forked from extern/shorewall_code
Initialize 4.4.3
This commit is contained in:
Tom Eastep
parent
065808be16
commit
964cba79a9
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%define name shorewall-lite
|
||||
%define version 4.4.2
|
||||
%define version 4.4.3
|
||||
%define release 0base
|
||||
|
||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||
@ -98,6 +98,8 @@ fi
|
||||
%doc COPYING changelog.txt releasenotes.txt
|
||||
|
||||
%changelog
|
||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.3-0base
|
||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.2-0base
|
||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -328,7 +328,7 @@ sub initialize( $ ) {
|
||||
TC_SCRIPT => '',
|
||||
EXPORT => 0,
|
||||
UNTRACKED => 0,
|
||||
VERSION => "4.4.2",
|
||||
VERSION => "4.4.3",
|
||||
CAPVERSION => 40402 ,
|
||||
);
|
||||
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
Changes in Shorewall 4.4.3
|
||||
|
||||
None.
|
||||
|
||||
Changes in Shorewall 4.4.2
|
||||
|
||||
1) BUGFIX: Correct detection of Persistent SNAT support
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -1 +1 @@
|
||||
There are no known problems in Shorewall version 4.4.2
|
||||
There are no known problems in Shorewall version 4.4.3
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
Shorewall 4.4.2
|
||||
Shorewall 4.4.3
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
@ -170,58 +170,10 @@ Shorewall 4.4.2
|
||||
then it may have no additional members in /etc/shorewall/hosts.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Detection of Persistent SNAT was broken in the rules compiler.
|
||||
|
||||
2) Initialization of the compiler's chain table was occurring before
|
||||
shorewall.conf had been read and before the capabilities had been
|
||||
determined. This could lead to incorrect rules and Perl runtime
|
||||
errors.
|
||||
|
||||
3) The 'shorewall check' command previously did not detect errors in
|
||||
/etc/shorewall/routestopped.
|
||||
|
||||
4) In earlier versions, if a file with the same name as a built-in
|
||||
action were present in the CONFIG_PATH, then the compiler would
|
||||
process that file like it was an extension script.
|
||||
|
||||
The compiler now ignores the presence of such files.
|
||||
|
||||
5) Several configuration issues which previously produced an error or
|
||||
warning are now handled differently.
|
||||
|
||||
a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
|
||||
handled as they were by the old shell-based compiler. That is,
|
||||
they cause pre-3.0 built-in actions to be mapped automatically
|
||||
to the corresponding macro invocation.
|
||||
|
||||
b) SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a
|
||||
warning.
|
||||
|
||||
c) DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now
|
||||
a warning.
|
||||
|
||||
d) RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
|
||||
a warning.
|
||||
|
||||
6) Previously, it was not possible to specify an IP address range in
|
||||
ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
|
||||
for the patch.
|
||||
|
||||
7) The 'wait4ifup' script included for Debian compatibility now runs
|
||||
correctly with no PATH.
|
||||
|
||||
8) The new per-IP LIMIT feature now works with ancient iptables
|
||||
releases (e.g., 1.3.5 as found on RHEL 5). This change required
|
||||
testing for an additional capability which means that those who use
|
||||
a capabilities file should regenerate that file after installing
|
||||
4.4.2.
|
||||
|
||||
9) One unintended difference between Shorewall-shell and
|
||||
Shorewall-perl was that Shorewall-perl did not support the MARK
|
||||
column in action bodies. This has been corrected.
|
||||
None.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
K N O W N P R O B L E M S R E M A I N I N G
|
||||
@ -230,38 +182,10 @@ Shorewall 4.4.2
|
||||
None.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S I N 4 . 4 . 2
|
||||
N E W F E A T U R E S I N 4 . 4 . 3
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Prior to this release, line continuation has taken precedence over
|
||||
#-style comments. This prevented us from doing the following:
|
||||
|
||||
ACCEPT net:206.124.146.176,\ #Gateway
|
||||
206.124.146.177,\ #Mail
|
||||
206.124.146.178\ #Server
|
||||
...
|
||||
|
||||
Now, unless a line ends with '\', any trailing comment is stripped
|
||||
off (including any white-space preceding the '#'). Then if the line
|
||||
ends with '\', it is treated as a continuation line as normal.
|
||||
|
||||
2) Three new columns have been added to FORMAT-2 macro bodies.
|
||||
|
||||
MARK
|
||||
CONNLIMIT
|
||||
TIME
|
||||
|
||||
These three columns correspond to the similar columns in
|
||||
/etc/shorewall/rules and must be empty in macros invoked from an
|
||||
action.
|
||||
|
||||
3) Accounting chains may now have extension scripts. Simply place your
|
||||
Perl script in the file /etc/shorewall/<chain> and when the
|
||||
accounting chain named <chain> is created, your script will be
|
||||
invoked.
|
||||
|
||||
As usual, the variable $chainref will contain a reference to the
|
||||
chain's table entry.
|
||||
None.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S I N 4 . 4 . 0
|
||||
@ -1005,3 +929,91 @@ None.
|
||||
5) A flaw in the parsing logic for the zones file allowed most zone
|
||||
types containing the character string 'ip' to be accepted as a
|
||||
synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration).
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Detection of Persistent SNAT was broken in the rules compiler.
|
||||
|
||||
2) Initialization of the compiler's chain table was occurring before
|
||||
shorewall.conf had been read and before the capabilities had been
|
||||
determined. This could lead to incorrect rules and Perl runtime
|
||||
errors.
|
||||
|
||||
3) The 'shorewall check' command previously did not detect errors in
|
||||
/etc/shorewall/routestopped.
|
||||
|
||||
4) In earlier versions, if a file with the same name as a built-in
|
||||
action were present in the CONFIG_PATH, then the compiler would
|
||||
process that file like it was an extension script.
|
||||
|
||||
The compiler now ignores the presence of such files.
|
||||
|
||||
5) Several configuration issues which previously produced an error or
|
||||
warning are now handled differently.
|
||||
|
||||
a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
|
||||
handled as they were by the old shell-based compiler. That is,
|
||||
they cause pre-3.0 built-in actions to be mapped automatically
|
||||
to the corresponding macro invocation.
|
||||
|
||||
b) SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a
|
||||
warning.
|
||||
|
||||
c) DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now
|
||||
a warning.
|
||||
|
||||
d) RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
|
||||
a warning.
|
||||
|
||||
6) Previously, it was not possible to specify an IP address range in
|
||||
ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
|
||||
for the patch.
|
||||
|
||||
7) The 'wait4ifup' script included for Debian compatibility now runs
|
||||
correctly with no PATH.
|
||||
|
||||
8) The new per-IP LIMIT feature now works with ancient iptables
|
||||
releases (e.g., 1.3.5 as found on RHEL 5). This change required
|
||||
testing for an additional capability which means that those who use
|
||||
a capabilities file should regenerate that file after installing
|
||||
4.4.2.
|
||||
|
||||
9) One unintended difference between Shorewall-shell and
|
||||
Shorewall-perl was that Shorewall-perl did not support the MARK
|
||||
column in action bodies. This has been corrected.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S I N 4 . 4 . 2
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Prior to this release, line continuation has taken precedence over
|
||||
#-style comments. This prevented us from doing the following:
|
||||
|
||||
ACCEPT net:206.124.146.176,\ #Gateway
|
||||
206.124.146.177,\ #Mail
|
||||
206.124.146.178\ #Server
|
||||
...
|
||||
|
||||
Now, unless a line ends with '\', any trailing comment is stripped
|
||||
off (including any white-space preceding the '#'). Then if the line
|
||||
ends with '\', it is treated as a continuation line as normal.
|
||||
|
||||
2) Three new columns have been added to FORMAT-2 macro bodies.
|
||||
|
||||
MARK
|
||||
CONNLIMIT
|
||||
TIME
|
||||
|
||||
These three columns correspond to the similar columns in
|
||||
/etc/shorewall/rules and must be empty in macros invoked from an
|
||||
action.
|
||||
|
||||
3) Accounting chains may now have extension scripts. Simply place your
|
||||
Perl script in the file /etc/shorewall/<chain> and when the
|
||||
accounting chain named <chain> is created, your script will be
|
||||
invoked.
|
||||
|
||||
As usual, the variable $chainref will contain a reference to the
|
||||
chain's table entry.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%define name shorewall
|
||||
%define version 4.4.2
|
||||
%define version 4.4.3
|
||||
%define release 0base
|
||||
|
||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||
@ -104,6 +104,8 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||
|
||||
%changelog
|
||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.3-0base
|
||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.2-0base
|
||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%define name shorewall6-lite
|
||||
%define version 4.4.2
|
||||
%define version 4.4.3
|
||||
%define release 0base
|
||||
|
||||
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
||||
@ -89,6 +89,8 @@ fi
|
||||
%doc COPYING changelog.txt releasenotes.txt
|
||||
|
||||
%changelog
|
||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.3-0base
|
||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.2-0base
|
||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%define name shorewall6
|
||||
%define version 4.4.2
|
||||
%define version 4.4.3
|
||||
%define release 0base
|
||||
|
||||
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
||||
@ -93,6 +93,8 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
||||
|
||||
%changelog
|
||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.3-0base
|
||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.2-0base
|
||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.2
|
||||
VERSION=4.4.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user