holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Release 1.3.12-Beta1 Changes; bug fix from Tuomo Soini

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-19 20:14:10 +00:00
parent c9a1bff975
commit 97c6eae79e
11 changed files with 105 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/changelog.txt
View File

@ -34,3 +34,8 @@ Changes since 1.3.11
15. Added ULOG target support. 15. Added ULOG target support.
16. Add MARK_IN_FORWARD option.
17. General Cleanup for Release
18. Release changes and add init, start, stop and stopped files.

10
Shorewall/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=1.3.11a VERSION=1.3.12-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -119,6 +119,14 @@ restore_file /etc/shorewall/whitelist
restore_file /etc/shorewall/rfc1918 restore_file /etc/shorewall/rfc1918
restore_file /etc/shorewall/init
restore_file /etc/shorewall/start
restore_file /etc/shorewall/stop
restore_file /etc/shorewall/stopped
if [ -f /usr/lib/shorewall/version-${VERSION}.bkout ]; then if [ -f /usr/lib/shorewall/version-${VERSION}.bkout ]; then
restore_file /usr/lib/shorewall/version restore_file /usr/lib/shorewall/version
oldversion="`cat /usr/lib/shorewall/version`" oldversion="`cat /usr/lib/shorewall/version`"

2
Shorewall/firewall
View File

@ -234,7 +234,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
[ -n "$ALLOWRELATED" ] && state="$state,RELATED" [ -n "$ALLOWRELATED" ] && state="$state,RELATED"
run_iptables -A $1 -m state --state $state -j ACCEPT run_iptables -A $1 -m state --state $state -j ACCEPT
[ -z "$NEWNOTSYN" ] && \ [ -z "$NEWNOTSYN" ] && \
run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
fi fi
eval ${1}_exists=Yes eval ${1}_exists=Yes

6
Shorewall/init Normal file
View File

@ -0,0 +1,6 @@
############################################################################
# Shorewall 1.3 -- /etc/shorewall/init
#
# Add commands below that you want to be executed at the beginning of
# a "shorewall start" or "shorewall restart" command.
#

42
Shorewall/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall. # /etc/rc.d/rc.local file is modified to start the firewall.
# #
VERSION=1.3.11a VERSION=1.3.12-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {
@ -488,6 +488,46 @@ else
echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918" echo "RFC 1918 file installed as ${PREFIX}/etc/shorewall/rfc1918"
fi fi
# #
# Install the init file
#
if [ -f ${PREFIX}/etc/shorewall/init ]; then
backup_file /etc/shorewall/init
else
run_install -o $OWNER -g $GROUP -m 0600 init ${PREFIX}/etc/shorewall/init
echo
echo "Init file installed as ${PREFIX}/etc/shorewall/init"
fi
#
# Install the start file
#
if [ -f ${PREFIX}/etc/shorewall/start ]; then
backup_file /etc/shorewall/start
else
run_install -o $OWNER -g $GROUP -m 0600 start ${PREFIX}/etc/shorewall/start
echo
echo "Start file installed as ${PREFIX}/etc/shorewall/start"
fi
#
# Install the stop file
#
if [ -f ${PREFIX}/etc/shorewall/stop ]; then
backup_file /etc/shorewall/stop
else
run_install -o $OWNER -g $GROUP -m 0600 stop ${PREFIX}/etc/shorewall/stop
echo
echo "Stop file installed as ${PREFIX}/etc/shorewall/stop"
fi
#
# Install the stopped file
#
if [ -f ${PREFIX}/etc/shorewall/stopped ]; then
backup_file /etc/shorewall/stopped
else
run_install -o $OWNER -g $GROUP -m 0600 stopped ${PREFIX}/etc/shorewall/stopped
echo
echo "Stopped file installed as ${PREFIX}/etc/shorewall/stopped"
fi
#
# Backup the version file # Backup the version file
# #
if [ -z "$PREFIX" ]; then if [ -z "$PREFIX" ]; then

16
Shorewall/releasenotes.txt
View File

@ -4,10 +4,12 @@ New features include:
1) "shorewall refresh" now reloads the traffic shaping rules (tcrules 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
and tcstart). and tcstart).
2) "shorewall debug [re]start" now turns off debugging after an error 2) "shorewall debug [re]start" now turns off debugging after an error
occurs. This places the point of the failure near the end of the occurs. This places the point of the failure near the end of the
trace rather than up in the middle of it. trace rather than up in the middle of it.
3) "shorewall [re]start" has been speeded up by approximately 40% with
3) "shorewall [re]start" has been speeded up by more than 40% with
my configuration. Your milage may vary. my configuration. Your milage may vary.
4) A "shorewall show classifiers" command has been added which shows 4) A "shorewall show classifiers" command has been added which shows
@ -19,3 +21,15 @@ New features include:
than the LOG target. This allows you to run ulogd (available from than the LOG target. This allows you to run ulogd (available from
www.gnumonks.org/projects/ulogd) and log all Shorewall messages to www.gnumonks.org/projects/ulogd) and log all Shorewall messages to
a separate log file. a separate log file.
6) If you are running a kernel that has a FORWARD chain in the mangle
table ("shorewall show mangle" will show you the chains in the
mangle table), you can set MARK_IN_FORWARD=Yes in
shorewall.conf. This allows for marking input packets based on their
destination even when you are using Masquerading or SNAT.
7) Since adding commands to files that don't already exist seems to be a
challenging notion for some users, I have cluttered up the
/etc/shorewall directory with empty 'init', 'start', 'stop' and
'stopped' files. If you already have a file with one of these names,
don't worry -- the upgrade process won't overwrite your file.

11
Shorewall/shorewall.spec
View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 1.3.11a %define version 1.3.12
%define release 1 %define release 0Beta1
%define prefix /usr %define prefix /usr
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -94,6 +94,10 @@ fi
%attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts %attr(0600,root,root) %config(noreplace) /etc/shorewall/hosts
%attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist %attr(0600,root,root) %config(noreplace) /etc/shorewall/blacklist
%attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918 %attr(0600,root,root) %config(noreplace) /etc/shorewall/rfc1918
%attr(0600,root,root) %config(noreplace) /etc/shorewall/init
%attr(0600,root,root) %config(noreplace) /etc/shorewall/start
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stop
%attr(0600,root,root) %config(noreplace) /etc/shorewall/stopped
%attr(0544,root,root) /sbin/shorewall %attr(0544,root,root) /sbin/shorewall
%attr(0444,root,root) /usr/lib/shorewall/functions %attr(0444,root,root) /usr/lib/shorewall/functions
%attr(0544,root,root) /usr/lib/shorewall/firewall %attr(0544,root,root) /usr/lib/shorewall/firewall
@ -101,6 +105,9 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog %changelog
* Wed Dec 18 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.12
- Add init, start, stop and stopped files.
* Tue Dec 03 2002 Tom Eastep <tom@shorewall.net> * Tue Dec 03 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.11a - Changes version to 1.3.11a
* Sun Nov 24 2002 Tom Eastep <tom@shorewall.net> * Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>

6
Shorewall/start Normal file
View File

@ -0,0 +1,6 @@
############################################################################
# Shorewall 1.3 -- /etc/shorewall/start
#
# Add commands below that you want to be executed after shorewall has
# been started or restarted.
#

6
Shorewall/stop Normal file
View File

@ -0,0 +1,6 @@
############################################################################
# Shorewall 1.3 -- /etc/shorewall/stop
#
# Add commands below that you want to be executed at the beginning of a
# "shorewall stop" command.
#

6
Shorewall/stopped Normal file
View File

@ -0,0 +1,6 @@
############################################################################
# Shorewall 1.3 -- /etc/shorewall/stopped
#
# Add commands below that you want to be executed at the completion of a
# "shorewall stop" command.
#

2
Shorewall/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall # shown below. Simply run this script to remove Seattle Firewall
VERSION=1.3.11a VERSION=1.3.12-Beta1
usage() # $1 = exit status usage() # $1 = exit status
{ {