Shorewall 2.2.0-RC1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1837 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-12-19 16:52:13 +00:00 · 2004-12-19 16:52:13 +00:00 · b6707db7f4
commit b6707db7f4
parent 34e57d0973
8 changed files with 39 additions and 16 deletions
--- a/LrpN/sbin/shorewall
+++ b/LrpN/sbin/shorewall
@ -590,11 +590,11 @@ usage() # $1 = exit status
 {
    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] [ -q ] [ -f ] <command>"
    echo "where <command> is one of:"
-    echo "   add <interface>[:<host>] <zone>"
+    echo "   add <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>"
    echo "   allow <address> ..."
    echo "   check [ <directory> ]"
    echo "   clear"
-    echo "   delete <interface>[:<host>] <zone>"
+    echo "   delete <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>"
    echo "   drop <address> ..."
    echo "   forget [ <file name> ]"
    echo "   help [ <command > | host | address ]"
--- a/LrpN/usr/share/shorewall/firewall
+++ b/LrpN/usr/share/shorewall/firewall
@ -1654,19 +1654,24 @@ setup_tunnels() # $1 = name of tunnels file
    setup_one_openvpn() # $1 = gateway, $2 = kind[:port]
    {
 	local protocol=udp
 	local p=5000
 	case $2 in
 	    *:*:*)
 		protocol=${2%:*}
 		protocol=${protocol#*:}
 		p=${2##*:}
 		;;
 	    *:*)
 		p=${2#*:}
 		;;
 	    *)
 		p=5000
 		;;
 	esac
-	addrule2 $inchain  -p udp $(source_ip_range $1) --dport $p -j ACCEPT
+	addrule2 $inchain  -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
-	addrule2 $outchain -p udp $(dest_ip_range $1)   --dport $p -j ACCEPT
+	addrule2 $outchain -p $protocol $(dest_ip_range $1)   --dport $p -j ACCEPT
-	progress_message "   OPENVPN tunnel to $1:$p defined."
+	progress_message "   OPENVPN tunnel to $1:$protocol:$p defined."
    }
    setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone
@ -5680,7 +5685,7 @@ initialize_netfilter () {
 	    while read target ignore1 ignore2 address rest; do
 		case $target in
 		    DROP|reject)
-			run_iptables2 -A dynamic $(source_ip_range $address) -j $target
+			run_iptables -A dynamic -s $address -j $target
 			;;
 		    *)
 			;;
@ -7172,7 +7177,7 @@ do_initialize() {
    ensure_config_path
    #
    # Determine the capabilities of the installed iptables/netfilter
-    # We load the kernel modules here to acuray determine 
+    # We load the kernel modules here to accurately determine 
    # capabilities when module autoloading isn't enabled.
    #
--- a/LrpN/usr/share/shorewall/version
+++ b/LrpN/usr/share/shorewall/version
@ -1 +1 @@
-2.2.0-Beta8
+2.2.0-RC1
--- a/Shorewall2/fallback.sh
+++ b/Shorewall2/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=2.2.0-Beta8
+VERSION=2.2.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall2/install.sh
+++ b/Shorewall2/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
 #
-VERSION=2.2.0-Beta8
+VERSION=2.2.0-RC1
 usage() # $1 = exit status
 {
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -838,3 +838,18 @@ New Features:
 	openvpn:tcp		net	1.2.3.4 # TCP tunnel on port 5000
 	openvpn:3344		net	1.2.3.4 # UDP on port 3344
 	openvpn:tcp:4455	net	1.2.3.4	# TCP on port 4455
 38) A new 'ipsecvpn' script is included in the tarball and in the
    RPM. The RPM installs the file in the Documentation directory
    (/usr/share/doc/packages/shorewall-2.2.0-0RC1).
    This script is intended for use on Roadwarrior laptops for
    establishing an IPSEC SA to/from remote networks. The script has
    some limitations:
    - Only one instance of the script may be used at a time.
    - Only the first SPD accessed will be instantiated at the remote
      gateway. So while the script creates SPDs to/from the remote
      gateway and each network listed in the NETWORKS setting at the
      front of the script, only one of these may be used at a time.
--- a/Shorewall2/shorewall.spec
+++ b/Shorewall2/shorewall.spec
@ -1,6 +1,6 @@
 %define name shorewall
 %define version 2.2.0
-%define release 0Beta8
+%define release 0RC1
 %define prefix /usr
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@ -134,9 +134,12 @@ fi
 %attr(0600,root,root) /usr/share/shorewall/bogons
 %attr(0600,root,root) /usr/share/shorewall/configpath
-%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
+%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
 %changelog
 * Sun Dec 19 2004 Tom Eastep tom@shorewall.net
 - Updated to 2.2.0-0RC1
 - Added ipsecvpn file
 * Sat Dec 11 2004 Tom Eastep tom@shorewall.net
 - Updated to 2.2.0-0Beta8
 * Mon Nov 29 2004 Tom Eastep tom@shorewall.net
--- a/Shorewall2/uninstall.sh
+++ b/Shorewall2/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
-VERSION=2.2.0-Beta8
+VERSION=2.2.0-RC1
 usage() # $1 = exit status
 {