forked from extern/shorewall_code
Fix a couple of bugs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7701 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
1f48b9d616
commit
a7f089a939
@ -1,3 +1,9 @@
|
||||
Changes in 4.1.1
|
||||
|
||||
1) Fix ULOG/NFLOG output.
|
||||
|
||||
2) Fix NFQUEUE(<queue-num>) in Policy file.
|
||||
|
||||
Changes in 4.1.0.
|
||||
|
||||
1) Add 'shared' provider option.
|
||||
@ -23,434 +29,3 @@ Changes in 4.1.0.
|
||||
11) Add DONT_LOAD option
|
||||
|
||||
12) Add support for --random.
|
||||
|
||||
Changes in 4.0.5
|
||||
|
||||
1) Delete 'detectnets' from Shorewall-perl
|
||||
|
||||
2) Use get_config() for processing secondary shorewall.conf
|
||||
|
||||
3) Add 'broadcast' and 'destonly' options to hosts file.
|
||||
|
||||
4) Allow "$FW::<port>" in the DEST column of a redirect rule"
|
||||
|
||||
5) Add MULTICAST option in shorewall.conf.
|
||||
|
||||
6) Allow port range for server port in NAT rules.
|
||||
|
||||
7) Validate server IP address and port(-range) in NAT rules.
|
||||
|
||||
8) Allow server port(s) to be specified as service names.
|
||||
|
||||
9) Split large DEST PORT(S) lists.
|
||||
|
||||
10) Fix TCP/UDP in rules file.
|
||||
|
||||
10) Add new semantics to 'debug' with Shorewall-perl
|
||||
|
||||
11) Satisfy the distros.
|
||||
|
||||
12) Change module versions to V-strings.
|
||||
|
||||
13) Fix ipsets.
|
||||
|
||||
Changes in 4.0.4
|
||||
|
||||
1) Fix 'refresh' with light-weight shells.
|
||||
|
||||
2) Various fixes for proxyarp.
|
||||
|
||||
3) Fix 'refresh' run-time error.
|
||||
|
||||
4) Cleaner behavior if module-init-tools not installed.
|
||||
|
||||
5) Fix [re-]initialization problems in Shorewall::Tc.
|
||||
|
||||
6) Make compile-time check for iptables-restore.
|
||||
|
||||
7) Fix dup chain name test for actions.
|
||||
|
||||
8) Improve KLUDGEFREE detection.
|
||||
|
||||
9) Remove unused functions from Chains module.
|
||||
|
||||
10) Allow 'TC_ENABLED=internal' as specified (Only 'Internal' is
|
||||
currently allowed).
|
||||
|
||||
11) Correct 'loose' handling.
|
||||
|
||||
12) Correct handling of 'bridge' and accounting.
|
||||
|
||||
13) Fix SHOREWALL_DIR fiasco.
|
||||
|
||||
14) Avoid deleting wrong routing rule.
|
||||
|
||||
15) Allow provider number in route_rules with Shorewall-shell.
|
||||
|
||||
16) Add DELETE_THEN_ADD option.
|
||||
|
||||
17) Add warning about 'detectnets' going away.
|
||||
|
||||
18) Fix off-by-one bug in Tc.pm
|
||||
|
||||
19) Correct problems found in pre-testing.
|
||||
|
||||
20) Fix REDIRECT with Macros.
|
||||
|
||||
Changes in 4.0.3
|
||||
|
||||
1) Streamline the checking for builtin chains in the accounting file.
|
||||
|
||||
2) Don't try to write/restore /etc/iproute2/rt_tables if it isn't
|
||||
writable.
|
||||
|
||||
3) Allow Shorewall-perl compiler and libraries to be installed
|
||||
anywhere.
|
||||
|
||||
4) Add KEEP_RT_TABLES option.
|
||||
|
||||
5) Other provider changes.
|
||||
|
||||
6) Fix LOG target in Shorewall-shell.
|
||||
|
||||
7) Faster log processing.
|
||||
|
||||
8) Tweak handling of CLASSID in process_tc_rule().
|
||||
|
||||
9) Restore 3.4 'stop/clear/reset' behavior and make new behavior
|
||||
optional.
|
||||
|
||||
10) Add act_police to modules file.
|
||||
|
||||
11) Add 'mss' interface option.
|
||||
|
||||
12) Add TCPMSS_MATCH to show capabilities -f.
|
||||
|
||||
13) Insure a space between log prefix and IN=.
|
||||
|
||||
14) Provide ESTABLISHED,RELATED rules for inappropriate CONTINUE policy
|
||||
|
||||
15) Add hashlimit match detection.
|
||||
|
||||
16) Fix 'add' and 'delete' when interface name contains special char.
|
||||
|
||||
17) Fix PREROUTING track fiasco.
|
||||
|
||||
18) Add NFQUEUE support.
|
||||
|
||||
19) Allow refresh of chains other than 'blacklst'.
|
||||
|
||||
20) Allow INCLUDE in run-time extension scripts.
|
||||
|
||||
21) Fix zone sort.
|
||||
|
||||
Changes in 4.0.2
|
||||
|
||||
1) Another ECN fix in Shorewall-perl.
|
||||
|
||||
2) Make 'state match' detection in Shorewall-perl quiet.
|
||||
|
||||
3) Detect port range in list without XMULTIPORT.
|
||||
|
||||
4) Move lockfile handling from 'firewall' to 'shorewall' and lib.cli.
|
||||
|
||||
5) Don't detect routed networks and interfaces addresses during
|
||||
'restore'.
|
||||
|
||||
6) Upcase some global variables in the generated script.
|
||||
|
||||
7) Remove some 'chain_base' mapping.
|
||||
|
||||
8) Eliminate a couple of global variables in the Chains module.
|
||||
|
||||
9) Cosmetic change to generated script.
|
||||
|
||||
10) Allow tc configuration on bridge ports.
|
||||
|
||||
11) Fix add/delete problem when Shorewall-shell is not installed.
|
||||
|
||||
12) Don't overwrite ${VARDIR}/chains and ${VARDIR}/zones during
|
||||
'refresh'.
|
||||
|
||||
13) Correct some error messages.
|
||||
|
||||
14) Correct calculations involving number of keys in a hash.
|
||||
|
||||
15) Load xt_multiport.
|
||||
|
||||
16) Apply Günter Niedermeier's patch for multiport.
|
||||
|
||||
17) Honor the BROADCAST column when address type match is not
|
||||
available.
|
||||
|
||||
18) Fix accounting.
|
||||
|
||||
Changes in 4.0.1
|
||||
|
||||
1) Add EXPAND_POLICIES.
|
||||
|
||||
2) Fix uninstallers.
|
||||
|
||||
3) Correct handling of 'ipsec' option in the hosts file.
|
||||
|
||||
4) Corrent handling of 'PATH' in Shorewall-perl.
|
||||
|
||||
5) Correct handling of ECN with MANGLE_FORWARD.
|
||||
|
||||
6) Relax ADDRTYPE restriction.
|
||||
|
||||
7) Be sure that chkconfig runs after upgrade from < 4.0.0
|
||||
|
||||
8) Better out-of-order policy detection.
|
||||
|
||||
9) Fix dropBcast/allowBcast logging and other logging
|
||||
fixes/improvements.
|
||||
|
||||
10) Cleaner way to handle quotes in rules.
|
||||
|
||||
11) Allow '/min' in RATE/BURST column.
|
||||
|
||||
12) Check for state match
|
||||
|
||||
13) Fix stale lock problems.
|
||||
|
||||
Changes in 4.0.0 Final
|
||||
|
||||
1) Fix lite install.sh manpage problem.
|
||||
|
||||
2) Fix shorewall-shell .spec to modify SHOREWALL_COMPILER.
|
||||
|
||||
3) Shuffle code in Providers.pm.
|
||||
|
||||
4) Consolicate Common.pm + Config.pm and Interfaces.pm + Hosts.pm +
|
||||
Zones.pm.
|
||||
|
||||
5) Validate log level in policy file.
|
||||
|
||||
Changes in 4.0.0 RC 2
|
||||
|
||||
1) Fix zone type check in Tunnels File.
|
||||
|
||||
2) Remove -f as default start OPTIONS.
|
||||
|
||||
3) Remove 3.4 compatibility hacks.
|
||||
|
||||
4) Fix install.sh manpage problem.
|
||||
|
||||
5) Fix LITEDIR mess.
|
||||
|
||||
6) Fix IPSEC.
|
||||
|
||||
7) Add Tunneling Macros from Tuomo Soini.
|
||||
|
||||
Changes in 4.0.0 RC 1
|
||||
|
||||
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
||||
|
||||
2) Fix limited broadcast and detectnets/routeback interfaces.
|
||||
|
||||
3) Use optimized 'split' for faster compilation.
|
||||
|
||||
4) Validate host part in hosts file entry.
|
||||
|
||||
5) Fix IPSECFILE=ipsec.
|
||||
|
||||
6) Make ':noah' the default.
|
||||
|
||||
7) Work around SELinux nonsense.
|
||||
|
||||
8) Restore the 'refresh' command.
|
||||
|
||||
9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file.
|
||||
|
||||
10) Raise error on chmod failure.
|
||||
|
||||
11) Handle shell variables with zero value correctly.
|
||||
|
||||
Changes in 4.0.0 Beta 6
|
||||
|
||||
1) First step to adding compiler debugging facility.
|
||||
|
||||
2) Assume that iptables-restore is in the same directory as $IPTABLES
|
||||
|
||||
3) Fix buildports.pm to handle bogus entries in /etc/protocols and
|
||||
/etc/services.
|
||||
|
||||
4) Allow COMMENT in the accounting file.
|
||||
|
||||
Changes in 4.0.0 Beta 6
|
||||
|
||||
1) Validate the DISPOSITION in /etc/shorewall/maclist entries.
|
||||
|
||||
2) Add versioning to capabilities files.
|
||||
|
||||
3) Improve compiler selection.
|
||||
|
||||
4) DYNAMIC_ZONES=Yes and bridges.
|
||||
|
||||
5) Implement port validation.
|
||||
|
||||
Changes in 4.0.0 Beta 5
|
||||
|
||||
1) Fix undefined function call when both an input interface and an
|
||||
output interface are present.
|
||||
|
||||
2) Externalize compiler and Compile.pm.
|
||||
|
||||
Changes in 4.0.0 Beta 4
|
||||
|
||||
1) Fix the 'Modules' output of 'dump'
|
||||
|
||||
2) Fix FW=xxx with IPSECFILE=ipsec.
|
||||
|
||||
3) Fix wildcard-rule/NONE-policy interaction.
|
||||
|
||||
4) Clean up generation of user-exit jacket functions.
|
||||
|
||||
5) Add new bridge code.
|
||||
|
||||
6) Fix bad bug in exclusion.
|
||||
|
||||
Changes in 4.0.0 Beta 2
|
||||
|
||||
1) Fix screwup in get_routed_networks().
|
||||
|
||||
2) Some minor tweaks.
|
||||
|
||||
3) Fix synflood chain jumps.
|
||||
|
||||
4) Simplify synflood handling and improve error diagnostics.
|
||||
|
||||
Changes in 4.0.0 Beta 1
|
||||
|
||||
1) Fix add/delete <interface>.
|
||||
|
||||
2) Fix do_proto() and 'use IPConfig' in Providers.pm.
|
||||
|
||||
3) Implement dynamic host group detection.
|
||||
|
||||
Changes in 3.9.7
|
||||
|
||||
1) Clean up release notes.
|
||||
|
||||
2) Fix several bugs having to do with exclusion in the hosts file.
|
||||
|
||||
3) Use '-m addrtype' in detectnet interface output rules.
|
||||
|
||||
4) Fix find_hosts_by_option().
|
||||
|
||||
5) Fix more hosts file bugs.
|
||||
|
||||
6) Fix 'detect' in GATEWAY column of providers file.
|
||||
|
||||
8) Other bug fixes (see release notes).
|
||||
|
||||
7) Fix action in 'logreject'.
|
||||
|
||||
8) Allow macros to invoke macros outside of action bodies.
|
||||
|
||||
|
||||
Changes in 3.9.6
|
||||
|
||||
1) Fix parsing problems in protocol handling.
|
||||
|
||||
2) Fix bugs in handling of the MARK column.
|
||||
|
||||
3) Fix bug in routing table copying
|
||||
|
||||
4) Fix bug in ipset handling.
|
||||
|
||||
5) Fix bug in handling of CONTINUE in the tcrules file.
|
||||
|
||||
6) Add RCP_COMMAND and RSH_COMMAND options in shorewall.conf
|
||||
|
||||
7) Apply Luigi's MARK patch.
|
||||
|
||||
Changes in 3.9.5
|
||||
|
||||
1) Fix dynamic zone problem.
|
||||
|
||||
2) Fix LOGALLNEW.
|
||||
|
||||
3) Implement log level, protocol and port validation.
|
||||
|
||||
4) Fix MACLIST log rule generation problem.
|
||||
|
||||
Changes in 3.9.4
|
||||
|
||||
1) Fix port 0 problem (again!).
|
||||
|
||||
2) Fix log_martians.
|
||||
|
||||
3) Make LOG_MARTIANS and ROUTE_FILTER tri-valued.
|
||||
|
||||
4) Fix arp_ignore.
|
||||
|
||||
5) Re-work ROUTE_FILTER and LOG_MARTIANS.
|
||||
|
||||
6) Fix handling of interface options.
|
||||
|
||||
7) Fix handling of zone ipsec options.
|
||||
|
||||
8) Fix 'routeback' on multi-zone interface.
|
||||
|
||||
9) Fix 'check -d'.
|
||||
|
||||
10) Fix intra-zone policies.
|
||||
|
||||
11) Fix typo in maclist validation.
|
||||
|
||||
12) Allow 'optional' to work with 'maclist'.
|
||||
|
||||
Changes in 3.9.3
|
||||
|
||||
1) Apply Steven Springl's patch for port checking.
|
||||
|
||||
2) Implement 'optional' interface option.
|
||||
|
||||
3) Fix a couple of bugs in 'owner' handling.
|
||||
|
||||
4) Fix several bugs in address/network detection.
|
||||
|
||||
5) Make a number of interface options binary.
|
||||
|
||||
6) Add wildcard edits in interface processing.
|
||||
|
||||
7) Fix dropInvalid.
|
||||
|
||||
8) Fix 'none'.
|
||||
|
||||
9) Fix SAME with SOURCE $FW
|
||||
|
||||
10) Fix tcp:syn.
|
||||
|
||||
11) Fix all->z rules with 'NONE' policy.
|
||||
|
||||
12) Check for reserved zone names.
|
||||
|
||||
13) Add check for firewall zone existance.
|
||||
|
||||
14) Add checks for zone existance in 'all' processing.
|
||||
|
||||
Changes in 3.9.2
|
||||
|
||||
1) Implement '-C {shell|perl}'.
|
||||
|
||||
2) Implement LOCKFILE
|
||||
|
||||
3) Fix typo in prog.footer.
|
||||
|
||||
4) Fix Shorewall-perl hosts and tcclasses errors.
|
||||
|
||||
5) Add IPPserver macro.
|
||||
|
||||
6) Fix problem with 'stop' and 'clear' when shorewall-shell not
|
||||
installed.
|
||||
|
||||
7) Moved lib.dynamiczones to Shorewall.
|
||||
|
||||
8) Fix silly bug in lib.base.
|
||||
|
||||
9) Apply Steven Springl's patch for ICMP.
|
||||
|
||||
>>>>>>> .r7695
|
||||
|
@ -8,11 +8,20 @@ Shorewall 4.1 Patch Release 0.
|
||||
|
||||
2) Support for NFLOG has been added.
|
||||
|
||||
Problems corrected in Shorewall 4.1.0.
|
||||
Problems corrected in Shorewall 4.1.1.
|
||||
|
||||
1) Previously, incorrect output was generated by parameter lists to
|
||||
ULOG or NFLOG.
|
||||
|
||||
2) Specifying NFQUEUE(<queue-number>) in the LEVEL column of the
|
||||
policy file resulted in an error.
|
||||
|
||||
|
||||
Other changes in Shorewall 4.1.1.
|
||||
|
||||
None.
|
||||
|
||||
Other changes in Shorewall 4.1.0.
|
||||
New Features in Shorewall 4.1.
|
||||
|
||||
1) Shorewall 4.1.0 contains experimental support for multiple Internet
|
||||
providers through a single ethernet interface. Configuring two
|
||||
|
@ -1162,7 +1162,7 @@ my %validlevels = ( debug => 7,
|
||||
ULOG => 'ULOG',
|
||||
NFLOG => 'NFLOG');
|
||||
|
||||
my @suffixes = qw(group range threshhold);
|
||||
my @suffixes = qw(group range threshold nlgroup cprange qthreshold);
|
||||
|
||||
#
|
||||
# Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
|
||||
@ -1184,7 +1184,7 @@ sub validate_level( $ ) {
|
||||
my $olevel = $1;
|
||||
my @options = split /,/, $2;
|
||||
my $prefix = lc $olevel;
|
||||
my $index = 0;
|
||||
my $index = $prefix eq 'ulog' ? 3 : 0;
|
||||
|
||||
level_error( $level ) if @options > 3;
|
||||
|
||||
|
@ -228,7 +228,7 @@ sub validate_policy()
|
||||
|
||||
fatal_error "Invalid default action ($default:$remainder)" if defined $remainder;
|
||||
|
||||
( $policy , my $queue ) = split( '/' , $policy );
|
||||
( $policy , my $queue ) = get_target_param $policy;
|
||||
|
||||
if ( $default ) {
|
||||
if ( "\L$default" eq 'none' ) {
|
||||
|
Loading…
Reference in New Issue
Block a user