diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index f65502e5f..4613615a2 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -13,4 +13,21 @@ Change in 2.0.6 1) Add PKTTYPE option. shorewall.conf - firewall \ No newline at end of file + firewall + +2) Sanitized some correct but confusing code in determine_hosts(). + + There was a loop: + + for networks in $networks + ... + + It now reads: + + for network in $networks + ... + + +3) Don't give shorewall.conf and zones execute permission. + + diff --git a/STABLE2/firewall b/STABLE2/firewall index 748b2f9fc..dd25563b8 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -670,15 +670,15 @@ determine_hosts() { networks=0.0.0.0/0 fi - for networks in $networks; do + for network in $networks; do if [ -z "$hosts" ]; then - hosts=$interface:$networks + hosts=$interface:$network else - hosts="$hosts $interface:$networks" + hosts="$hosts $interface:$network" fi if interface_has_option $interface routeback; then - eval ${zone}_routeback=\"$interface:$networks \$${zone}_routeback\" + eval ${zone}_routeback=\"$interface:$network \$${zone}_routeback\" fi done done diff --git a/STABLE2/install.sh b/STABLE2/install.sh index 9ed5562c7..17768209f 100755 --- a/STABLE2/install.sh +++ b/STABLE2/install.sh @@ -185,7 +185,7 @@ mkdir -p ${PREFIX}/var/lib/shorewall && chmod 700 ${PREFIX}/var/lib/shorewal if [ -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then backup_file /etc/shorewall/shorewall.conf else - run_install -o $OWNER -g $GROUP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf + run_install -o $OWNER -g $GROUP -m 0600 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf echo echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf" fi @@ -195,7 +195,7 @@ fi if [ -f ${PREFIX}/etc/shorewall/zones ]; then backup_file /etc/shorewall/zones else - run_install -o $OWNER -g $GROUP -m 0744 zones ${PREFIX}/etc/shorewall/zones + run_install -o $OWNER -g $GROUP -m 0600 zones ${PREFIX}/etc/shorewall/zones echo echo "Zones file installed as ${PREFIX}/etc/shorewall/zones" fi diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index 50a0f550b..5dbfedf7b 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -25,4 +25,7 @@ Problems Corrected in version 2.0.6 Users experiencing this problem can use PKTTYPE=No in shorewall.conf to cause Shorewall to use IP address filtering of - broadcasts rather than packet type. \ No newline at end of file + broadcasts rather than packet type. + +2) The shorewall.conf and zones file are no longer given execute + permission by the installer script.