es). +None. Migration Considerations: