diff --git a/Shorewall-common/fallback.sh b/Shorewall-common/fallback.sh index 64b126290..0151f5c6d 100755 --- a/Shorewall-common/fallback.sh +++ b/Shorewall-common/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-common/install.sh b/Shorewall-common/install.sh index 2ff2df798..ff8c81df0 100755 --- a/Shorewall-common/install.sh +++ b/Shorewall-common/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index b0d1faa14..7abbb0ea9 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -24,8 +24,11 @@ Problems corrected in 3.9.5. 3) Setting MACLIST_LOG_LEVEL="" and MACLIST_DISPOSITION=ACCEPT or MACLIST_DISPOSITION=REJECT resulted in Perl run-time errors. + +4) Many more .... (I gave up trying to document them all; check the + SVN history if you are interested). -Other changes in Shorewall 3.9.4 +Other changes in Shorewall 3.9.5 1) The Shorewall-perl compiler now validates all log levels. It also validates all protocol names against /etc/protocols and all service @@ -281,8 +284,8 @@ Migration Considerations: configuration files. h) USE_ACTIONS=No is not supported. That option is intended to - minimize Shorewall's footprint in embedded applications. As a - consequence, Default Macros are not supported. + minimize Shorewall's footprint in embedded applications. As a + consequence, Default Macros are not supported. i) DELAYBLACKLISTLOAD=Yes is not supported. The entire ruleset is atomically loaded with one execution of iptables-restore. @@ -297,6 +300,25 @@ Migration Considerations: combination doesn't work in previous versions of Shorewall so the Perl-based compiler simply rejects it. + m) Shorewall-perl has a single rule generator that is used for all + rule-oriented files. So it is important that the syntax is + consistent between files. + + With shorewall-shell, there is a special syntax in the SOURCE + column of /etc/shorewall/masq to designate "all traffic entering + the firewall on this interface except...". + + Example: + + #INTERFACE SOURCE ADDRESSES + eth0 eth1!192.168.4.9 ... + + Shorewall-perl uses syntax that is consistent with the rest of + Shorewall: + + #INTERFACE SOURCE ADDRESSES + eth0 eth1:!192.168.4.9 ... + 2) An 'optional' option has been added to /etc/shorewall/interfaces. When 'optional' is specified for an interface, Shorewall will be silent when: @@ -449,3 +471,4 @@ Problems corrected in Shorewall 3.9.3 specified in the DEST column of /etc/shorewall/rules, then a Perl run-time diagnostic was produced. + diff --git a/Shorewall-common/shorewall.spec b/Shorewall-common/shorewall.spec index 90c5d5a10..4819f1bea 100644 --- a/Shorewall-common/shorewall.spec +++ b/Shorewall-common/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 3.9.4 +%define version 3.9.5 %define release 1 %define prefix /usr @@ -252,6 +252,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %changelog +* Mon Apr 30 2007 Tom Eastep tom@shorewall.net +- Updated to 3.9.5-1 * Mon Apr 23 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.4-1 * Wed Apr 18 2007 Tom Eastep tom@shorewall.net diff --git a/Shorewall-common/uninstall.sh b/Shorewall-common/uninstall.sh index 266d18195..d6d343c1d 100755 --- a/Shorewall-common/uninstall.sh +++ b/Shorewall-common/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index 75851d3c8..196359621 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 2ab0fc61f..0d1a9cd39 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index 37e0f7789..51e683892 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,5 +1,5 @@ %define name shorewall-lite -%define version 3.9.4 +%define version 3.9.5 %define release 1 %define prefix /usr @@ -99,6 +99,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Mon Apr 30 2007 Tom Eastep tom@shorewall.net +- Updated to 3.9.5-1 * Mon Apr 23 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.4-1 * Wed Apr 18 2007 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index c0042f158..790dea7b3 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index bceb318cd..eaf1a88cd 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -69,7 +69,7 @@ our %globals = ( SHAREDIR => '/usr/share/shorewall' , ORIGINAL_POLICY_MATCH => '', LOGPARMS => '', TC_SCRIPT => '', - VERSION => '3.9.4', + VERSION => '3.9.5', ); # diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 94e109e6f..4ed6e3f7a 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -169,10 +169,9 @@ sub process_tc_rule( $$$$$$$$$$ ) { unless ( $classid ) { MARK: { - PATTERN: for my $tccmd ( @tccmd ) { if ( $tccmd->{match}($cmd) ) { - fatal_error "$mark not valid with :C[FP]" if $connmark; + fatal_error "$mark not valid with :C[FPT]" if $connmark; $target = "$tccmd->{target} "; my $marktype = $tccmd->{mark}; diff --git a/Shorewall-perl/install.sh b/Shorewall-perl/install.sh index 4760ed0c8..f1d52f954 100755 --- a/Shorewall-perl/install.sh +++ b/Shorewall-perl/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-perl/shorewall-perl.spec b/Shorewall-perl/shorewall-perl.spec index aef79193a..5ff85fce3 100644 --- a/Shorewall-perl/shorewall-perl.spec +++ b/Shorewall-perl/shorewall-perl.spec @@ -1,5 +1,5 @@ %define name shorewall-perl -%define version 3.9.4 +%define version 3.9.5 %define release 1 %define prefix /usr @@ -80,6 +80,8 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING releasenotes.txt %changelog +* Mon Apr 30 2007 Tom Eastep tom@shorewall.net +- Updated to 3.9.5-1 * Mon Apr 23 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.4-1 * Wed Apr 18 2007 Tom Eastep tom@shorewall.net diff --git a/Shorewall-shell/install.sh b/Shorewall-shell/install.sh index f0dcc1ecc..d57a2de10 100755 --- a/Shorewall-shell/install.sh +++ b/Shorewall-shell/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=3.9.4 +VERSION=3.9.5 usage() # $1 = exit status { diff --git a/Shorewall-shell/shorewall-shell.spec b/Shorewall-shell/shorewall-shell.spec index 371aad0cd..b69df4c1c 100644 --- a/Shorewall-shell/shorewall-shell.spec +++ b/Shorewall-shell/shorewall-shell.spec @@ -1,5 +1,5 @@ %define name shorewall-shell -%define version 3.9.4 +%define version 3.9.5 %define release 1 %define prefix /usr @@ -63,6 +63,8 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING INSTALL %changelog +* Mon Apr 30 2007 Tom Eastep tom@shorewall.net +- Updated to 3.9.5-1 * Mon Apr 23 2007 Tom Eastep tom@shorewall.net - Updated to 3.9.4-1 * Wed Apr 18 2007 Tom Eastep tom@shorewall.net