forked from extern/shorewall_code
Release 1.3.12-Beta1 Changes; bug fix from Tuomo Soini
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
c9a1bff975
commit
97c6eae79e
@ -34,3 +34,8 @@ Changes since 1.3.11
|
||||
|
||||
15. Added ULOG target support.
|
||||
|
||||
16. Add MARK_IN_FORWARD option.
|
||||
|
||||
17. General Cleanup for Release
|
||||
|
||||
18. Release changes and add init, start, stop and stopped files.
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=1.3.11a
|
||||
VERSION=1.3.12-Beta1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
@ -119,6 +119,14 @@ restore_file /etc/shorewall/whitelist
|
||||
|
||||
restore_file /etc/shorewall/rfc1918
|
||||
|
||||
restore_file /etc/shorewall/init
|
||||
|
||||
restore_file /etc/shorewall/start
|
||||
|
||||
restore_file /etc/shorewall/stop
|
||||
|
||||
restore_file /etc/shorewall/stopped
|
||||
|
||||
if [ -f /usr/lib/shorewall/version-${VERSION}.bkout ]; then
|
||||
restore_file /usr/lib/shorewall/version
|
||||
oldversion="`cat /usr/lib/shorewall/version`"
|
||||
|
||||
@ -234,7 +234,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
|
||||
[ -n "$ALLOWRELATED" ] && state="$state,RELATED"
|
||||
run_iptables -A $1 -m state --state $state -j ACCEPT
|
||||
[ -z "$NEWNOTSYN" ] && \
|
||||
run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
|
||||
run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
|
||||
fi
|
||||
|
||||
eval ${1}_exists=Yes
|
||||
|
||||
6
Shorewall/init
Normal file
6
Shorewall/init
Normal file
@ -0,0 +1,6 @@
|
||||
############################################################################
|
||||
# Shorewall 1.3 -- /etc/shorewall/init
|
||||
#
|
||||
# Add commands below that you want to be executed at the beginning of
|
||||
# a "shorewall start" or "shorewall restart" command.
|
||||
#
|
||||
@ -54,7 +54,7 @@
|
||||
# /etc/rc.d/rc.local file is modified to start the firewall.
|
||||
#
|
||||
|
||||
VERSION=1.3.11a
|
||||
VERSION=1.3.12-Beta1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
@ -488,6 +488,46 @@ else
|
||||
echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918"
|
||||
fi
|
||||
#
|
||||
# Install the init file
|
||||
#
|
||||
if [ -f ${PREFIX}/etc/shorewall/init ]; then
|
||||
backup_file /etc/shorewall/init
|
||||
else
|
||||
run_install -o $OWNER -g $GROUP -m 0600 init ${PREFIX}/etc/shorewall/init
|
||||
echo
|
||||
echo "Init file installed as ${PREFIX}/etc/shorewall/init"
|
||||
fi
|
||||
#
|
||||
# Install the start file
|
||||
#
|
||||
if [ -f ${PREFIX}/etc/shorewall/start ]; then
|
||||
backup_file /etc/shorewall/start
|
||||
else
|
||||
run_install -o $OWNER -g $GROUP -m 0600 start ${PREFIX}/etc/shorewall/start
|
||||
echo
|
||||
echo "Start file installed as ${PREFIX}/etc/shorewall/start"
|
||||
fi
|
||||
#
|
||||
# Install the stop file
|
||||
#
|
||||
if [ -f ${PREFIX}/etc/shorewall/stop ]; then
|
||||
backup_file /etc/shorewall/stop
|
||||
else
|
||||
run_install -o $OWNER -g $GROUP -m 0600 stop ${PREFIX}/etc/shorewall/stop
|
||||
echo
|
||||
echo "Stop file installed as ${PREFIX}/etc/shorewall/stop"
|
||||
fi
|
||||
#
|
||||
# Install the stopped file
|
||||
#
|
||||
if [ -f ${PREFIX}/etc/shorewall/stopped ]; then
|
||||
backup_file /etc/shorewall/stopped
|
||||
else
|
||||
run_install -o $OWNER -g $GROUP -m 0600 stopped ${PREFIX}/etc/shorewall/stopped
|
||||
echo
|
||||
echo "Stopped file installed as ${PREFIX}/etc/shorewall/stopped"
|
||||
fi
|
||||
#
|
||||
# Backup the version file
|
||||
#
|
||||
if [ -z "$PREFIX" ]; then
|
||||
|
||||
@ -4,10 +4,12 @@ New features include:
|
||||
|
||||
1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
|
||||
and tcstart).
|
||||
|
||||
2) "shorewall debug [re]start" now turns off debugging after an error
|
||||
occurs. This places the point of the failure near the end of the
|
||||
trace rather than up in the middle of it.
|
||||
3) "shorewall [re]start" has been speeded up by approximately 40% with
|
||||
|
||||
3) "shorewall [re]start" has been speeded up by more than 40% with
|
||||
my configuration. Your milage may vary.
|
||||
|
||||
4) A "shorewall show classifiers" command has been added which shows
|
||||
@ -19,3 +21,15 @@ New features include:
|
||||
than the LOG target. This allows you to run ulogd (available from
|
||||
www.gnumonks.org/projects/ulogd) and log all Shorewall messages to
|
||||
a separate log file.
|
||||
|
||||
6) If you are running a kernel that has a FORWARD chain in the mangle
|
||||
table ("shorewall show mangle" will show you the chains in the
|
||||
mangle table), you can set MARK_IN_FORWARD=Yes in
|
||||
shorewall.conf. This allows for marking input packets based on their
|
||||
destination even when you are using Masquerading or SNAT.
|
||||
|
||||
7) Since adding commands to files that don't already exist seems to be a
|
||||
challenging notion for some users, I have cluttered up the
|
||||
/etc/shorewall directory with empty 'init', 'start', 'stop' and
|
||||
'stopped' files. If you already have a file with one of these names,
|
||||
don't worry -- the upgrade process won't overwrite your file.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
%define name shorewall
|
||||
%define version 1.3.11a
|
||||
%define release 1
|
||||
%define version 1.3.12
|
||||
%define release 0Beta1
|
||||
%define prefix /usr
|
||||
|
||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||
@ -94,6 +94,10 @@ fi
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
|
||||
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
|
||||
%attr(0544,root,root) /sbin/shorewall
|
||||
%attr(0444,root,root) /usr/lib/shorewall/functions
|
||||
%attr(0544,root,root) /usr/lib/shorewall/firewall
|
||||
@ -101,6 +105,9 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||
|
||||
%changelog
|
||||
* Wed Dec 18 2002 Tom Eastep <tom@shorewall.net>
|
||||
- Changes version to 1.3.12
|
||||
- Add init, start, stop and stopped files.
|
||||
* Tue Dec 03 2002 Tom Eastep <tom@shorewall.net>
|
||||
- Changes version to 1.3.11a
|
||||
* Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>
|
||||
|
||||
6
Shorewall/start
Normal file
6
Shorewall/start
Normal file
@ -0,0 +1,6 @@
|
||||
############################################################################
|
||||
# Shorewall 1.3 -- /etc/shorewall/start
|
||||
#
|
||||
# Add commands below that you want to be executed after shorewall has
|
||||
# been started or restarted.
|
||||
#
|
||||
6
Shorewall/stop
Normal file
6
Shorewall/stop
Normal file
@ -0,0 +1,6 @@
|
||||
############################################################################
|
||||
# Shorewall 1.3 -- /etc/shorewall/stop
|
||||
#
|
||||
# Add commands below that you want to be executed at the beginning of a
|
||||
# "shorewall stop" command.
|
||||
#
|
||||
6
Shorewall/stopped
Normal file
6
Shorewall/stopped
Normal file
@ -0,0 +1,6 @@
|
||||
############################################################################
|
||||
# Shorewall 1.3 -- /etc/shorewall/stopped
|
||||
#
|
||||
# Add commands below that you want to be executed at the completion of a
|
||||
# "shorewall stop" command.
|
||||
#
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Seattle Firewall
|
||||
|
||||
VERSION=1.3.11a
|
||||
VERSION=1.3.12-Beta1
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user