holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update version

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9697 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-17 18:51:17 +00:00
parent f91a5dbf0c
commit 5ea4f651eb
17 changed files with 102 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-lite/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall-lite/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

4
Shorewall-lite/shorewall-lite.spec
View File

@ -1,5 +1,5 @@
%define name shorewall-lite %define name shorewall-lite
%define version 4.3.7 %define version 4.3.8
%define release 0base %define release 0base
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
@ -98,6 +98,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.8-0base
* Sun Mar 01 2009 Tom Eastep tom@shorewall.net * Sun Mar 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.7-0base - Updated to 4.3.7-0base
* Fri Feb 27 2009 Tom Eastep tom@shorewall.net * Fri Feb 27 2009 Tom Eastep tom@shorewall.net

2
Shorewall-lite/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in Shorewall 4.3.8
None.
Changes in Shorewall 4.3.7 Changes in Shorewall 4.3.7
1) Fix forward treatment of interface options. 1) Fix forward treatment of interface options.

2
Shorewall/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

188
Shorewall/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 4.3.7 Shorewall 4.3.8
Shorewall 4.3 is the development thread for Shorewall 4.4 which will be Shorewall 4.3 is the development thread for Shorewall 4.4 which will be
released late in 2009. released late in 2009.
@ -36,49 +36,10 @@ released late in 2009.
continues to be supported. continues to be supported.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 3 . 7 P R O B L E M S C O R R E C T E D I N 4 . 3 . 8
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
1) Klemens Rutz reported a problem that affects all Shorewall-perl 4.2 None.
and 4.3 versions.
The problem:
a) Only occurs when there are more than one non-firewall zone.
b) Results in the following interface options not being applied to
forwarded traffic.
blacklist
dhcp
maclist (when MACLIST_TABLE=filter)
norfc1918
nosmurfs
tcpflags
2) Matt LaPlante reported a problem whereby a valid DNAT- rule was
badly mis-handled.
The rule:
DNAT- loc net:1.2.3.4:2525 tcp 25
The result:
WARNING: Destination zone (1.2.3.4) ignored : /etc/shorewall/rules (line 459)
Can't call method "inet_htoa" without a package or object reference at
/usr/share/shorewall-perl/Shorewall/IPAddrs.pm line 150,
<$currentfile> line 459.
3) Previously, OPTIONS were not allowed with a bridge port in
/etc/shorewall/interfaces. That oversight has been corrected and
now the following OPTIONS are allowed:
blacklist
maclist
norfc1918
nosmurfs
routeback
tcpflags
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G K N O W N P R O B L E M S R E M A I N I N G
@ -87,79 +48,10 @@ released late in 2009.
None. None.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 3 . 7 N E W F E A T U R E S I N 4 . 3 . 8
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
1) The file /var/lib/shorewall/.restore has been renamed to None.
/var/lib/shorewall/firewall. A similar change has been made in
Shorewall6.
When a successful start or restart is completed, the script that
executed the command copies itself to to
/var/lib/shorewall[6/firewall.
2) Dynamic zone support is once again available for IPv4. This support
is built on top of ipsets so you must have installed the
xtable-addons.
Dynamic zones are available when Shorewall-lite is used as well.
Note that the dynamic zone support built into Shorewall provides no
additional functionality over what is provided by simply defining a
zone in terms of an ipset (see
http://www1.shorewall.net/ipsets.html#Dynamic).
You define a zone as having dynamic content in one of two ways:
- By specifying nets=dynamic in the OPTIONS column of an entry for
the zone in /etc/shorewall/interfaces; or
- By specifying <interface>:dynamic in the HOST(S) column of an
entry for the zone in /etc/shorewall/hosts.
When there are any dynamic zones present in your configuration,
Shorewall (Shorewall-lite) will:
a) Execute the following commands during 'shorewall start' or
'shorewall-lite start'.
ipset -U :all: :all:
ipset -U :all: :default:
ipset -F
ipset -X
ipset -R < ${VARDIR}/ipsets.save
where $VARDIR normally contains /var/lib/shorewall
(/var/lib/shorewall-lite) but may be modified by
/etc/shorewall/vardir (/etc/shorewall-lite/vardir).
b) During 'start', 'restart' and 'restore' processing, Shorewall
will then attempt to create an ipset named <zone>_<interface>
for each zone/interface pair that has been specified as
dynamic. The type of ipset created is 'iphash' so that only
individual IPv4 addresses may be added to the set.
c) Execute the following commands during 'shorewall stop' or
'shorewall-lite stop':
if ipset -S > ${VARDIR}/ipsets.tmp; then
mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
fi
The 'shorewall add' and 'shorewall delete' commands are supported
with their original syntax:
add <interface>[:<host-list>] ... <zone>
delete <interface>[:<host-list>] ... <zone>
In addition, the 'show dynamic' command is added that lists the dynamic
content of a zone.
show dynamic <zone>
These commands are supported by shorewall-lite as well.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 3 N E W F E A T U R E S IN 4 . 3
@ -257,3 +149,73 @@ None.
Important note: SAME only works with providers that have the Important note: SAME only works with providers that have the
'track' option specified in /etc/shorewall/providers. 'track' option specified in /etc/shorewall/providers.
4) The file /var/lib/shorewall/.restore has been renamed to
/var/lib/shorewall/firewall. A similar change has been made in
Shorewall6.
When a successful start or restart is completed, the script that
executed the command copies itself to to
/var/lib/shorewall[6/firewall.
5) Dynamic zone support is once again available for IPv4. This support
is built on top of ipsets so you must have installed the
xtable-addons.
Dynamic zones are available when Shorewall-lite is used as well.
Note that the dynamic zone support built into Shorewall provides no
additional functionality over what is provided by simply defining a
zone in terms of an ipset (see
http://www1.shorewall.net/ipsets.html#Dynamic).
You define a zone as having dynamic content in one of two ways:
- By specifying nets=dynamic in the OPTIONS column of an entry for
the zone in /etc/shorewall/interfaces; or
- By specifying <interface>:dynamic in the HOST(S) column of an
entry for the zone in /etc/shorewall/hosts.
When there are any dynamic zones present in your configuration,
Shorewall (Shorewall-lite) will:
a) Execute the following commands during 'shorewall start' or
'shorewall-lite start'.
ipset -U :all: :all:
ipset -U :all: :default:
ipset -F
ipset -X
ipset -R < ${VARDIR}/ipsets.save
where $VARDIR normally contains /var/lib/shorewall
(/var/lib/shorewall-lite) but may be modified by
/etc/shorewall/vardir (/etc/shorewall-lite/vardir).
b) During 'start', 'restart' and 'restore' processing, Shorewall
will then attempt to create an ipset named <zone>_<interface>
for each zone/interface pair that has been specified as
dynamic. The type of ipset created is 'iphash' so that only
individual IPv4 addresses may be added to the set.
c) Execute the following commands during 'shorewall stop' or
'shorewall-lite stop':
if ipset -S > ${VARDIR}/ipsets.tmp; then
mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
fi
The 'shorewall add' and 'shorewall delete' commands are supported
with their original syntax:
add <interface>[:<host-list>] ... <zone>
delete <interface>[:<host-list>] ... <zone>
In addition, the 'show dynamic' command is added that lists the dynamic
content of a zone.
show dynamic <zone>
These commands are supported by shorewall-lite as well.

4
Shorewall/shorewall.spec
View File

@ -1,5 +1,5 @@
%define name shorewall %define name shorewall
%define version 4.3.7 %define version 4.3.8
%define release 0base %define release 0base
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -172,6 +172,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog %changelog
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.8-0base
* Sun Mar 01 2009 Tom Eastep tom@shorewall.net * Sun Mar 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.7-0base - Updated to 4.3.7-0base
* Fri Feb 27 2009 Tom Eastep tom@shorewall.net * Fri Feb 27 2009 Tom Eastep tom@shorewall.net

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall6-lite/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall6-lite/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

4
Shorewall6-lite/shorewall6-lite.spec
View File

@ -1,5 +1,5 @@
%define name shorewall6-lite %define name shorewall6-lite
%define version 4.3.7 %define version 4.3.8
%define release 0base %define release 0base
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
@ -89,6 +89,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.8-0base
* Sun Mar 01 2009 Tom Eastep tom@shorewall.net * Sun Mar 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.7-0base - Updated to 4.3.7-0base
* Fri Feb 27 2009 Tom Eastep tom@shorewall.net * Fri Feb 27 2009 Tom Eastep tom@shorewall.net

2
Shorewall6-lite/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall6/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

2
Shorewall6/install.sh
View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {

4
Shorewall6/shorewall6.spec
View File

@ -1,5 +1,5 @@
%define name shorewall6 %define name shorewall6
%define version 4.3.7 %define version 4.3.8
%define release 0base %define release 0base
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
@ -144,6 +144,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog %changelog
* Tue Mar 17 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.8-0base
* Sun Mar 01 2009 Tom Eastep tom@shorewall.net * Sun Mar 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.3.7-0base - Updated to 4.3.7-0base
* Fri Feb 27 2009 Tom Eastep tom@shorewall.net * Fri Feb 27 2009 Tom Eastep tom@shorewall.net

2
Shorewall6/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.3.7 VERSION=4.3.8
usage() # $1 = exit status usage() # $1 = exit status
{ {