diff --git a/LrpN/sbin/shorewall b/LrpN/sbin/shorewall index 2043cd9d2..266d8be17 100755 --- a/LrpN/sbin/shorewall +++ b/LrpN/sbin/shorewall @@ -590,11 +590,11 @@ usage() # $1 = exit status { echo "Usage: $(basename $0) [debug|trace] [nolock] [-c ] [ -x ] [ -q ] [ -f ] " echo "where is one of:" - echo " add [:] " + echo " add [:{[:]|}[,...]] ... " echo " allow
..." echo " check [ ]" echo " clear" - echo " delete [:] " + echo " delete [:{[:]|}[,...]] ... " echo " drop
..." echo " forget [ ]" echo " help [ | host | address ]" diff --git a/LrpN/usr/share/shorewall/firewall b/LrpN/usr/share/shorewall/firewall index ab7dc9315..1aef6c7c7 100755 --- a/LrpN/usr/share/shorewall/firewall +++ b/LrpN/usr/share/shorewall/firewall @@ -1654,19 +1654,24 @@ setup_tunnels() # $1 = name of tunnels file setup_one_openvpn() # $1 = gateway, $2 = kind[:port] { + local protocol=udp + local p=5000 + case $2 in + *:*:*) + protocol=${2%:*} + protocol=${protocol#*:} + p=${2##*:} + ;; *:*) p=${2#*:} ;; - *) - p=5000 - ;; esac - addrule2 $inchain -p udp $(source_ip_range $1) --dport $p -j ACCEPT - addrule2 $outchain -p udp $(dest_ip_range $1) --dport $p -j ACCEPT + addrule2 $inchain -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT + addrule2 $outchain -p $protocol $(dest_ip_range $1) --dport $p -j ACCEPT - progress_message " OPENVPN tunnel to $1:$p defined." + progress_message " OPENVPN tunnel to $1:$protocol:$p defined." } setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone @@ -5680,7 +5685,7 @@ initialize_netfilter () { while read target ignore1 ignore2 address rest; do case $target in DROP|reject) - run_iptables2 -A dynamic $(source_ip_range $address) -j $target + run_iptables -A dynamic -s $address -j $target ;; *) ;; @@ -7172,7 +7177,7 @@ do_initialize() { ensure_config_path # # Determine the capabilities of the installed iptables/netfilter - # We load the kernel modules here to acuray determine + # We load the kernel modules here to accurately determine # capabilities when module autoloading isn't enabled. # diff --git a/LrpN/usr/share/shorewall/version b/LrpN/usr/share/shorewall/version index 3e2e9939a..17831900d 100644 --- a/LrpN/usr/share/shorewall/version +++ b/LrpN/usr/share/shorewall/version @@ -1 +1 @@ -2.2.0-Beta8 +2.2.0-RC1 diff --git a/Shorewall2/fallback.sh b/Shorewall2/fallback.sh index abe692da6..1df634cb0 100755 --- a/Shorewall2/fallback.sh +++ b/Shorewall2/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=2.2.0-Beta8 +VERSION=2.2.0-RC1 usage() # $1 = exit status { diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index bb92a6a62..0f7b44717 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA # -VERSION=2.2.0-Beta8 +VERSION=2.2.0-RC1 usage() # $1 = exit status { diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 55a136eaa..ae70bed58 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -838,3 +838,18 @@ New Features: openvpn:tcp net 1.2.3.4 # TCP tunnel on port 5000 openvpn:3344 net 1.2.3.4 # UDP on port 3344 openvpn:tcp:4455 net 1.2.3.4 # TCP on port 4455 + +38) A new 'ipsecvpn' script is included in the tarball and in the + RPM. The RPM installs the file in the Documentation directory + (/usr/share/doc/packages/shorewall-2.2.0-0RC1). + + This script is intended for use on Roadwarrior laptops for + establishing an IPSEC SA to/from remote networks. The script has + some limitations: + + - Only one instance of the script may be used at a time. + - Only the first SPD accessed will be instantiated at the remote + gateway. So while the script creates SPDs to/from the remote + gateway and each network listed in the NETWORKS setting at the + front of the script, only one of these may be used at a time. + diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index e6d59a818..e594c5887 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 2.2.0 -%define release 0Beta8 +%define release 0RC1 %define prefix /usr Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. @@ -134,9 +134,12 @@ fi %attr(0600,root,root) /usr/share/shorewall/bogons %attr(0600,root,root) /usr/share/shorewall/configpath -%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel +%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %changelog +* Sun Dec 19 2004 Tom Eastep tom@shorewall.net +- Updated to 2.2.0-0RC1 +- Added ipsecvpn file * Sat Dec 11 2004 Tom Eastep tom@shorewall.net - Updated to 2.2.0-0Beta8 * Mon Nov 29 2004 Tom Eastep tom@shorewall.net diff --git a/Shorewall2/uninstall.sh b/Shorewall2/uninstall.sh index e0db83b6d..f35f56876 100755 --- a/Shorewall2/uninstall.sh +++ b/Shorewall2/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=2.2.0-Beta8 +VERSION=2.2.0-RC1 usage() # $1 = exit status {