diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index f3c9bcab9..d78fa2ea1 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,7 @@ +Changes in 3.4.1 + +1) Add rest of proxy arp fix. + Changes in 3.4.0 Final 1) Add missing logic for "!" rules. diff --git a/Shorewall/compiler b/Shorewall/compiler index 4938c5131..233d28350 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -4627,12 +4627,12 @@ __EOF__ [ -z "\${haveroute}\${NOROUTES}" ] && qt ip route del \$address dev \$interface done < \${VARDIR}/proxyarp - rm -f \${VARDIR}/proxyarp + for f in /proc/sys/net/ipv4/conf/*; do + [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp + done fi - for f in /proc/sys/net/ipv4/conf/*; do - [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp - done + rm -f \${VARDIR}/proxyarp __EOF__ [ -n "$CLEAR_TC" ] && save_command "delete_tc1" diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 5e49850db..9bdd464c3 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.4.0 +Shorewall 3.4.1 Release Highlights @@ -28,24 +28,14 @@ Release Highlights /etc/shorewall/route_rules and reverses those changes when appropriate. -Problems Corrected in 3.4.0 Final. +Problems Corrected in 3.4.1 -1) In the rules file, following the action with "!" is supposed to - exempt the rule from being suppressed by OPTIMIZE=1. That feature - was not working. - -2) If both a macro body and a macro invocation contained an entry in the - SOURCE or DEST column, then compilation failed with the error: - - merge_macro_source_dest: command not found - -3) An obscure bug in rule activation having to do with the new - exclusion feature in /etc/shorewall/hosts has been corrected. - -4) The "shorewall-[lite] [re]start and stop" commands reset the +1) The "shorewall-[lite] [re]start and stop" commands reset the proxy_arp flag on all interfaces on the system making it impossible - to control proxy arp manually with Shorewall installed. With this - change, shorewall will only clear proxy arp if there were entries in + to control proxy arp manually with Shorewall installed. There was a + partial fix included in 3.4.0; unfortunately, it did not correct the + problem completely. Shorewall 3.4.1 includes the rest of the change + necessarey to only clear proxy arp if there were entries in /etc/shorewall/proxyarp the last time that Shorewall was [re]started.