forked from extern/shorewall_code
Bring STABLE CVS thread up to date
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1218 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
51be98b2bf
commit
a232826ac1
@ -27,3 +27,11 @@ Changes since 1.4.9
|
||||
12) Allow maclist with Atheros cards
|
||||
|
||||
13) Fix masq file problem with exclusion in the source column.
|
||||
|
||||
14) Fix silly tcrules file problem.
|
||||
|
||||
15) Fix multiple excluded zones in DNAT/REDIRECT rules.
|
||||
|
||||
16) Correct reporting of POLICY rules.
|
||||
|
||||
17) Implement Sean Mathews's fix for Proxy ARP/IPSEC.
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=1.4.10a
|
||||
VERSION=1.4.10d
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -1396,7 +1396,7 @@ setup_proxy_arp() {
|
||||
|
||||
[ -z "$haveroute" ] && run_ip route replace $address dev $interface
|
||||
|
||||
run_arp -Ds $address $external pub
|
||||
run_arp -i $external -Ds $address $external pub
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
|
||||
echo 0 > /proc/sys/net/ipv4/conf/$external/proxy_arp
|
||||
@ -1730,7 +1730,7 @@ process_tc_rule()
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ "x$user" != "x-" ]; then
|
||||
if [ "x${user:--}" != "x-" ]; then
|
||||
|
||||
[ "$chain" != tcout ] && \
|
||||
fatal_error "Invalid use of a user/group: rule \"$rule\""
|
||||
@ -2632,7 +2632,7 @@ add_nat_rule() {
|
||||
addnatrule `dnat_chain $source` $cli $proto $multiport $sports $dports -d $adr -j $chain
|
||||
done
|
||||
|
||||
for z in $excludezones; do
|
||||
for z in $(separate_list $excludezones); do
|
||||
eval hosts=\$${z}_hosts
|
||||
for host in $hosts; do
|
||||
addnatrule $chain -s ${host#*:} -j RETURN
|
||||
@ -2843,11 +2843,15 @@ add_a_rule()
|
||||
|
||||
# Complain if the rule is really a policy
|
||||
|
||||
if [ -z "$proto" -a -z "$cli" -a -z "$serv" -a -z "$servport" -a -z "$userset" -a "$logtarget" != LOG ]; then
|
||||
error_message "Warning -- Rule \"$rule\" is a POLICY"
|
||||
error_message " -- and should be moved to the policy file"
|
||||
fi
|
||||
|
||||
case $logtarget in
|
||||
ACCEPT|DROP|REJECT)
|
||||
if [ -z "$proto" -a -z "$cli" -a -z "$serv" -a -z "$servport" -a -z "$userspec" ] ; then
|
||||
error_message "Warning -- Rule \"$rule\" is a POLICY"
|
||||
error_message " -- and should be moved to the policy file"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "${serv}${servport}" ]; then
|
||||
if [ $command != check ]; then
|
||||
|
||||
|
||||
@ -54,7 +54,7 @@
|
||||
# /etc/rc.d/rc.local file is modified to start the firewall.
|
||||
#
|
||||
|
||||
VERSION=1.4.10a
|
||||
VERSION=1.4.10d
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
@ -62,10 +62,13 @@
|
||||
# interface (anti-spoofing measure). This
|
||||
# option can also be enabled globally in
|
||||
# the /etc/shorewall/shorewall.conf file.
|
||||
# dropunclean - Logs and drops mangled/invalid packets
|
||||
#
|
||||
# dropunclean - Logs and drops mangled/invalid
|
||||
# packets. USE OF THIS OPTION IS
|
||||
# NOT RECOMMENDED. It will be removed in
|
||||
# Shorewall 2.0.
|
||||
# logunclean - Logs mangled/invalid packets but does
|
||||
# not drop them.
|
||||
# not drop them. This option will be
|
||||
# removed in Shorewall 2.0.
|
||||
# . . blacklist - Check packets arriving on this interface
|
||||
# against the /etc/shorewall/blacklist
|
||||
# file.
|
||||
|
||||
@ -31,6 +31,22 @@ Problems Corrected since version 1.4.9:
|
||||
|
||||
the !10.1.0.0/16 is ignored.
|
||||
|
||||
9. A startup error occurs if the USER/GROUP column of the tcrules file
|
||||
is empty.
|
||||
|
||||
10. The following syntax previously produced a startup error:
|
||||
|
||||
DNAT z1!z2,z3 z4:...
|
||||
|
||||
That has been corrected so that multiple excluded zones may now be
|
||||
listed in a DNAT or REDIRECT rule.
|
||||
|
||||
11. Use of user-defined actions frequently resulted in a WARNING that
|
||||
the rule was a policy.
|
||||
|
||||
12. Thanks to Sean Mathews, a long-standing problem with proxy ARP and
|
||||
IPSEC has been corrected!!
|
||||
|
||||
Migration Issues:
|
||||
|
||||
None.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
%define name shorewall
|
||||
%define version 1.4.10a
|
||||
%define version 1.4.10d
|
||||
%define release 1
|
||||
%define prefix /usr
|
||||
|
||||
@ -109,6 +109,12 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||
|
||||
%changelog
|
||||
* Tue Mar 16 2004 Tom Eastep <tom@shorewall.net>
|
||||
- Changed version to 1.4.10d-1
|
||||
* Sun Feb 15 2004 Tom Eastep <tom@shorewall.net>
|
||||
- Changed version to 1.4.10c-1
|
||||
* Thu Feb 12 2004 Tom Eastep <tom@shorewall.net>
|
||||
- Changed version to 1.4.10b-1
|
||||
* Sun Feb 08 2004 Tom Eastep <tom@shorewall.net>
|
||||
- Changed version to 1.4.10a-1
|
||||
* Fri Jan 30 2004 Tom Eastep <tom@shorewall.net>
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Seattle Firewall
|
||||
|
||||
VERSION=1.4.10a
|
||||
VERSION=1.4.10d
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user