holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove Debian files

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7500 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
el_cubano 2007-10-22 13:31:55 +00:00
parent b3d1d182e1
commit 5570ca5d28
15 changed files with 0 additions and 1903 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

908
Shorewall-common/debian/changelog
View File

@ -1,908 +0,0 @@
shorewall (2.2.5-2) unstable; urgency=low
* Updated german debconf translation (Closes: #311849).
* Updated french debconf translation (Closes: #312046).
* Updated czech debconf translation (Closes: #313257).
-- Lorenzo Martignoni <martignlo@debian.org> Sun, 12 Jun 2005 22:40:14 +0200
shorewall (2.2.5-1) unstable; urgency=low
* New upstream release (Closes: #310525).
* The presence of the configuration file rfc1918 is checked during
configuration in order to prevernt anomalous behaviour as the file had
a different role in the past (Closes: #308380).
-- Lorenzo Martignoni <martignlo@debian.org> Wed, 25 May 2005 21:06:25 +0200
shorewall (2.2.4-1) unstable; urgency=low
* New upstream release
* Add actions to allow and deny traffic to and to Edonkey network
(Closes: #305988).
* Add actions to allow and deny traffic to and to Gnutella network
(Closes: #306116).
* The list of unallocated addresses (bogons) has been updated but the
problem of out of date list persist because the list of unallocated
addreses is updated frequently and it is not possible to make a new
debian package on every update. Please read README.Debian for an
explanation about how to update the list automatically without waiting
for a new package release (Closes: #302723).
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 4 May 2005 20:45:13 +0200
shorewall (2.2.3-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 8 Apr 2005 20:29:31 +0200
shorewall (2.2.2-2) unstable; urgency=low
* Added debconf Czech translation provided by Miroslav Kure (Closes: 301622)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 27 Mar 2005 14:55:08 +0200
shorewall (2.2.2-1) unstable; urgency=low
* New upstream release (Closes: #299747)
* Added debconf french translation (Closes: #298266)
* As suggested by fenio@debian.org default shorewall configuration,
shipped in /usr/share/doc/shorewall/default-config, are not yet
compressed to avoid confusion (previously some were compressed and
others were not) (Closes: #270338)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 17 Mar 2005 10:08:33 +0100
shorewall (2.2.1-1) unstable; urgency=low
* New upstream release
* Upstream applyed patch submitted by Juergen Kreileder to fix a bug in
logging (Closes: #294842)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 19 Feb 2005 15:09:47 +0100
shorewall (2.2.0-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 10 Feb 2005 23:28:26 +0100
shorewall (2.1.99.rc04-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 13 Jan 2005 23:15:02 +0100
shorewall (2.0.15-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 13 Jan 2005 22:53:28 +0100
shorewall (2.0.14-1) unstable; urgency=low
* New upstream release
* The script "tunnel" is now installed under
/usr/share/doc/shorewall/default-config/ (Closes: #287829)
* Fixed some typos in README.Debian (Closes: #287868, #288548)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 6 Jan 2005 00:13:04 +0100
shorewall (2.0.13-2) unstable; urgency=low
* Updated README.Debian to better explain the role of /etc/shorewall and
/usr/share/shorewall
* Fixed a typo in README.Debian (Closes: #286196)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 18 Dec 2004 12:29:18 +0100
shorewall (2.0.13-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 17 Dec 2004 10:51:24 +0100
shorewall (2.0.12-1) unstable; urgency=low
* New upstream release
* The file modules is now installed within /usr/share/doc/default-config
(Closes: #282916)
* The bogons file that provides a list of IP addresses reserved by IANA
must be updated to reflect the most up-to-date IANA allocation. The
file was only updated by a new version of the package and that could
be a highly dangerous for the future stable release. The package now
provides a script to automatically update the bogons list. For more
information please see README.Debian (Closes: #282268)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 4 Dec 2004 19:56:53 +0100
shorewall (2.0.11-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Tue, 23 Nov 2004 00:15:46 +0100
shorewall (2.0.10-2) unstable; urgency=low
* Fixed a typo in debian/shorewall.dirs and removed the empty directory
/usr/share/doc/shorewall/defaul-config/ (Closes: #279836).
* Updated bogons to reflect recent allocations by the IANA.
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 14 Nov 2004 23:53:59 +0100
shorewall (2.0.10-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Mon, 25 Oct 2004 21:53:39 +0200
shorewall (2.0.9-2) unstable; urgency=low
* Converted NEWS.Debian into changelog format
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 15 Oct 2004 15:53:32 +0200
shorewall (2.0.9-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 15 Oct 2004 15:13:22 +0200
shorewall (2.0.8-6) unstable; urgency=low
* updated debian/rules in order to install packages file trought dh_install
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 22 Sep 2004 23:52:36 +0200
shorewall (2.0.8-5) unstable; urgency=high
* fixed a typo in action.AllowRsync that caused an error during
shorewall startup (Closes: #272298)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Mon, 20 Sep 2004 19:44:48 +0200
shorewall (2.0.8-4) unstable; urgency=high
* The wait4ifup script now uses only POSIX features (Closes:#270327)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 12 Sep 2004 20:40:27 +0200
shorewall (2.0.8-3) unstable; urgency=low
* Added action to allow Subversion traffic (Closes: #268858)
* Added action to allow CVS pserver traffic (Closes: #268855)
* Added action to allow MySQL traffic (Closes: #268859)
* Added action to allow PostrgreSQL traffic (Closes: #268860)
* Added action to allow Rsync traffic (Closes: #268862)
* Added action to allow Distributed Compiler traffic (Closes: #268854)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Mon, 30 Aug 2004 22:41:35 +0200
shorewall (2.0.8-2) unstable; urgency=high
* Added action.AllowSMBswat to allow connection to Swat (Samba web
configuration tool) (Closes: #268430)
* The script wait4ifup was not installed by debian/rules, that prevents
shorewall startup from init script. It is now fixed (Closes: #268740)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 29 Aug 2004 14:57:52 +0200
shorewall (2.0.8-1) unstable; urgency=low
* New upstream release
* The patches needed to suit the package to Debian are now applied through
dpatch. Previously they were applied by bash scripts wrote by me.
* Created a README.Debian containing information about the first
configuration of shorewall on Debian systems and configuration tips for
PPP connections. This file replaces Debian_install.txt and README.ppp.
The typo in Debian_install.txt has been fixed (Closes: #268232)
* Added action.AllowBittorrent to allow connection to bittorrent ports
(Closes: #265511)
* Updated conflicting packages
* Added kernel-image-2.6 to suggested packages (Closes: #268235)
* The package now installs the configuration file shorewall.conf
into /etc/shorewall/ as this file, seldom, requires modification
(Closes: #261545)
* Updated /usr/share/shorewall/bogons to reflect current IANA addresses
allocation.
* Added German (de) debconf template translation provided by Erik Schanze
(Closes: #268319)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 27 Aug 2004 00:51:24 +0200
shorewall (2.0.7-2) unstable; urgency=low
* Updated Brazilian Portuguese (pt_BR) debconf template translation. Patch
provided by Andre Luis Lopes (Closes: #264299).
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 08 Aug 2004 17:12:42 +0200
shorewall (2.0.7-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 30 Jul 2004 10:28:11 +0200
shorewall (2.0.6-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 18 Jul 2004 10:24:57 +0200
shorewall (2.0.5-2) unstable; urgency=low
* Updated version number (previous version reports 2.0.4 instead of 2.0.5)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 11 Jul 2004 19:13:47 +0200
shorewall (2.0.5-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 11 Jul 2004 12:44:49 +0200
shorewall (2.0.3-1) unstable; urgency=high
* New upstream release
* Use mktemp to create temporary files in order to avoid race conditions and
symlink attacks when an admin runs 'shorewall show'. The bug has been
solved in the upstream release (Closes: #256377)
* Restrict access to /etc/shorewall and /var/lib/shorewall to only root
users. This avoids providing access to local firewall rulesets to users
which are not allowed to view them. This will only apply to new
installations, however. (patch submitted by jfs@computer.org)
* Added new actions for syslogd, ldap, icq, amada, smtp (Closes: #256840)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 30 Jun 2004 10:29:47 +0200
shorewall (2.0.2-6) unstable; urgency=low
* Fixed the initscirpt, there were missing two echo commands
(Closes: #254946)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 18 Jun 2004 22:23:25 +0200
shorewall (2.0.2-5) unstable; urgency=low
* Added action.AllowSPAMD to allow connection to spamassassin daemon
(Closes: #254260)
* Addedd Debian_install.txt to illustrate the setup direction for a fresh
configuration of the package (Closes: #254060)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Tue, 15 Jun 2004 15:29:43 +0200
shorewall (2.0.2-4) unstable; urgency=low
* Applied upstream patch (2.0.2f)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Tue, 08 Jun 2004 00:58:40 +0200
shorewall (2.0.2-3) unstable; urgency=low
* Applied upstream patches (2.0.2e)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 02 Jun 2004 19:07:34 +0200
shorewall (2.0.2-2) unstable; urgency=low
* Applied upstream patches (2.0.2c and 2.0.2d)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 30 May 2004 23:31:00 +0200
shorewall (2.0.2-1) unstable; urgency=low
* New upstream release
* Updated the manpage
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Tue, 18 May 2004 22:59:56 +0200
shorewall (2.0.1-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 30 Apr 2004 12:50:39 +0200
shorewall (2.0.0-5) unstable; urgency=low
* added NEWS.Debian. It contains information about the new features
introduced in the new release and about how to upgrade an already
configured shorewall (Closes: #243403)
* updated french debconf templates translation (Closes: #243644)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 15 Apr 2004 10:01:48 +0200
shorewall (2.0.0-4) unstable; urgency=low
* bug #241495 was still present as dh_installinit looks for the initscript
inside debian. It should be really fixed now.
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Mon, 5 Apr 2004 23:50:38 +0200
shorewall (2.0.0-3) unstable; urgency=high
* init script wasn't installed due to a typo in debian/rules. It is now
fixed (Closes: #241495)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Thu, 1 Apr 2004 21:44:55 +0200
shorewall (2.0.0-2) unstable; urgency=low
* Applied upstream patches (2.0.0a)
* Applied upstream patches (2.0.0b)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Tue, 23 Mar 2004 15:54:28 +0100
shorewall (2.0.0-1) unstable; urgency=low
* New upstream releases
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 20 Mar 2004 14:07:05 +0100
shorewall (1.4.10-3) unstable; urgency=low
* Applied upstream patch 1.4.10d
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 20 Mar 2004 14:19:15 +0100
shorewall (1.4.10-2) unstable; urgency=low
* Applied upstream patch 1.4.10b
* Applied upstream patch 1.4.10c
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 18 Feb 2004 10:30:01 +0100
shorewall (1.4.10-1) unstable; urgency=low
* new upstream release
* the source package has been splitted into shorewall and shorewall-doc
because the upstream package has been splitted too. shorewall-doc is now
a debian native package containing the documentation in html, pdf and some
examples (Closes: #222339)
* the initscript failed to load required function when the INCLUDE directive
was used in one of the configuration files. The problem was probably in
the upstream package, with the new version it doesn't fail anymore
(Closes: #230828)
* the new version of the package includes an updated rfc1918 that reflects
the current list of reserved network addresses (Closes: #230863)
* applied patches from version 1.4.10a
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 8 Feb 2004 23:51:16 +0100
shorewall (1.4.8.stable-2) unstable; urgency=low
* applied upstream patch to fix the SNAT/DNAT bug
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Mon, 22 Dec 2003 23:11:04 +0100
shorewall (1.4.8.stable-1) unstable; urgency=low
* New upstream release (1.4.8)
* dash support was fixed in the upstream release (Closes: #218350)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 22 Nov 2003 17:51:16 +0100
shorewall (1.4.8.rc2-1) unstable; urgency=low
* New upstream beta release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 2 Nov 2003 12:40:40 +0100
shorewall (1.4.8.rc1-1) unstable; urgency=low
* New upstream beta release release
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Fri, 31 Oct 2003 00:37:05 +0100
shorewall (1.4.7.stable-3) unstable; urgency=low
* applied upstream patches: 1.4.7c
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sun, 26 Oct 2003 23:05:54 +0100
shorewall (1.4.7.stable-2) unstable; urgency=low
* applied upstream patches: 1.4.7a and 1.4.7b
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 25 Oct 2003 12:24:26 +0200
shorewall (1.4.7.stable-1) unstable; urgency=low
* New upstream release
* fixed debian/rules to install common.def (Closes: #208959)
* configuration files in /etc/shorewall are not installed by dpkg and so
they are not marked as configuration files. They will be installed only
the first time. During upgrade they are not touched, thus avoiding dpkg to
prompt the user for replacing them and to leave the box with an invalid
configuration. The default configuration files are always installed in
/usr/share/doc/shorewall/default-config. (Closes: #197132)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Sat, 11 Oct 2003 12:22:33 +0200
shorewall (1.4.7b1-1) unstable; urgency=low
* New upstream beta release
* the new version works with kernel 2.6.x (Closes: #201186)
* patched the contrib script "wait4ifup" in order avoid problem when calling
"sleep 0.5". If the system uses a different locale the script could fail
because in some country ',' is used instead of '.'. The script now sets
internally LANG to C (Closes: #203201)
-- Lorenzo Martignoni <lorenzo.martignoni@poste.it> Wed, 27 Aug 2003 09:50:33 +0200
shorewall (1.4.5-1) unstable; urgency=low
* New upstream release
* applied the patch from bubulle@debian.org to fix a typo in
shorewall.templates, po/it.po and po/pt_BR.po (Closes: #197300)
* included debconf french templates translation (submitted by
bubulle@debian.org)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 23 Jun 2003 17:28:55 +0200
shorewall (1.4.4b-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Thu, 29 May 2003 22:39:29 +0200
shorewall (1.4.4-1) unstable; urgency=low
* New upstream release
* applied the patch from andrelop@ig.com.br to add the support for
po-debconf (Closes: #190054)
* added debconf template translation in italian langage
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 28 May 2003 00:13:15 +0200
shorewall (1.4.3-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 21 May 2003 20:46:53 +0200
shorewall (1.4.2-1) unstable; urgency=low
* New upstream release (fixes a bug in the previous release: it was
impossible to make the firewall route traffic from a group of hosts back
to itself).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 13 Apr 2003 21:32:08 +0200
shorewall (1.4.1-1) unstable; urgency=low
* New upstream release.
* patched /usr/share/shorewall/firewall in order to get 'traceroute' to work
correctly (Closes: #186727).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sat, 5 Apr 2003 17:38:14 +0200
shorewall (1.4.0-2) unstable; urgency=medium
* Modified shorewall.config and shorewall.postinst to handle properly the
configuration through debconf and to avoid errors during installation
(Closes: #185746).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 25 Mar 2003 22:08:58 +0100
shorewall (1.4.0-1) unstable; urgency=low
* New upstream release (Closes: #185252). There are some changes from the
previous release, take a look at the "releasenotes.txt" file.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Thu, 6 Mar 2003 13:59:52 +0100
shorewall (1.3.14stable.a-1) unstable; urgency=medium
* New upstream release to fix some bugs in version 1.3.14.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Thu, 13 Mar 2003 10:50:31 +0100
shorewall (1.3.14stable-4) unstable; urgency=low
* Fixed the initscript to add support for unconfigured ppp interfaces. Read
the file /usr/share/doc/shorewall/README.ppp for more information about
how to use this feature (Closes: #175382).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 26 Feb 2003 11:27:57 +0100
shorewall (1.3.14stable-3) unstable; urgency=low
* Added a missing image in shorewall-doc (Closes: #181291)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 17 Feb 2003 11:00:02 +0100
shorewall (1.3.14stable-2) unstable; urgency=low
* updated rfc1918 to reflect the recent IANA allocation of 222/8 and 223/8
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 14 Feb 2003 09:49:12 +0100
shorewall (1.3.14stable-1) unstable; urgency=low
* new upstream release
* removed a bashism found in the preinst script
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 10 Feb 2003 12:43:42 +0100
shorewall (1.3.14rc1-1) unstable; urgency=low
* new release (release candidate)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 4 Feb 2003 22:59:15 +0100
shorewall (1.3.14beta2-1) unstable; urgency=low
* new beta release
* added a warning message in the preinst script to inform users about the
new way to handle ICMP.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 29 Jan 2003 19:34:39 +0100
shorewall (1.3.14beta1-1) unstable; urgency=low
* new beta release
* the documentation in pdf format is not ready yet because this is a beta
release, it will be included in shorewall-doc in the final release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 27 Jan 2003 12:09:12 +0100
shorewall (1.3.13-3) unstable; urgency=high
* fixed a bug in shorewall.conf: SHARED_DIR was pointing to the old location
of shorewall scripts, now moved to /usr/share/shorewall/ (Closes: #178109)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 27 Jan 2003 11:19:23 +0100
shorewall (1.3.13-2) unstable; urgency=low
* applied the errata patch to fix the "firewall" script
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 22 Jan 2003 10:01:34 +0100
shorewall (1.3.13-1) unstable; urgency=low
* New upstream release
* SUBSYSLOCK is now set to "" as /etc/init.d/shorewall doesn't need it
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 15 Jan 2003 23:10:38 +0100
shorewall (1.3.12stable-4) unstable; urgency=low
* added manpage for the commandline of shorewall (Closes: #168419)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 10 Jan 2003 00:32:26 +0100
shorewall (1.3.12stable-3) unstable; urgency=low
* /var/state/ does no longer exist. The SUBSYSLOCK variable of
shorewall.conf is set to /var/lib/shorewall/state according to FSH
(Closes: #174776).
* /usr/lib/shorewall contained only architecture independent files, those
files are moved to /usr/share/shorewall according to FSH (Closes: #173266)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 6 Jan 2003 21:07:11 +0100
shorewall (1.3.12stable-2) unstable; urgency=low
* included in shorewall-doc some configuration examples (Closes: #175411)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 6 Jan 2003 20:14:27 +0100
shorewall (1.3.12stable-1) unstable; urgency=low
* new stable release
* the documentation in pdf format is not included because is isn't ready at
the moment, it will be included in the next debian release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sat, 28 Dec 2002 00:04:18 +0100
shorewall (1.3.12beta3-1) unstable; urgency=low
* new beta release
* fixed copyright notice, now the file contains only a reference to the text
of the license
* removed the dependency on awk as suggested by lintian
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 27 Dec 2002 18:57:53 +0100
shorewall (1.3.11a-2) unstable; urgency=high
* Shorewall is now started just after the networking setup in order to avoid
a temporal window in which firewalled services are not protected because
the firewall isn't started yet (Closes: #172607).
* The default configuration file, /etc/shorewall.conf, now disables the
support for NAT, ip forwarding, and traffic shaping (Closes: #172362).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 13 Dec 2002 17:15:33 +0100
shorewall (1.3.11a-1) unstable; urgency=low
* Upstream author fixed the problem with the "echo" command in order to
avoid escape sequences that weren't supported by bash clones
(Closes: #168416)
* added the documentation in pdf format into shorewall-doc (Closes: #169666)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 4 Dec 2002 20:46:27 +0100
shorewall (1.3.10-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 10 Nov 2002 13:59:10 +0100
shorewall (1.3.9b-1) unstable; urgency=low
* New beta release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Thu, 10 Oct 2002 22:02:41 +0200
shorewall (1.3.9a-1) unstable; urgency=low
* New beta release
* fixed firewall script in order to avaid problem via non bash shell (the
upstream author applied the patch submitted by Chris Johnsen
<epoch@pobox.com>) (Closes: #162116)
* updated dependecies, original-awk can do the job so any package providing
awk statifies the dependency (Closes: #162117)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sat, 5 Oct 2002 17:19:06 +0200
shorewall (1.3.9-1) unstable; urgency=low
* New upstream release
* Moved firewall and functions from /var/lib/shorewall to /usr/lib/shorewall
(Closes: #162568).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 27 Sep 2002 22:22:01 +0200
shorewall (1.3.8-2) unstable; urgency=low
* The startup is now denied via /etc/default/shorewall.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 20 Sep 2002 20:01:57 +0200
shorewall (1.3.8-1) unstable; urgency=low
* New upstream release
* Added a warning massage plus a exit call in the init script in order to
prevent an automatic startup of the firewall with the default
configuration, that would block any kind of traffic to the host.
(Closes: #160211)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 18 Sep 2002 18:05:01 +0200
shorewall (1.3.7c-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 6 Sep 2002 11:34:06 +0200
shorewall (1.3.7b-2) unstable; urgency=low
* fixed debian/postinst to remove the wrongly placed routestopped
configuration file
* debian/postinst also removes the directory /var/state/shorewall, it must
be a file instead of a directory
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 27 Aug 2002 11:09:49 +0200
shorewall (1.3.7b-1) unstable; urgency=low
* New beta release
* added little descriptions to previous entry of debian/changelog
* fixed the value of SUBSYSLOCK in /etc/shorewall/shorewall.conf becuse it was
pointing to a wrong directory. Now it points to /var/state/shorewall.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 26 Aug 2002 13:59:34 +0200
shorewall (1.3.7a-1) unstable; urgency=low
* New beta release
* Fixed a type in debian/rules, routestopped was installed in /etc instead
of /etc/shorewall (Closes: #157876)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sat, 24 Aug 2002 15:26:37 +0200
shorewall (1.3.6-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 7 Aug 2002 12:56:14 +0200
shorewall (1.3.5b-1) unstable; urgency=low
* new beta release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 4 Aug 2002 12:31:27 +0200
shorewall (1.3.5-2) unstable; urgency=low
* New beta release (1.3.5b)
* Removed README.Debian bacuse ".local" patch is not applyed anymore
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Thu, 1 Aug 2002 20:19:20 +0200
shorewall (1.3.5-1) unstable; urgency=low
* New upstream release
* debian/shorewall.dirs now contains var/state/shorewall, SUBSYSLOCK in
/etc/shorewall/shorewall.conf must ponit to it (Closes: #154122)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 28 Jul 2002 12:32:19 +0200
shorewall (1.3.3-2) unstable; urgency=low
* added Uploader field in debian/control
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 9 Jul 2002 23:56:28 +0200
shorewall (1.3.3-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 8 Jul 2002 23:30:58 +0200
shorewall (1.3.2-1) unstable; urgency=low
* New upstream release (Closes: #149977)
* /usr/share/shorewall no longer exist, now functions, firewall and version
are placed in /var/lib/shorewall
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 21 Jun 2002 18:34:42 +0200
shorewall (1.3.1-3) unstable; urgency=low
* moved /etc/shorewall/(functions|firewall) in /usr/share/firewall
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 14 Jun 2002 21:38:04 +0200
shorewall (1.3.1-2) unstable; urgency=low
* patched /etc/shorewall/function to simplify upgrades
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 14 Jun 2002 20:12:16 +0200
shorewall (1.3.1-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 5 Jun 2002 00:14:45 +0200
shorewall (1.2.13-2) unstable; urgency=low
* fix build-dependencies, shorewall now build-depends on debhelper
(Closes: #146914)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 19 May 2002 12:17:27 +0200
shorewall (1.2.13-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 5 May 2002 12:03:17 +0200
shorewall (1.2.12-3) unstable; urgency=low
* Shorewall depends on iproute (Closes: #144698).
* Fixed /etc/shorewall/shorewall.conf (thanks to Karl E. Jorgensen
<karl@jorgensen.com>) (Closes: #145271).
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 3 May 2002 01:15:00 +0200
shorewall (1.2.12-2) unstable; urgency=low
* small fix in shorewall.init script
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 28 Apr 2002 20:49:12 +0200
shorewall (1.2.12-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 26 Apr 2002 16:03:41 +0200
shorewall (1.2.11-2) unstable; urgency=low
* fixed Section and Priority fields in debian/control
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 16 Apr 2002 15:40:25 +0200
shorewall (1.2.11-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 15 Apr 2002 23:14:16 +0200
shorewall (1.2.10-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Wed, 27 Mar 2002 21:44:53 +0100
shorewall (1.2.9-2) unstable; urgency=low
* Break long lines in control file. (Matthias Klose <doko@debian.org>)
* Upload to incoming. (Matthias Klose <doko@debian.org>)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 12 Mar 2002 23:47:32 +0100
shorewall (1.2.9-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Tue, 12 Mar 2002 19:08:37 +0100
shorewall (1.2.8-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 1 Mar 2002 01:21:15 +0100
shorewall (1.2.6-1) unstable; urgency=low
* New version
* Fix a bug in update-rc.d args
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 15 Feb 2002 12:16:58 +0100
shorewall (1.2.5-2) unstable; urgency=low
* The package is lintian clean
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 4 Feb 2002 21:24:31 +0100
shorewall (1.2.5-1) unstable; urgency=low
* New upstream version
* Dependencies fix: moved kernel-image-2.4 in Suggests
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sat, 2 Feb 2002 17:03:44 +0100
shorewall (1.2.3-4) unstable; urgency=low
* Fixed some dependencies: iptables version, moved iproute from Depends to
Reccomends, added kernel-image-2.4 in Reccomends
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 27 Jan 2002 20:48:45 +0100
shorewall (1.2.3-3) unstable; urgency=low
* Removed firewall manpage (linked to undocumented)
* Remoded usr/share/doc/shorewall/html directory (it was empty)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 27 Jan 2002 11:49:28 +0100
shorewall (1.2.3-2) unstable; urgency=low
* Removed my patch to fix a mistake in shorewall.conf because it's not
needed any more
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 21 Jan 2002 20:18:51 +0100
shorewall (1.2.3-1) unstable; urgency=low
* New upstream release
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Mon, 21 Jan 2002 20:00:29 +0100
shorewall (1.2.2-2) unstable; urgency=low
* Fixed a little directory mistake in shorewall.conf
* Created shorewall-doc packages
-- lorenzo martignoni <lorenzo.martignoni@milug.org> Sat, 12 Jan 2002 23:40:08 +0100
shorewall (1.2.2-1) unstable; urgency=low
* New upstream release (1.2.2)
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Fri, 11 Jan 2002 19:43:26 +0100
shorewall (1.2.0-1) unstable; urgency=low
* Initial Release.
-- Lorenzo Martignoni <lorenzo.martignoni@milug.org> Sun, 30 Dec 2001 20:44:47 +0100

31
Shorewall-common/debian/control
View File

@ -1,31 +0,0 @@
Source: shorewall
Section: net
Priority: optional
Maintainer: Lorenzo Martignoni <lorenzo.martignoni@poste.it>
Uploaders: Matthias Klose <doko@debian.org>
Build-Depends-Indep: debhelper (>> 4.1.16), po-debconf, dpatch
Standards-Version: 3.6.2
Package: shorewall
Architecture: all
Depends: iptables (>= 1.2.7a), iproute, debconf
Suggests: shorewall-doc, kernel-image-2.4 | kernel-image-2.6
Conflicts: ipmasq, knetfilter, firewall-easy, filtergen, uif, webmin-firewall, ipmenu, gnome-lokkit, guarddog, guidedog, ferm, fireflier-server
Recommends: wget
Description: Shoreline Firewall (Shorewall)
Shorewall is an iptables based firewall that can be used on a dedicated
firewall system, a multi-function masquerade gateway/server or on a standalone
Linux system.
.
Shorewall supports these features:
* Customizable using configuration files.
* Supports status monitoring with an audible alarm when an "interesting"
packet is detected.
* Include a fallback script that backs out the installation of the most
recent version of Shoreline Firewall and an uninstall script for
completely uninstalling the firewall.
* Static NAT is supported.
* Proxy ARP is supported.
* Provides DMZ functionality.
* Support for IPSEC, GRE and IPIP Tunnels.
* Support for Traffic Control/Shaping

16
Shorewall-common/debian/copyright
View File

@ -1,16 +0,0 @@
This package was debianized by Lorenzo Martignoni
<lorenzo.martignoni@milug.org> on Sun, 30 Dec 2001 20:44:47 +0100.
It was downloaded from http://shorewall.sourceforge.net
Upstream Author: Thomas M. Eastep <teastep@shorewall.net>
Copyright (C) 1999-2005 Thomas M. Eastep <teastep@shorewall.net>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
On Debian systems, the complete text of the GNU General Public License, version
2, can be found in /usr/share/common-licenses/GPL-2.

85
Shorewall-common/debian/rules
View File

@ -1,85 +0,0 @@
#!/usr/bin/make -f
#
# Shorewall firewall (http://www.shorewall.net)
# debianized version
export DH_COMPAT=3
# Include dpatch stuff.
include /usr/share/dpatch/dpatch.make
# shorewall version
#export V=`cat install.sh | grep "^VERSION=" | head -n 1 | cut -f 2 -d "="`
SRWL=$(CURDIR)/debian/shorewall
build: patch build-stamp
#debian/po/templates.pot
build-stamp:
dh_testdir
# there's nothing to compile ;-)
touch build-stamp
#debian/po/templates.pot: debian/shorewall.templates
# @debconf-updatepo
# @podebconf-report-po
clean: clean-patched unpatch
clean-patched:
dh_testdir
dh_testroot
rm -f build-stamp
# clean the build directory
rm -rf $(SRWL)
dh_clean
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs
dh_install
# Temporary zones are only available to root
chmod 750 $(SRWL)/var/lib/shorewall
# As well as configuration files
chmod 750 $(SRWL)/etc/shorewall
chmod 640 $(SRWL)/etc/shorewall/*
# set version number
echo $V > $(SRWL)/usr/share/shorewall/version
# global configuration has to be fully readable
chmod 644 $(SRWL)/usr/share/shorewall/*
# must be executable
chmod 755 $(SRWL)/usr/share/shorewall/help
chmod 755 $(SRWL)/usr/share/shorewall/shorewall
chmod 755 $(SRWL)/usr/share/shorewall/firewall
chmod 755 $(SRWL)/usr/share/shorewall/functions
#chmod 755 $(SRWL)/usr/share/shorewall/wait4ifup
#chmod 755 $(SRWL)/usr/share/shorewall/update-bogons
binary-indep: build install
dh_testdir
dh_testroot
dh_installdocs releasenotes.txt COPYING INSTALL README.txt
#debian/NEWS.Debian
dh_installman debian/shorewall.8
dh_installchangelogs changelog.txt
dh_installlogrotate
dh_installinit --no-start -u"start 40 S . stop 89 0 6 ."
dh_installdebconf
dh_compress -Xusr/share/doc/shorewall/default-config
dh_fixperms -Xetc/shorewall -Xvar/lib/shorewall
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
binary-arch: build install
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install patch unpatch \
clean-patched

330
Shorewall-common/debian/shorewall.8
View File

@ -1,330 +0,0 @@
.TH SHOREWALL 8 "November 2002" "" ""
.SH NAME
shorewall \- the Shoreline firewall, an iptables based firewall
.SH SYNOPSIS
\fBshorewall\fR [debug|trace] [nolock] [-c <directory>] [-q] [-f] <command>
.SH COPYRIGHT
Copyright (C) 1999-2005 by Tom Eastep <teastep@shorewall.net>
.SH DESCRIPTION
The \fBShoreline Firewall\fR, more commonly known as Shorewall, is a
Netfilter (iptables) based firewall that can be used on a dedicated firewall
system, a multi-function gateway/router/server or on a standalone GNU/Linux
system.
.SH OPTIONS
.TP
\fBdebug|trace\fR
Set up the debug mode (sets the -x shell option).
.TP
\fBnolock\fR
Tells Shorewall not to acquire the lock file (\fI$STATEDIR/lock\fR). Used by programs issuing Shorewall commands when those programs already have the lock file.
.TP
\fB\-c \fIdirectory\fR
Look for configuration files in \fIdirectory\fR instead of \fI/etc/shorewall/\fR.
.TP
\fB-f\fR
If the file \fI/var/lib/shorewall/restore\fR is present shorewall restore the state of the firewall when \fI/var/lib/shorewall/restore\fR was created. Note: this option can be used only with the \fBstart\fR command.
.TP
\fB-q\fR
Quiet mode.
.SH STARTUP COMMAND
.TP
\fBstart\fR
Starts the firewall.
.TP
\fBstop\fR
Stops the firewall. The only traffic permitted through the firewall is from systems listed in \fI/etc/shorewall/routestopped\fR.
.TP
\fBrestart\fR
Stops the firewall (if it's running) and then starts it again.
.TP
\fBreset\fR
Reset the packet and byte counters in the firewall.
.TP
\fBclear\fR
Remove all rules and chains installed by the firewall.
.TP
\fBrefresh\fR
Refresh the rules involving the broadcast addresses of firewall interfaces, the black list, traffic control rules and ECN control rules.
.TP
\fBsave\fR
Creates a script \fI/var/lib/shorewall/restore\fR which when run will restore the state of the firewall to its current state.
.TP
\fBrestore\fR
Runs the \fI/var/lib/shorewall/restore\fR created by the Shorewall save command.
.TP
\fBforget\fR
Removes the \fI/var/lib/shorewall/restore\fR script created by the save command.
.SH MONITORING COMMAND
.TP
\fBstatus\fR
Produces a verbose report about the firewall (iptables -L -n -v).
.TP
\fBshow [\fIkey\fR]
Produces a verbose report about the firewall (iptable -L -n -v), \fIkey\fR can be one of the following:
.RS
.TP
\fBchain\fR
Produces a verbose report about the \fIchain\fR (iptable -L \fIchain\fR -n -v)
.TP
\fBnat\fR
Produces a verbose report about the nat table (iptables -t nat -L -n -v).
.TP
\fBtos\fR
Produces a verbose report about the mangle table (iptables -t mangle -L -n -v).
.TP
\fBlog\fR
Display the last 20 packet log entries.
.TP
\fBconnections\fR
Displays the IP connections currently being tracked by the firewall.
.TP
\fBtc\fR
Displays information about the traffic control/shaping configuration
.TP
\fBdynamic\fR
Displays the dynamic blacklisting configuration
.RE
.TP
\fBmonitor\fR [\fIdelay\fR]
Continuously displays the firewall status, last 20 log entries and nat. When the
log entry display changes, an audible alarm is sounded. The \fIdelay\fR indicates the number of seconds between updates with the default being 10 seconds.
.TP
\fBhits\fR
Produces several reports about the Shorewall packet log messages in the current log file named in the \fI$LOGFILE\fR variable in \fR/etc/shorewall/shorewall.conf\fR.
.TP
\fBversion\fR
Displays the installed version number.
.TP
\fBcheck\fR
Performs a cursory validation of the zones, interfaces, hosts, rules and policy
files. \fBCAUTION\fR: this command is totally unsuppored and does not parse and validate the generated iptables commands. Even though the command completes successfully, the configuration may fail to start. Problem reports that complain about errors that the command does not detect will not be accepted.
.TP
\fBtry\fR \fIconfiguration-directory\fR [\fItimeout\fR]
Restarts Shorewall using the configuration found in \fIconfiguration-directory\fR and if an error occurs or if the \fItimeout\fR option is given and the new configuration has been up for that many seconds then Shorewall is restarted using the standard configuration.
.TP
\fBlogwatch\fR
Monitors the \fI$LOGFILE\fR and produces an audible alarm when new
Shorewall messages are logged.
.SH DYNAMIC BLACKLIST COMMAND
Shorewall can handle blacklists dynamically:
.TP
\fBdrop\fR <\fIipaddresslist\fR>
Inserts \fIipaddresslist\fR into the blacklist using the \fIDENY\fR policy.
.TP
\fBreject\fR <\fIipaddresslist\fR>
Inserts \fIipaddresslist\fR into the blacklist using the \fIREJECT\fR policy
.TP
\fBallow\fR <\fIipaddresslist\fR>
Removes \fIipaddresslist\fR from the blacklist.
.TP
\fBsave\fR
saves the dynamic blacklisting configuration so that it will be automatically restored the next time that the firewall is restarted. This command also creates the \fI/var/lib/shorewall/restore\fR script as described above.
.SH
DYNAMIC ZONES COMMAND
Shorewall's zones can be altered dynamically:
.TP
\fBadd\fR <\fIinterface\fR>[:\fIhost\fR] <\fIzone\fR>
Adds the specified \fIinterface\fR (and \fIhost\fR if included) to the
specified \fIzone\fR.
.TP
\fBdel\fR <\fIinterface\fR>[:\fIhost\fR] <\fIzone\fR>
Deletes the specified \fIinterface\fR (and \fIhost\fR if included) from the
specified \fIzone\fR.
.SH
MISC COMMAND
.TP
\fBipcalc\fR [<\fIaddress\fR> <\fImask\fR> | <\fIaddress/vlsm\fR>]
Displays the network address, broadcast address, network in CIDR notation and
netmask corresponding to the input[s].
.TP
\fBiprange\fR \fIaddress1-address2\fR
Decomposes the specified range of IP addresses into the equivalent list of
network/host addresses.
.SH SEE ALSO
.TP
iptables(8)
.SH CONFIGURATION FILES
.TP
\fI/etc/shorewall/\fR
The default configuration directory. Common default configurations provided by the author are installed under \fI/usr/share/shorewall/\fR.
.TP
\fIshorewall.conf\fR
Main Shorewall's configuration file.
.TP
\fIparams\fR
Set shell variables that can be used in some of the other configuration files.
.TP
\fIzones\fR
Define the network zones.
.TP
\fIinterfaces\fR
Tells the firewall which of your firewall's network interfaces are connected to which zone.
.TP
\fIhosts\fR
Defines zones in terms of subnets and/or individual IP addresses.
.TP
\fIpolicy\fR
Describes the firewall policies that control the traffic between zones.
.TP
\fIrules\fR
Defines exceptions to the policies.
.TP
\fImasq\fR
Defines classical IP Masquerading and Source Network Address Translation (SNAT).
.TP
\fIproxyarp\fR
Defines Proxy ARP.
.TP
\fInat\fR
Defines static NAT rules.
.TP
\fItunnels\fR
Defines IPSec, GRE, IPIP and PPTP tunnels with end-points on the firewall.
.TP
\fItcrules\fR
Defines marks to classify packet for traffic shaping.
.TP
\fImodules\fR
Contains commands for loading the kernel modules required by Shorewall-defined firewall rules.
.TP
\fItos\fR
Defines Type of Service field in packet headers based on packet source, packet
destination, protocol, source port and destination port.
.TP
\fIblacklist\fR
Defines static blacklists.
.TP
\fIrfc1918\fR
Defines the treatment of packets under the \fInorfc1918\fR interface option (it is installed under \fI/ysr/share/shorewall\fR).
.TP
\fIroutestopped\fR
Defines the hosts that are accessible from the firewall when the firewall is stopped.
.TP
\fImaclist\fR
Associates MAC addresses with interfaces and optionally associates IP addresses with MAC addresses.
.TP
\fInetmap\fR
.
.TP
\fIinit\fR
Contains a list of commands that will be executed at the beginning of a "shorewall start" or "shorewall restart" command.
.TP
\fIinitdone\fR
Contains a list of commands that will be executed early in the process of
Shorewall configuration, after the old configuration has been cleared.
.TP
\fIstart\fR
Contains a list of commands that will be executed after Shorewall has been started or restarted.
.TP
\fIstop\fR
Contains a list of commands that will be executed at the beginning of a
"shorewall stop" command.
.TP
\fIstopped\fR
Contains a list of commands that will be executed at the completion of a
"shorewall stop" command.
.TP
\fIecn\fR
Lists the destinations for which you want to disable ECN.
.TP
\fIusers\fR
Associates local users and/or groups to Shorewall "User Sets".
.TP
\fIuserset\fR
Controls access by individual users to other network hosts from the firewall system.
.TP
\fIaccounting\fR
Contains rules for traffic accounting.
.TP
\fIactions\fR and \fIaction.template\fR
Files in \fI/etc/shorewall\fR and \fI/usr/share/shorewall\fR respectively that allow you to define your own actions for rules in \fI/etc/shorewall/rules\fR.
.TP
\fIactions.std\fR and \fIaction.*\fR
Files in \fI/usr/share/shorewall\fR that define the actions included as a standard part of Shorewall.
.SH AUTHORS
Tom Eastep <teastep@shorewall.net>

62
Shorewall-common/debian/shorewall.config
View File

@ -1,62 +0,0 @@
#!/bin/sh -e
. /usr/share/debconf/confmodule
if [ "$1" = "configure" ]
then
# reset restart help
db_clear shorewall/dont_restart || true
db_go
# if we are upgrading from version < 1.4 warns the user
if [ "$2" ] && dpkg --compare-versions "$2" lt "1.4.0-1"
then
db_input critical shorewall/upgrade_to_14 || true
db_go
db_get shorewall/upgrade_to_14 || true
if [ "$RET" = "false" ]
then
db_input critical shorewall/dont_restart || true
db_go
fi
# check if an old rfc1918 file has been left in /etc/shorewall
# bug #308380
if [ -f /etc/shorewall/rfc1918 -a "`cat /etc/shorewall/interfaces | grep -v "#" | grep norfc1918`" != ""] ; then
db_input critical shorewall/warnrfc1918 || true
db_go
fi
fi
# if we are upgrading from version < 2.0 warns the user
if [ "$2" ] && dpkg --compare-versions "$2" lt "2.0" && dpkg --compare-versions "$2" gt "1.4.0-1"
then
db_input critical shorewall/upgrade_14_20 || true
db_go
db_get shorewall/upgrade_14_20 || true
if [ "$RET" = "false" ]
then
db_input critical shorewall/dont_restart || true
db_go
fi
fi
# if we are upgrading from version < 2.2 warns the user
if [ "$2" ] && dpkg --compare-versions "$2" lt "2.1.99" && dpkg --compare-versions "$2" gt "2.0"
then
db_input critical shorewall/upgrade_20_22 || true
db_go
db_get shorewall/upgrade_20_22 || true
if [ "$RET" = "false" ]
then
db_reset shorewall/dont_restart || true
db_input critical shorewall/dont_restart || true
db_go
fi
fi
fi

5
Shorewall-common/debian/shorewall.dirs
View File

@ -1,5 +0,0 @@
sbin
etc/shorewall
usr/share/shorewall
var/lib/shorewall
usr/share/doc/shorewall/default-config

123
Shorewall-common/debian/shorewall.init
View File

@ -1,123 +0,0 @@
#!/bin/sh
SRWL=/sbin/shorewall
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
# Note, set INITLOG to /dev/null if you do not want to
# keep logs of the firewall (not recommended)
INITLOG=/var/log/shorewall-init.log
test -x $SRWL || exit 0
test -x $WAIT_FOR_IFUP || exit 0
test -n $INITLOG || {
echo "INITLOG cannot be empty, please configure $0" ;
exit 1;
}
if [ "$(id -u)" != "0" ]
then
echo "You must be root to start, stop or restart \"Shorewall firewall\"."
exit 1
fi
echo_notdone () {
if [ "$INITLOG" = "/dev/null" ] ; then
echo "not done."
else
echo "not done (check $INITLOG)."
fi
}
not_configured () {
echo "#### WARNING ####"
echo "the firewall won't be started/stopped unless it is configured"
if [ "$1" != "stop" ]
then
echo ""
echo "please configure it and then edit /etc/default/shorewall"
echo "and set the \"startup\" variable to 1 in order to allow "
echo "shorewall to start"
fi
echo "#################"
exit 0
}
# parse the shorewall params file in order to use params in
# /etc/default/shorewall
if [ -f "/etc/shorewall/params" ]
then
. /etc/shorewall/params
fi
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall" ]
then
. /etc/default/shorewall
if [ "$startup" != "1" ]
then
not_configured
fi
else
not_configured
fi
# wait an unconfigured interface
wait_for_pppd () {
if [ "$wait_interface" != "" ]
then
for i in $wait_interface
do
$WAIT_FOR_IFUP $i 90
done
fi
}
# start the firewall
shorewall_start () {
echo -n "Starting \"Shorewall firewall\": "
wait_for_pppd
$SRWL start >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# stop the firewall
shorewall_stop () {
echo -n "Stopping \"Shorewall firewall\": "
$SRWL stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# restart the firewall
shorewall_restart () {
echo -n "Restarting \"Shorewall firewall\": "
$SRWL restart >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# refresh the firewall
shorewall_refresh () {
echo -n "Refreshing \"Shorewall firewall\": "
$SRWL refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
case "$1" in
start)
shorewall_start
;;
stop)
shorewall_stop
;;
refresh)
shorewall_refresh
;;
force-reload|restart)
shorewall_restart
;;
*)
echo "Usage: /etc/init.d/shorewall {start|stop|refresh|restart|force-reload}"
exit 1
esac
exit 0

7
Shorewall-common/debian/shorewall.install
View File

@ -1,7 +0,0 @@
action.* actions.std configpath continue firewall functions help macro.* modules rfc1918 shorewall /usr/share/shorewall
accounting actions blacklist ecn hosts init initdone interfaces ipsec ipsecvpn maclist masq nat netmap params policy providers proxyarp routestopped rules start started stop stopped tcclasses tcdevices tcrules tcstart tos tunnel tunnels zones /usr/share/doc/shorewall/default-config
shorewall.conf /etc/shorewall
shorewall /sbin

110
Shorewall-common/debian/shorewall.postinst
View File

@ -1,110 +0,0 @@
#!/bin/sh -e
. /usr/share/debconf/confmodule
case "$1" in
configure)
# create the default file to prevent automatic startup for unconfigured
# firewall
if [ ! -f "/etc/default/shorewall" ]
then
cat > /etc/default/shorewall << _EOF_
# prevent startup with default configuration
# set the below varible to 1 in order to allow shorewall to start
startup=0
# if your shorewall's configuration need to detect the ip address of a ppp
# interface you must list such interface in "wait_interface" to get shorewall to
# wait until the interface is configured otherwise the script will fail because
# it won't be able to detect the address.
#
# Example:
# wait_interface="ppp0"
# or
# wait_interface="ppp0 ppp1"
# or, if you have defined $PPP in /etc/shorewall/params
# wait_interface=$PPP
# EOF
_EOF_
fi
# install the default configuration files
# test -f /usr/share/shorewall/configfiles && rm -f /usr/share/shorewall/configfiles
# for i in /usr/share/doc/shorewall/default-config/*
# do
# o=`basename $i`
# p=`echo $o | sed "s/\.gz$//"`
# if [ ! -f /etc/shorewall/$p ]
# then
# if [ `echo $o | grep "\.gz$"` ]
# then
# o=`echo $o | sed "s/\.gz$//"`
# gunzip -c $i > /etc/shorewall/$o
# else
# cp $i /etc/shorewall/$o
# fi
# chmod 600 /etc/shorewall/$p
# fi
# echo "/etc/shorewall/$p" >> /usr/share/shorewall/configfiles
# done
# if we are upgrading from a version older than 1.3.11a-2 we should
# update our init script in order to setup the firewall just after the
# network configuration
if [ "$2" ] && dpkg --compare-versions "$2" le "1.3.11a-1"
then
update-rc.d -f shorewall remove > /dev/null 2>&1
fi
restart="true"
if [ "$2" ] && dpkg --compare-versions "$2" le "1.4.0-1"
then
db_get shorewall/upgrade_to_14 || true
if [ "$RET" = "false" ]
then
restart="false"
fi
else
if [ "$2" ] && dpkg --compare-versions "$2" le "2.0"
then
db_get shorewall/upgrade_14_20 || true
if [ "$RET" = "false" ]
then
restart="false"
fi
else
if [ "$2" ] && dpkg --compare-versions "$2" le "2.1.99"
then
db_get shorewall/upgrade_20_22 || true
if [ "$RET" = "false" ]
then
restart="false"
fi
fi
fi
fi
if [ "$restart" = "true" ]
then
if [ -x "/usr/sbin/invoke-rc.d" ]
then
invoke-rc.d shorewall restart
else
/etc/init.d/shorewall restart
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 0
;;
esac
#DEBHELPER#

38
Shorewall-common/debian/shorewall.postrm
View File

@ -1,38 +0,0 @@
#!/bin/sh -e
# summary of how this script can be called:
# * <postrm> `remove'
# * <postrm> `purge'
# * <old-postrm> `upgrade' <new-version>
# * <new-postrm> `failed-upgrade' <old-version>
# * <new-postrm> `abort-install'
# * <new-postrm> `abort-install' <old-version>
# * <new-postrm> `abort-upgrade' <old-version>
# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
# for details, see /usr/share/doc/packaging-manual/
case "$1" in
purge)
rm -rf /etc/default/shorewall
#for i in `cat /usr/share/shorewall/configfiles`
#do
# rm -f $i
#done
rm -rf /var/lib/shorewall
;;
remove|upgrade|faild-upgrade|abort-*|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 0
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#

21
Shorewall-common/debian/shorewall.prerm
View File

@ -1,21 +0,0 @@
#!/bin/sh -e
case "$1" in
# do not stop the firewall during an upgrade
remove)
if [ -x "/usr/sbin/invoke-rc.d" ]
then
invoke-rc.d shorewall stop
else
/etc/init.d/shorewall stop
fi
;;
upgrade|deconfigure|failed-upgrade)
;;
*)
echo "prerem called with unknown argument \`$1\'" >&2
exit 1
;;
esac
#DEBHELPER#

121
Shorewall-common/debian/shorewall.templates
View File

@ -1,121 +0,0 @@
Template: shorewall/upgrade_to_14
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now?
This is a major release of Shorewall that introduces some changes in the
configuration files. The major changes are listed below.
.
You _must_ review your firewall configuration in order to get Shorewall to
work properly.
.
* The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
.
* Interface names of the form <device>:<integer> in
/etc/shorewall/interfaces now generate an error.
.
* OLD_PING_HANDLING=Yes will generate an error at startup as will
specification of the 'noping' or 'filterping' interface options.
.
* In addition to behaving like OLD_PING_HANDLING=No, Shorewall 1.4 no
longer unconditionally accepts outbound ICMP packets. So if you want
to 'ping' from the firewall, you will need the appropriate rule or
policy.
.
* The 'routestopped' option in the /etc/shorewall/interfaces and
/etc/shorewall/hosts files is no longer supported and will generate
an error at startup if specified.
.
* The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer
accepted.
.
* The ALLOWRELATED variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
ALLOWRELATED=Yes.
.
* The 'multi' interface option is no longer supported.
.
* The SHARED_DIR variable has been removed from shorewall.conf. This
variable was for use by package maintainers and was not documented
for general use.
Template: shorewall/dont_restart
Type: note
Description: Shorewall won't be restarted automatically
This will prevent network blackout due to changes in configuration files.
.
Check your configuration and then restart Shorewall issuing:
.
invoke-rc.d shorewall restart
.
or
.
/etc/init.d/shorewall restart
Template: shorewall/upgrade_14_20
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now?
This is a major release of Shorewall that introduces some changes in the
configuration files. You have to check carefully your configuration before
restarting your firewall to avoid failures and network blackout. The changes
are listed below (or in /usr/share/doc/shorewall/upgrade_14-20.txt.gz):
.
* The 'dropunclean' and 'logunclean' interface options are no longer
supported. If either option is specified in /etc/shorewall/interfaces, an
threatening message will be generated.
.
* The NAT_BEFORE_RULES option has been removed from shorewall.conf. The
behavior of Shorewall is as if NAT_BEFORE_RULES=No had been specified. In
other words, DNAT rules now always take precidence over one-to-one NAT
specifications.
.
* The default value for the ALL INTERFACES column in /etc/shorewall/nat has
changed. In Shorewall 1.*, if the column was left empty, a value of "Yes"
was assumed. This has been changed so that a value of "No" is now assumed.
.
* The following files don't exist in Shorewall 2.0:
.
/etc/shorewall/common.def
/etc/shorewall/common
/etc/shorewall/icmpdef
/etc/shorewall/action.template (Moved to /usr/share/shorewall)
/etc/shorewall/rfc1918 (Moved to /usr/share/shorewall).
.
* The /etc/shorewall/action file now allows an action to be designated as the
"common" action for a particular policy type by following the action name
with ":" and the policy (DROP, REJECT or ACCEPT).
.
* The /etc/shorewall directory no longer contains a 'users' file or a
'usersets' file. Similar functionality is now available using user-defined
actions.
.
* It is no longer possible to specify rate limiting in the ACTION column of
/etc/shorewall/rules -- you must use the RATE LIMIT column.
.
* Depending on which method you use to upgrade, if you have your own version
of /etc/shorewall/rfc1918, you may have to take special action to restore it
after the upgrade. Look for /etc/shorewall/rfc1918*, locate the proper file
and rename it back to /etc/shorewall/rfc1918. The contents of that file will
supercede the contents of /usr/share/shorewall/rfc1918.
Template: shorewall/upgrade_20_22
Type: boolean
Description: Did you check your configuration and do you want to restart Shorewall right now?
This is a major release of Shorewall that introduces some changes in the
configuration files. You have to check carefully your configuration before
restarting your firewall to avoid failures and network blackout. The changes
are listed in /usr/share/doc/shorewall/releasenotes.txt.gz.
Template: shorewall/warnrfc1918
Type: note
Description: Possible out-of-date rfc1918 configration file
The file rfc1918 has been found in your shorewall configuration
directory. It probably comes from an upgrade from a previous
version. Note that the file has now been replaced by rfc1918 and
bogons, the former is only used to list private network
addresses and the latter is used to list unassigned addresses
and must be kept up-to-date; previously rfc1918 was used for
both kind of addresses. It is strongly recommended to remove the file
from the configuration directory and let shorewall to use its default
one (located at /usr/share/shorewall/).

24
Shorewall-common/default.debian
View File

@ -1,24 +0,0 @@
# prevent startup with default configuration
# set the following varible to 1 in order to allow Shorewall to start
startup=0
# if your Shorewall configuration requires detection of the ip address of a ppp
# interface, you must list such interfaces in "wait_interface" to get Shorewall to
# wait until the interface is configured. Otherwise the script will fail because
# it won't be able to detect the IP address.
#
# Example:
# wait_interface="ppp0"
# or
# wait_interface="ppp0 ppp1"
# or, if you have defined in /etc/shorewall/params
# wait_interface=
#
# Startup options
#
OPTIONS=""
# EOF

22
Shorewall-lite/default.debian
View File

@ -1,22 +0,0 @@
# prevent startup with default configuration
# set the following varible to 1 in order to allow Shorewall to start
startup=0
# if your Shorewall configuration requires detection of the ip address of a ppp
# interface, you must list such interfaces in "wait_interface" to get Shorewall to
# wait until the interface is configured. Otherwise the script will fail because
# it won't be able to detect the IP address.
#
# Example:
# wait_interface="ppp0"
# or
# wait_interface="ppp0 ppp1"
#
# Startup options
#
OPTIONS=""
# EOF