diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index df3b929a9..166a0594e 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -44,3 +44,9 @@ Changes in 2.0.7 4) Correct handling of multiple 'blacklist' interfaces. 5) Add "0.0.0.0 RETURN" to nobogons. + +Changes in 2.0.8 + +1) Removed dead code from process_actions2() + +2) Corrected read command in process_actions2() (userspec) diff --git a/STABLE2/firewall b/STABLE2/firewall index 8ba1ba90b..28fd28713 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -2863,47 +2863,6 @@ process_actions1() { # process the associated action files. # process_actions2() { - # - # Process a rule where the source or destination is "all" - # - process_wildcard_rule() { - local yclients yservers ysourcezone ydestzone ypolicy - - for yclients in $xclients; do - for yservers in $xservers; do - ysourcezone=${yclients%%:*} - ydestzone=${yservers%%:*} - if [ "${ysourcezone}" != "${ydestzone}" ] ; then - eval ypolicy=\$${ysourcezone}2${ydestzone}_policy - if [ "$ypolicy" != NONE ] ; then - process_action $xaction $xtarget $yclients $yservers $xprotocol $xports $xcports $xratelimit $xuserspec - fi - fi - done - done - } - - do_it() { - expandv xclients xservers xprotocol xports xcports xratelimit xuserspec - - if [ "x$xclients" = xall ]; then - xclients="$zones $FW" - if [ "x$xservers" = xall ]; then - xservers="$zones $FW" - fi - process_wildcard_rule - continue - fi - - if [ "x$xservers" = xall ]; then - xservers="$zones $FW" - process_wildcard_rule - continue - fi - - process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec - - } log_action() { [ "$COMMAND" != check ] && log_rule ${LOGNEWNOTSYN:-info} $1 $2 "" "" -p tcp ! --syn @@ -2981,8 +2940,9 @@ process_actions2() { fn=$(find_file $f) echo "Processing $fn..." - while read xtarget xclients xservers xprotocol xports xcports xratelimit $xuserspec; do - do_it + while read xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec ; do + expandv xtarget xclients xservers xprotocol xports xcports xratelimit xuserspec + process_action $xaction $xtarget $xclients $xservers $xprotocol $xports $xcports $xratelimit $xuserspec done < $TMP_DIR/$f ;; esac diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index f50e0c150..ae1c01762 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.0.7 +Shorewall 2.0.8 ---------------------------------------------------------------------- Problems Corrected in version 2.0.4 @@ -114,6 +114,11 @@ New Features in version 2.0.7 default via 192.168.1.254 dev br0 Table default: +----------------------------------------------------------------------- +Problems Corrected in version 2.0.8 + +1) User/group restricted rules now work in actions. +