From c334e921033116dc7d64f115b508ae0725885622 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 31 Oct 2003 15:29:30 +0000
Subject: [PATCH] Shorewall 1.4.8-RC1

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    |  3 +++
 Shorewall/fallback.sh      |  2 +-
 Shorewall/install.sh       |  2 +-
 Shorewall/releasenotes.txt | 34 ++++++++++++++++++++--------------
 Shorewall/shorewall.spec   |  6 ++++--
 Shorewall/uninstall.sh     |  2 +-
 6 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index bdcf83ed1..031d39f1c 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -30,3 +30,6 @@ Changes since 1.4.7
     lengthening the variable name.
 
 13) Applied and improved Eric Bowles's fix for route filtering.
+
+14) Corrected handling of /32 addresses with broadcast in maclist
+    processing.
diff --git a/Shorewall/fallback.sh b/Shorewall/fallback.sh
index d008a31e1..970d4c232 100755
--- a/Shorewall/fallback.sh
+++ b/Shorewall/fallback.sh
@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 9a2c1145a..23e7b0a13 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -54,7 +54,7 @@
 #        /etc/rc.d/rc.local file is modified to start the firewall.
 #
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index f200da0b8..c39c4fe90 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -46,13 +46,18 @@ Problems Corrected since version 1.4.7:
 
 9) Previously, neither the 'routefilter' interface option nor the
    ROUTE_FILTER parameter were working properly. This has been
-   corrected. The definition of the ROUTE_FILTER option has changed
-   however. Previously, ROUTE_FILTER=Yes was documented as enabling
-   route filtering on all interfaces (which didn't work). Beginning
-   with this release, setting ROUTE_FILTER=Yes will enable route
-   filtering of all interfaces brought up while Shorewall is
-   started. As a consequence, ROUTE_FILTER=Yes can coexist with the use
-   of the 'routefilter' option in the interfaces file.
+   corrected (thanks to Eric Bowles for his patch). The definition
+   of the ROUTE_FILTER option has changed however. Previously,
+   ROUTE_FILTER=Yes was documented as enabling route filtering on all
+   interfaces (which didn't work). Beginning with this release, setting
+   ROUTE_FILTER=Yes will enable route filtering of all interfaces
+   brought up while Shorewall is started. As a consequence,
+   ROUTE_FILTER=Yes can coexist with the use of the 'routefilter'
+   option in the interfaces file.
+
+10) If MAC verification was enabled on an interface that had a /32
+    address with a broadcast address then an error would occur during
+    startup.
 
 Migration Issues:
 
@@ -62,22 +67,23 @@ Migration Issues:
 New Features:
 
 1. A new QUEUE action has been introduced for rules. QUEUE allows you
-   to pass connection requests to a user-space filter such as p2pwall
-   (http://p2pwall.sourceforge.net).
+   to pass connection requests to a user-space filter such as ftwall
+   (http://p2pwall.sourceforge.net). The ftwall program allows for
+   effective filtering of p2p applications such as Kazaa.
 
-   For example, to use p2pwall to filter P2P applications, you would
-   add the following rules:
+   For example, to use ftwall to filter P2P clients in your 'loc' zone,
+   you would add the following rules:
 
    QUEUE   loc	     net	tcp
    QUEUE   loc	     net	udp
    QUEUE   loc	     fw		udp
 
-   You would normally want to place those two rules BEFORE any ACCEPT
-   rules for loc->net.
+   You would normally want to place those three rules BEFORE any ACCEPT
+   rules for loc->net or loc->fw udp or tcp.
 
    Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
    Shorewall will only pass connection requests (SYN packets) to user
-   space. This is for compatibility with p2pwall.
+   space. This is for compatibility with ftwall.
 
 2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
    this option is set to "Yes", the blacklists (dynamic and static)
diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec
index 4d4cac0b4..31d422e9e 100644
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@@ -1,6 +1,6 @@
 %define name shorewall
-%define version 1.4.7
-%define release 1
+%define version 1.4.8
+%define release 0RC1
 %define prefix /usr
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
@@ -108,6 +108,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Thu Oct 30 2003 Tom Eastep <tom@shorewall.net>
+- Changed version to 1.4.8-0RC1
 * Sat Oct 04 2003 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.4.7-1
 - Removed conflict with 2.2 Kernels
diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh
index ca54b3929..ba2d1add7 100755
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=1.4.7
+VERSION=1.4.8-RC1
 
 usage() # $1 = exit status
 {