Fix rule generated by MULTICAST=Yes

2009-08-29 09:32:38 -07:00 · 2009-08-29 09:32:38 -07:00 · 210ca5faee
commit 210ca5faee
parent 00a20d5e1d
20 changed files with 40 additions and 17 deletions
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 2
+%define release 3
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Sat Aug 29 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-3
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -327,7 +327,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.0.2",
+		    VERSION => "4.4.0.3",
 		    CAPVERSION => 40310 ,
 		  );
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@ -356,7 +356,7 @@ sub policy_rules( $$$$$ ) {
    my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
    unless ( $target eq 'NONE' ) {
-	add_rule $chainref, "-d 224.0.0.0/24 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
+	add_rule $chainref, "-d 224.0.0.0/4 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
 	add_rule $chainref, "-j $default" if $default && $default ne 'none';
 	log_rule $loglevel , $chainref , $target , '' if $loglevel ne '';
 	fatal_error "Null target in policy_rules()" unless $target;
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,3 +1,6 @@
 Changes in Shorewall 4.4.0.3
 1) Fix rule generated by MULTICAST=Yes
 Changes in Shorewall 4.4.0.2
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -29,3 +29,8 @@
    "-" in the ZONES column) in /etc/shorewall/interfaces.
    This problem was corrected in Shorewall 4.4.0.2.
 6)  MULTICAST=Yes generates an incorrect rule that limits its
    effectiveness to a small part of the multicast address space.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -153,6 +153,13 @@ Shorewall 4.4.0 patch release 1.
 10) The name 'any' is now reserved and may not be used as a zone name.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0 . 3
 ----------------------------------------------------------------------------
 1)  MULTICAST=Yes generates an incorrect rule that limits its
    effectiveness to a small part of the multicast address space.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0 . 2
 ----------------------------------------------------------------------------
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.0
-%define release 2
+%define release 3
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 %changelog
 * Sat Aug 29 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-3
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/fallback.sh
+++ b/Shorewall6-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.0
-%define release 2
+%define release 3
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Sat Aug 29 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-3
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/fallback.sh
+++ b/Shorewall6/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.0
-%define release 2
+%define release 3
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 %changelog
 * Sat Aug 29 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-3
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.2
+VERSION=4.4.0.3
 usage() # $1 = exit status
 {