Shorewall-2.0.3c

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1433 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Lrp2/usr/share/shorewall/firewall

@@ -1278,7 +1278,7 @@ stop_firewall() {
 
     [ -n "$NAT_ENABLED" ] && delete_nat
     delete_proxy_arp
-    [ -n "$CLEAR_TC" ] && delete_tc
+    [ -n "$CLEAR_TC" ] && delete_tc1
 
     [ -n "$DISABLE_IPV6" ] && disable_ipv6
 
@@ -1363,7 +1363,16 @@ stop_firewall() {
 	iptables -A FORWARD -p udp -i $interface -o $interface --dport 67:68 -j ACCEPT
     done
 
-    setup_forwarding
+    case "$IP_FORWARDING" in
+    [Oo][Nn])
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	echo "IP Forwarding Enabled"
+	;;
+    [Oo][Ff][Ff])
+	echo 0 > /proc/sys/net/ipv4/ip_forward
+	echo "IP Forwarding Disabled!"
+	;;
+    esac
 
     run_user_exit stopped
 
@@ -2163,6 +2172,29 @@ delete_tc()
     done
 }
 
+delete_tc1()
+{
+
+    clear_one_tc() {
+	tc qdisc del dev $1 root 2> /dev/null
+	tc qdisc del dev $1 ingress 2> /dev/null
+
+    }
+
+    run_user_exit tcclear
+
+    run_ip link list | \
+    while read inx interface details; do
+	case $inx in
+	    [0-9]*)
+		clear_one_tc ${interface%:}
+		;;
+	    *)
+		;;
+	esac
+    done
+}
+
 #
 # Process a record from the accounting file
 #
@@ -2385,7 +2417,7 @@ refresh_tc() {
 
     echo "Refreshing Traffic Control Rules..."
 
-    [ -n "$CLEAR_TC" ] && delete_tc
+    [ -n "$CLEAR_TC" ] && delete_tc1
 
     [ -n "$MARK_IN_FORWARD_CHAIN" ] && chain=tcfor || chain=tcpre
 
@@ -5515,7 +5547,7 @@ define_firewall() # $1 = Command (Start or Restart)
 
     RESTOREBASE=$(mktempfile /var/lib/shorewall)
 
-    [ -n "$RESTOREBASE" ] || fatal_error "Cannot create temporary file in /var/lib/shorewall"
+    [ -n "$RESTOREBASE" ] || startup_error "Cannot create temporary file in /var/lib/shorewall"
 
     echo '#bin/sh' >> $RESTOREBASE
     save_command "#"

Lrp2/usr/share/shorewall/version

@@ -1 +1 @@
-2.0.3b
+2.0.3c

Shorewall-docs2/IPSEC.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-06-08</pubdate>
+    <pubdate>2004-07-01</pubdate>
 
     <copyright>
       <year>2001-2004</year>
@@ -202,6 +202,10 @@ conn packetdefault
     <para><emphasis role="bold">If you are running kernel 2.6:</emphasis></para>
 
     <blockquote>
+      <para><emphasis role="bold">It is essential that the
+      <emphasis>vpn</emphasis> zone be declared before the
+      <emphasis>net</emphasis> zone in <filename>/etc/shorewall/zones</filename>.</emphasis></para>
+
       <para>Remember the assumption that both systems A and B have eth0 as
       their internet interface.</para>
 

Shorewall-docs2/errata.xml

@@ -13,7 +13,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-06-30</pubdate>
+    <pubdate>2004-07-02</pubdate>
 
     <copyright>
       <year>2001-2004</year>
@@ -87,6 +87,25 @@
   <section>
     <title>Problems in Version 2.0</title>
 
+    <section>
+      <title>Shorewall 2.0.3a and 2.0.3b</title>
+
+      <itemizedlist>
+        <listitem>
+          <para>Error messages regarding $RESTOREBASE occur during <emphasis
+          role="bold">shorewall stop</emphasis>.</para>
+        </listitem>
+
+        <listitem>
+          <para>If CLEAR_TC=Yes in <filename>shorewall.conf</filename>,
+          <emphasis role="bold">shorewall stop</emphasis> fails without
+          removing the lock file.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>These problems are corrected in Shorewall version 2.0.3c.</para>
+    </section>
+
     <section>
       <title>Shorewall 2.0.3a</title>