ipsecnat now implies ipsecnat:noah

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5249 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -6,6 +6,8 @@ Changes in 3.4.0 Beta 3
 
 3)  Be more careful about converting pre-3.2 maclist records.
 
+4)  'noah' is implied by ipsecnat in /etc/shorewall/tunnels.
+
 Changes in 3.4.0 Beta 2
 
 1)  Fix for empty blacklist file.

Shorewall/lib.tunnels

@@ -49,6 +49,8 @@ setup_tunnels() # $1 = name of tunnels file
 
 	[ $kind = IPSEC ] && kind=ipsec
 
+	[ $kind = ipsec ] || noah=noah
+
 	options="-m state --state NEW -j ACCEPT"
 	addrule2 $inchain	  -p 50	 $source -j ACCEPT
 	addrule2 $outchain	  -p 50	 $dest   -j ACCEPT

Shorewall/macro.BitTorrent

@@ -11,6 +11,7 @@
 PARAM	-	-	tcp	6881:6889
 #
 # It may also be necessary to allow UDP traffic:
-#PARAM	-	-	udp	6881
+#
+PARAM	-	-	udp	6881
 #
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/releasenotes.txt

@@ -52,7 +52,14 @@ Problems Corrected in 3.4.0 Beta 3
 
     The new error message is:
 
-        ERROR: Invalid DISPOSITION (ALOW:info) in rule "ALOW:info eth0 02:0C:03:04:05:06"
+        ERROR: Invalid DISPOSITION (ALOW:info) in rule "ALOW:info eth0
+        02:0C:03:04:05:06"
+
+Other Changes in 3.4.0 Beta 3
+
+1)  Previously, 'ipsecnat' tunnels allowed AH traffic by default
+    (unless 'isecnat:noah' was given). Given that AH is incompatible
+    with nat-traversal, 'ipsecnat' now implies 'ipsecnat:noah'.
 
 Migration Considerations:
 
@@ -126,6 +133,11 @@ Migration Considerations:
     /etc/shorewall-lite/shorewall-lite.conf. When you upgrade,
     your shorewall.conf file will be renamed shorewall-lite.conf.
 
+5)  Previously, 'ipsecnat' tunnels allowed AH traffic by default
+    (unless 'isecnat:noah' was given). Given that AH is incompatible
+    with nat-traversal, 'ipsecnat' now implies 'ipsecnat:noah' and the
+    latter is now redundant.
+
 New Features in Shorewall 3.4:
 
 1)  In order to accomodate small embedded applications, Shorewall 3.4