From 6f0f82e8c183897328333c42bedf0250b5d6029a Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 13 Feb 2004 17:30:24 +0000
Subject: [PATCH] Add action.AllowPCA and a comment for the terminally stupid

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1138 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/actions.std    | 1 +
 Shorewall2/changelog.txt  | 2 ++
 Shorewall2/rules          | 5 ++++-
 Shorewall2/shorewall.spec | 3 +++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Shorewall2/actions.std b/Shorewall2/actions.std
index 7c461c186..b0762caec 100644
--- a/Shorewall2/actions.std
+++ b/Shorewall2/actions.std
@@ -35,6 +35,7 @@ AllowRdate	#Allow remote time (rdate).
 AllowNNTP	#Allow network news (Usenet).
 AllowTrcrt	#Allows Traceroute (20 hops)
 AllowSNMP	#Allows SNMP (including traps)
+AllowPCA        #Allows PCAnywhere (tm)
 
 Drop:DROP	#Common Action for DROP policy
 Reject:REJECT   #Common Action for REJECT policy
diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index c2fd56bdb..0c8dee73d 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -36,3 +36,5 @@ Changes since 1.4.10
 17) Make "trace" a synonym for "debug"
 
 18) Add the ":noah" option to IPSEC tunnels.
+
+19) Added a comment to the rules file to aid users who are terminally stupid.
diff --git a/Shorewall2/rules b/Shorewall2/rules
index 8311cfc25..294bb3fc9 100755
--- a/Shorewall2/rules
+++ b/Shorewall2/rules
@@ -4,7 +4,10 @@
 # /etc/shorewall/rules
 #
 #	Rules in this file govern connection establishment. Requests and
-#	responses are automatically allowed using connection tracking.
+#	responses are automatically allowed using connection tracking. For any
+#       particular (source,dest) pair of zones, the rules are evaluated in the
+#       order in which they appear in this file and the first match is the one
+#       that determines the disposition of the request.
 #
 #	In most places where an IP address or subnet is allowed, you
 #	can preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to
diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec
index 5ffdcbdab..a2e3f04b9 100644
--- a/Shorewall2/shorewall.spec
+++ b/Shorewall2/shorewall.spec
@@ -104,6 +104,7 @@ fi
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowIMAP
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNNTP
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowNTP
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPCA
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPing
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowPOP3
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/action.AllowRdate
@@ -135,6 +136,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Thu Feb 12 2004 Tom Eastep <tom@shorewall.net>
+- Added action.AllowPCA
 * Sun Feb 08 2004 Tom Eastep <tom@shorewall.net>
 - Updates for Shorewall 2.0.0.
 * Mon Dec 29 2003 Tom Eastep <tom@shorewall.net>