From 31092957eda14c2962f6f3c9824a94ffe544b0aa Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 23 Nov 2006 00:58:38 +0000
Subject: [PATCH] Change ipp2p default to '-p all'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4985 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/lib.base         |  2 +-
 Shorewall/lib.tcrules      |  2 +-
 Shorewall/releasenotes.txt | 51 +++++++++++++++++++-------------------
 3 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/Shorewall/lib.base b/Shorewall/lib.base
index 9c995df2c..7ef54ae9a 100644
--- a/Shorewall/lib.base
+++ b/Shorewall/lib.base
@@ -124,7 +124,7 @@ my_pathname() {
     echo $PWD/$(basename $0)
 }
 
-##
+#
 # Source a user exit file if it exists
 #
 run_user_exit() # $1 = file name
diff --git a/Shorewall/lib.tcrules b/Shorewall/lib.tcrules
index ffd32b557..6eeb8a406 100644
--- a/Shorewall/lib.tcrules
+++ b/Shorewall/lib.tcrules
@@ -66,7 +66,7 @@ process_tc_rule()
 		proto=${proto#*:}
 		;;
 	    *)
-		proto=tcp
+		proto=all
 		;;
 	esac
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 4de022a81..6dd8ece9a 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -53,11 +53,11 @@ Migration Considerations:
        to silently drop or reject traffic that would otherwise be logged
        when the policy is enforced.
 
-    b) Ensure correct operation. Default actions can also avoid common
-       pitfalls like dropping connection requests on port TCP port
-       113. If these connections are dropped (rather than rejected)
-       then you may encounter problems connecting to internet services
-       that utilize the AUTH protocol of client authentication.
+    b) Insure correct operation. Default actions can also avoid common
+       pitfalls like dropping connection requests on TCP port 113. If
+       these connections are dropped (rather than rejected) then you
+       may encounter problems connecting to internet services that
+       utilize the AUTH protocol of client authentication.
 
     In prior Shorewall versions, default actions (action.Drop and
     action.Reject) were defined for DROP and REJECT policies in
@@ -100,7 +100,8 @@ New Features:
     - lib.actions. Must be available if you do not specify
       USE_ACTIONS=No in /etc/shorewall/shorewall.conf.
 
-    - lib.base. The base Shorewall library required by all programs. 
+    - lib.base. The base Shorewall library required by all programs,
+      including compiled firewall scripts. 
 
     - lib.cli. Library containing the code common to /sbin/shorewall,
       /sbin/shorewall-lite.
@@ -139,8 +140,6 @@ New Features:
 
     - Omitting the macro files.
     - Omitting all unused extension scripts.
-    - Stripping the comments (except for copyright) from the various
-      files.
 
 2)  As hinted in the previous bullet, there is a new USE_ACTIONS option
     in /etc/shorewall/shorewall.conf. Shorewall actions can be very
@@ -201,8 +200,8 @@ New Features:
        refer to macro.Drop and macro.Reject.
 
        If you set the value of either option to "None" then no default
-       action will be used and the default action or macro must be
-       specified in /etc/shorewall/policy
+       action will be used and the default action or macro (if any)
+       must be specified in /etc/shorewall/policy
 
     - The POLICY column in /etc/shorewall/policy has been extended.
 
@@ -243,7 +242,7 @@ New Features:
     |4	    192.168.1.1
 
 5)  Previously, zone names were restricted to five characters in
-    length. That length derives from the --log-prefix in Netfilter log
+    length. That limit derives from the --log-prefix in Netfilter log
     messages which must be 29 bytes or less in length. With the
     standard Shorewall LOGFORMAT, that leaves 11 characters for the
     chain name; given that many chain names are of the form
@@ -254,9 +253,9 @@ New Features:
     than 5 but it may be greater than 5). For example, setting
     LOGFORMAT="FW:%s:%s:" will allow zone names of up to 8 characters.
 
-6)  Netfilter provides support for attaching comments to Netfilter
-    rules. Comments can be up to 255 bytes in length and are
-    visible using the "shorewall show <chain>", "shorewall show nat",
+6)  Netfilter provides support for attachmend of comments to Netfilter
+    rules. Comments can be up to 255 bytes in length and are visible
+    using the "shorewall show <chain>", "shorewall show nat",
     "shorewall show mangle" and "shorewall dump" commands. Comments are
     delimited by '/* ... */" in the output.
 
@@ -264,14 +263,14 @@ New Features:
     /etc/shorewall/rules, /etc/shorewall/tcrules, /etc/shorewall/nat
     and /etc/shorewall/masq files and in action files. The remainder of
     the line is treated as a comment and it will be attached as a
-    Netfilter comment to the rule(s) generated by the following entries
+    Netfilter comment to the rule(s) generated by succeding entries
     in the file.
 
     Note: Do not prefix the comment with "#". Shorewall's two-pass
     compiler strips off "#" comments in the first pass and processes
-    COMMENT lines in the second pass. So by the time that COMMENT is
-    processed, the "#" and everything after it has been removed (see
-    example below).
+    COMMENT lines in the second pass. Hence, by the time that COMMENT
+    is processed, the "#" and everything following it has been removed
+    (see example below).
 
     To stop the current comment from being attached to further
     rules, simply include COMMENT on a line by itself (so that the
@@ -306,10 +305,10 @@ New Features:
 
 8)  A new 'maclog' extension file has been added. This file is
     processed just before logging based on the setting of
-    MACLIST_LOG_LEVEL is done. When invoked, the CHAIN variable will
-    contain the name of the chain where rules should be inserted.
-    Remember that if you have specified MACLIST_TABLE=mangle, then your
-    run_iptables commands should include "-t mangle".
+    MACLIST_LOG_LEVEL is done. When the extension is invoked, the CHAIN
+    variable will contain the name of the chain where rules should be
+    inserted. Remember that if you have specified MACLIST_TABLE=mangle,
+    then your run_iptables commands should include "-t mangle".
 
 9)  The SUBNET column in /etc/shorewall/masq has been renamed SOURCE to
     more accurately describe the contents of the column.
@@ -350,10 +349,10 @@ New Features:
     Chain eth2_fwd (1 references)
      pkts bytes target     prot opt in     out     source            destination
         0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
-        0     0 wifi2all   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
-        0     0 wifi2all   all  --  *      br0     0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
-        0     0 wifi2all   all  --  *      eth3    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
-        0     0 wifi2all   all  --  *      tun+    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
+        0     0 wifi2all   all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
+        0     0 wifi2all   all  --  *      br0     0.0.0.0/0            0.0.0.0/0
+        0     0 wifi2all   all  --  *      eth3    0.0.0.0/0            0.0.0.0/0
+        0     0 wifi2all   all  --  *      tun+    0.0.0.0/0            0.0.0.0/0
     gateway:~ #
 
     This redundancy may be eliminated by setting OPTIMIZE=1 in shorewall.conf.