diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index f4259802f..aa68b44fe 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -16,6 +16,10 @@ Changes in Shorewall 4.3.3 8) Add RFC 2526 anycast addresses to nosmurfs +9) Add man pages for Shorewall6 and 6 Lite. + +10) Fix IP6TABLES when not specified. + Changes in Shorewall 4.3.2 1) Added 'dhcp' option. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index db59e6e69..136eff813 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -28,7 +28,8 @@ There are two incompatible changes in this release. Problems Corrected in 4.3.3 -None. +1) Previously, if IP6TABLES wasn't specified in shorewall6.conf, it + was set to iptables rather than ip6tables. Other changes in 4.3.3 @@ -61,9 +62,10 @@ Other changes in 4.3.3 /etc/shorewall6/interfaces. The option is the IPv6 analog of the 'proxyarp' option in /etc/shorewall/interfaces. -7) Source anycast addresses defined by RFC 2526 are not trapped by +7) Source anycast addresses defined by RFC 2526 are now trapped by 'nosmurfs'. +8) Manpages are now included for Shorewall6 and Shorewall6-lite. Migration Issues. diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 4e4fa5838..a2101bb8d 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -258,6 +258,8 @@ use constant { MIN_VERBOSITY => -1, F_IPV6 => 6, }; +our %validlevels; + # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -406,6 +408,21 @@ sub initialize( $ ) { TCP_FLAGS_DISPOSITION => undef, BLACKLIST_DISPOSITION => undef, ); + + %validlevels = ( DEBUG => 7, + INFO => 6, + NOTICE => 5, + WARNING => 4, + WARN => 4, + ERR => 3, + ERROR => 3, + CRIT => 2, + ALERT => 1, + EMERG => 0, + PANIC => 0, + NONE => '', + ULOG => 'ULOG', + NFLOG => 'NFLOG'); } else { $globals{SHAREDIR} = '/usr/share/shorewall'; $globals{CONFDIR} = '/etc/shorewall6'; @@ -489,6 +506,20 @@ sub initialize( $ ) { TCP_FLAGS_DISPOSITION => undef, BLACKLIST_DISPOSITION => undef, ); + + %validlevels = ( DEBUG => 7, + INFO => 6, + NOTICE => 5, + WARNING => 4, + WARN => 4, + ERR => 3, + ERROR => 3, + CRIT => 2, + ALERT => 1, + EMERG => 0, + PANIC => 0, + NONE => '', + NFLOG => 'NFLOG'); } # # From parsing the capabilities file @@ -1471,20 +1502,6 @@ sub default_yes_no_ipv4 ( $$ ) { warning_message "$var=Yes is ignored for IPv6" if $family == F_IPV6 && $config{$var}; } -my %validlevels = ( DEBUG => 7, - INFO => 6, - NOTICE => 5, - WARNING => 4, - WARN => 4, - ERR => 3, - ERROR => 3, - CRIT => 2, - ALERT => 1, - EMERG => 0, - PANIC => 0, - NONE => '', - ULOG => 'ULOG', - NFLOG => 'NFLOG'); my @suffixes = qw(group range threshold nlgroup cprange qthreshold); diff --git a/manpages6/shorewall6-policy.xml b/manpages6/shorewall6-policy.xml index b58f7c9fb..42cdb3932 100644 --- a/manpages6/shorewall6-policy.xml +++ b/manpages6/shorewall6-policy.xml @@ -206,7 +206,7 @@ LOG LEVEL (Optional) - [log-level|ULOG] + role="bold">NFLOG] If supplied, each connection handled under the default POLICY @@ -214,8 +214,8 @@ generated. See syslog.conf(5) for a description of log levels. - You may also specify ULOG (must be in upper case). This will - log to the ULOG target and will send to a separate log through use + You may also specify NFLOG (must be in upper case). This will + log to the NFLOG target and will send to a separate log through use of ulogd (http://www.netfilter.org/projects/ulogd/index.html). diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml index 052199f7a..52f701310 100644 --- a/manpages6/shorewall6-rules.xml +++ b/manpages6/shorewall6-rules.xml @@ -367,8 +367,8 @@ - You may also specify ULOG - (must be in upper case) as a log level.This will log to the ULOG + You may also specify NFLOG + (must be in upper case) as a log level.This will log to the NFLOG target for routing to a separate log through use of ulogd (http://www.netfilter.org/projects/ulogd/index.html). diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index be6cc44c0..a19b80d4b 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -60,10 +60,10 @@ level to choose, 6 (info) is a safe bet. You may specify levels by name or by number. - If you have built your kernel with ULOG target support, you may also - specify a log level of ULOG (must be all caps). Rather than log its + If you have built your kernel with NFLOG target support, you may + also specify a log level of NFLOG (must be all caps). Rather than log its messages to syslogd, Shorewall6 will direct netfilter to log the messages - via the ULOG target which will send them to a process called 'ulogd'. + via the NFLOG target which will send them to a process called 'ulogd'. ulogd is available with most Linux distributions (although it probably isn't installed by default). Ulogd is also available from http://www.netfilter.org/projects/ulogd/index.html