Update release documentation for Shorewall 2.5.2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2505 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=2.5.1
+VERSION=2.5.2
 
 usage() # $1 = exit status
 {

Shorewall/firewall

@@ -4827,7 +4827,7 @@ process_rule() # $1 = target
     #	 cport		= Source Port
     #	 multioption	= String to invoke multiport match if appropriate
     #	 servport	= Port the server listens on
-    #	 chain		= The canonical chain for this rule or an exclusion chain
+    #	 chain		= The canonical chain for this rule
     #	 logchain	= The chain that should be mentioned in log messages
     #	 ratelimit	= Optional rate limiting clause
     #	 userandgroup	= -m owner clause

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
 #
 
-VERSION=2.5.1
+VERSION=2.5.2
 
 usage() # $1 = exit status
 {

Shorewall/releasenotes.txt

@@ -1,4 +1,55 @@
-Shorewall 2.5.1
+Shorewall 2.5.2
+
+Problems Corrected in 2.5.2:
+
+1) You may now include port lists in in the /etc/shorewall/accounting
+   file.
+
+2) The packet type match capability is now correctly reported when
+   PKTTYPE=No in /etc/shorewall/shorewall.conf.
+
+New Features in Shorewall 2.5.2
+
+1)  A new FASTACCEPT option has been added to shorewall.conf.
+
+    Normally, Shorewall accepting ESTABLISHED/RELATED packets until
+    these packets reach the chain in which the original connection was
+    accepted. So for packets going from the 'loc' zone to the 'net'
+    zone, ESTABLISHED/RELATED packets are ACCEPTED in the 'loc2net'
+    chain.
+
+    If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets are
+    accepted early in the INPUT, FORWARD and OUTPUT chains. If you set
+    FASTACCEPT=Yes then you may not specify ESTABLISHED policies in 
+    /etc/shorewall/policy (see above).
+
+2)  Shorewall not generates an error if the 'norfc1918' option is
+    specified for an interface with an RFC 1918 address.
+
+3)  You may now specify "!" followed by a list of addresses in the
+    SOURCE and DEST columns of entries in /etc/shorewall/rules and
+    Shorewall will generate the rule that you expect.
+
+    Example 1:
+
+    #ACTION    SOURCE			DEST	PROTO     DEST PORT(S)
+    ACCEPT     loc:!192.168.1.0/24,10.0.0.0/8 \
+					net	tcp	  80
+
+    That rule would allow loc->net HTTP access except for the local
+    networks 192.168.1.0/24 and 10.0.0.0/8.
+
+    Example 2:
+
+    #ACTION    SOURCE                   DEST    PROTO    DEST PORT(S)
+    ACCEPT     loc:192.168.1.0/24!192.168.1.3,192.168.1.10 \
+                                        net	tcp	 80
+
+    This rule allows loc->net HTTP access to the 192.168.1.0/24
+    network except for hosts 192.168.1.3 and 192.168.1.10.
+
+4)  /proc/version has been added to the output of the "shorewall dump"
+    command.
 
 Problems Corrected in 2.5.1:
 

Shorewall/shorewall.spec

@@ -1,5 +1,5 @@
 %define name shorewall
-%define version 2.5.1
+%define version 2.5.2
 %define release 1
 %define prefix /usr
 
@@ -154,6 +154,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
 
 %changelog
+* Tue Aug 16 2005 Tom Eastep tom@shorewall.net
+- Updated to 2.5.2-1
 * Sun Aug 07 2005 Tom Eastep tom@shorewall.net
 - Updated to 2.5.1-1
 * Tue Jul 26 2005 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=2.5.1
+VERSION=2.5.2
 
 usage() # $1 = exit status
 {