From 964cba79a9211cdd2d5df45a0befb6a3a5849487 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 2 Oct 2009 11:31:08 -0700 Subject: [PATCH] Initialize 4.4.3 --- Shorewall-lite/fallback.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +- Shorewall-lite/uninstall.sh | 2 +- Shorewall/Perl/Shorewall/Config.pm | 2 +- Shorewall/changelog.txt | 4 + Shorewall/install.sh | 2 +- Shorewall/known_problems.txt | 2 +- Shorewall/releasenotes.txt | 174 ++++++++++++++------------- Shorewall/shorewall.spec | 4 +- Shorewall/uninstall.sh | 2 +- Shorewall6-lite/fallback.sh | 2 +- Shorewall6-lite/install.sh | 2 +- Shorewall6-lite/shorewall6-lite.spec | 4 +- Shorewall6-lite/uninstall.sh | 2 +- Shorewall6/fallback.sh | 2 +- Shorewall6/install.sh | 2 +- Shorewall6/shorewall6.spec | 4 +- Shorewall6/uninstall.sh | 2 +- 19 files changed, 122 insertions(+), 98 deletions(-) diff --git a/Shorewall-lite/fallback.sh b/Shorewall-lite/fallback.sh index 1348c66bc..f679469e7 100755 --- a/Shorewall-lite/fallback.sh +++ b/Shorewall-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 2d96e541c..de2d35456 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index 00b7653c0..5e7144f07 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,5 +1,5 @@ %define name shorewall-lite -%define version 4.4.2 +%define version 4.4.3 %define release 0base Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -98,6 +98,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri Oct 02 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.3-0base * Sun Sep 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Sep 04 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 1fff5a888..500833ab9 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 2a8ccd174..a0b5a9990 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -328,7 +328,7 @@ sub initialize( $ ) { TC_SCRIPT => '', EXPORT => 0, UNTRACKED => 0, - VERSION => "4.4.2", + VERSION => "4.4.3", CAPVERSION => 40402 , ); diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 528b66cb0..7605f3e76 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,7 @@ +Changes in Shorewall 4.4.3 + +None. + Changes in Shorewall 4.4.2 1) BUGFIX: Correct detection of Persistent SNAT support diff --git a/Shorewall/install.sh b/Shorewall/install.sh index e88319be3..e6e50f67b 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index b64d608ba..697586326 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -1 +1 @@ -There are no known problems in Shorewall version 4.4.2 +There are no known problems in Shorewall version 4.4.3 diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index b7960bfa1..f4eb8ce62 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 4.4.2 +Shorewall 4.4.3 ---------------------------------------------------------------------------- R E L E A S E 4 . 4 H I G H L I G H T S @@ -170,58 +170,10 @@ Shorewall 4.4.2 then it may have no additional members in /etc/shorewall/hosts. ---------------------------------------------------------------------------- - P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 + P R O B L E M S C O R R E C T E D I N 4 . 4 . 3 ---------------------------------------------------------------------------- -1) Detection of Persistent SNAT was broken in the rules compiler. - -2) Initialization of the compiler's chain table was occurring before - shorewall.conf had been read and before the capabilities had been - determined. This could lead to incorrect rules and Perl runtime - errors. - -3) The 'shorewall check' command previously did not detect errors in - /etc/shorewall/routestopped. - -4) In earlier versions, if a file with the same name as a built-in - action were present in the CONFIG_PATH, then the compiler would - process that file like it was an extension script. - - The compiler now ignores the presence of such files. - -5) Several configuration issues which previously produced an error or - warning are now handled differently. - - a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now - handled as they were by the old shell-based compiler. That is, - they cause pre-3.0 built-in actions to be mapped automatically - to the corresponding macro invocation. - - b) SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a - warning. - - c) DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now - a warning. - - d) RFC1918_STRICT=Yes no loger produces a fatal error -- it is now - a warning. - -6) Previously, it was not possible to specify an IP address range in - ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve - for the patch. - -7) The 'wait4ifup' script included for Debian compatibility now runs - correctly with no PATH. - -8) The new per-IP LIMIT feature now works with ancient iptables - releases (e.g., 1.3.5 as found on RHEL 5). This change required - testing for an additional capability which means that those who use - a capabilities file should regenerate that file after installing - 4.4.2. - -9) One unintended difference between Shorewall-shell and - Shorewall-perl was that Shorewall-perl did not support the MARK - column in action bodies. This has been corrected. +None. ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G @@ -230,38 +182,10 @@ Shorewall 4.4.2 None. ---------------------------------------------------------------------------- - N E W F E A T U R E S I N 4 . 4 . 2 + N E W F E A T U R E S I N 4 . 4 . 3 ---------------------------------------------------------------------------- -1) Prior to this release, line continuation has taken precedence over - #-style comments. This prevented us from doing the following: - - ACCEPT net:206.124.146.176,\ #Gateway - 206.124.146.177,\ #Mail - 206.124.146.178\ #Server - ... - - Now, unless a line ends with '\', any trailing comment is stripped - off (including any white-space preceding the '#'). Then if the line - ends with '\', it is treated as a continuation line as normal. - -2) Three new columns have been added to FORMAT-2 macro bodies. - - MARK - CONNLIMIT - TIME - - These three columns correspond to the similar columns in - /etc/shorewall/rules and must be empty in macros invoked from an - action. - -3) Accounting chains may now have extension scripts. Simply place your - Perl script in the file /etc/shorewall/ and when the - accounting chain named is created, your script will be - invoked. - - As usual, the variable $chainref will contain a reference to the - chain's table entry. +None. ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 . 0 @@ -1005,3 +929,91 @@ None. 5) A flaw in the parsing logic for the zones file allowed most zone types containing the character string 'ip' to be accepted as a synonym for 'ipv4' (or ipv6 if compiling an IPv6 configuration). + +---------------------------------------------------------------------------- + P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 +---------------------------------------------------------------------------- + +1) Detection of Persistent SNAT was broken in the rules compiler. + +2) Initialization of the compiler's chain table was occurring before + shorewall.conf had been read and before the capabilities had been + determined. This could lead to incorrect rules and Perl runtime + errors. + +3) The 'shorewall check' command previously did not detect errors in + /etc/shorewall/routestopped. + +4) In earlier versions, if a file with the same name as a built-in + action were present in the CONFIG_PATH, then the compiler would + process that file like it was an extension script. + + The compiler now ignores the presence of such files. + +5) Several configuration issues which previously produced an error or + warning are now handled differently. + + a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now + handled as they were by the old shell-based compiler. That is, + they cause pre-3.0 built-in actions to be mapped automatically + to the corresponding macro invocation. + + b) SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a + warning. + + c) DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now + a warning. + + d) RFC1918_STRICT=Yes no loger produces a fatal error -- it is now + a warning. + +6) Previously, it was not possible to specify an IP address range in + ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve + for the patch. + +7) The 'wait4ifup' script included for Debian compatibility now runs + correctly with no PATH. + +8) The new per-IP LIMIT feature now works with ancient iptables + releases (e.g., 1.3.5 as found on RHEL 5). This change required + testing for an additional capability which means that those who use + a capabilities file should regenerate that file after installing + 4.4.2. + +9) One unintended difference between Shorewall-shell and + Shorewall-perl was that Shorewall-perl did not support the MARK + column in action bodies. This has been corrected. + +---------------------------------------------------------------------------- + N E W F E A T U R E S I N 4 . 4 . 2 +---------------------------------------------------------------------------- + +1) Prior to this release, line continuation has taken precedence over + #-style comments. This prevented us from doing the following: + + ACCEPT net:206.124.146.176,\ #Gateway + 206.124.146.177,\ #Mail + 206.124.146.178\ #Server + ... + + Now, unless a line ends with '\', any trailing comment is stripped + off (including any white-space preceding the '#'). Then if the line + ends with '\', it is treated as a continuation line as normal. + +2) Three new columns have been added to FORMAT-2 macro bodies. + + MARK + CONNLIMIT + TIME + + These three columns correspond to the similar columns in + /etc/shorewall/rules and must be empty in macros invoked from an + action. + +3) Accounting chains may now have extension scripts. Simply place your + Perl script in the file /etc/shorewall/ and when the + accounting chain named is created, your script will be + invoked. + + As usual, the variable $chainref will contain a reference to the + chain's table entry. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index c9a46115b..08ecbf8ea 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 4.4.2 +%define version 4.4.3 %define release 0base Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -104,6 +104,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Fri Oct 02 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.3-0base * Sun Sep 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Sep 04 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 272ad011d..000c101ce 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/fallback.sh b/Shorewall6-lite/fallback.sh index 1348c66bc..f679469e7 100755 --- a/Shorewall6-lite/fallback.sh +++ b/Shorewall6-lite/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index e4f5bbe09..d77c98625 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index 7ddded100..c7ab214e1 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -1,5 +1,5 @@ %define name shorewall6-lite -%define version 4.4.2 +%define version 4.4.3 %define release 0base Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. @@ -89,6 +89,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri Oct 02 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.3-0base * Sun Sep 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Sep 04 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh index c42795847..9aa500275 100755 --- a/Shorewall6-lite/uninstall.sh +++ b/Shorewall6-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6/fallback.sh b/Shorewall6/fallback.sh index 862165eed..227014b7a 100755 --- a/Shorewall6/fallback.sh +++ b/Shorewall6/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 1bf97edcc..2833e9efd 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status { diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec index e157c1c83..53f65518f 100644 --- a/Shorewall6/shorewall6.spec +++ b/Shorewall6/shorewall6.spec @@ -1,5 +1,5 @@ %define name shorewall6 -%define version 4.4.2 +%define version 4.4.3 %define release 0base Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. @@ -93,6 +93,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %changelog +* Fri Oct 02 2009 Tom Eastep tom@shorewall.net +- Updated to 4.4.3-0base * Sun Sep 06 2009 Tom Eastep tom@shorewall.net - Updated to 4.4.2-0base * Fri Sep 04 2009 Tom Eastep tom@shorewall.net diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh index ac9ec2acb..84323346f 100755 --- a/Shorewall6/uninstall.sh +++ b/Shorewall6/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.2 +VERSION=4.4.3 usage() # $1 = exit status {