From 8bf7e8e7b40399faa649e9f110fb3496a2ab3653 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 19 May 2003 23:28:37 +0000 Subject: [PATCH] Changes for 1.4.3a git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@559 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 4 ++++ Shorewall/common.def | 1 + Shorewall/fallback.sh | 2 +- Shorewall/install.sh | 2 +- Shorewall/releasenotes.txt | 16 ++++++++++++++++ Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- 7 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index a35507633..29425d6ba 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -7,3 +7,7 @@ Changes since 1.4.2 3. Added $LOGMARKER for fireparse support +4. Return more appropriate ICMP responses if the systems supports them. + +5. Silently drop UDP 135 in common.def. + diff --git a/Shorewall/common.def b/Shorewall/common.def index ef0b4a554..5e1ce0657 100644 --- a/Shorewall/common.def +++ b/Shorewall/common.def @@ -16,6 +16,7 @@ run_iptables -A common -p icmp -j icmpdef ############################################################################ # NETBIOS chatter # +run_iptables -A common -p udp --dport 135 -j reject run_iptables -A common -p udp --dport 137:139 -j reject run_iptables -A common -p udp --dport 445 -j reject run_iptables -A common -p tcp --dport 139 -j reject diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh index 8c9cd5152..c0e2744cd 100755 --- a/Shorewall/fallback.sh +++ b/Shorewall/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=1.4.3 +VERSION=1.4.3a usage() # $1 = exit status { diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 910bb8923..8d5a62d45 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=1.4.3 +VERSION=1.4.3a usage() # $1 = exit status { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 35bb2a1d7..48c70abe5 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -19,3 +19,19 @@ New Features: (http://www.fireparse.com) by setting LOGMARKER="fp=" in /etc/shorewall/shorewall.conf. Note: You may not use ULOG with fireparse unless you modify fireparse. + +3) If you are running iptables 1.2.7a and kernel 2.4.20, then + Shorewall will return reject replies as follows: + + a) tcp - RST + b) udp - ICMP port unreachable + c) icmp - ICMP host unreachable + d) Otherwise - ICMP host prohibited + + If you are running earlier software, Shorewall will follow it's + traditional convention: + + a) tcp - RST + b) Otherwise - ICMP port unreachable + +4) UDP Port 135 is now silently dropped in the common.def chain. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 5c359345b..77d3ed105 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 1.4.3 +%define version 1.4.3a %define release 1 %define prefix /usr @@ -105,6 +105,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Mon May 19 2003 Tom Eastep +- Changed version to 1.4.3a-1 * Sun May 18 2003 Tom Eastep - Changed version to 1.4.3-1 * Mon Apr 07 2003 Tom Eastep diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index bf1ea7dad..fa6541f73 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=1.4.3 +VERSION=1.4.3a usage() # $1 = exit status {