Merge branch '4.4.20'

2011-06-02 10:07:03 -07:00 · 2011-06-02 10:07:03 -07:00 · c3b56c1e73
commit c3b56c1e73
parent 1e883c2fdf 561d461a25
5 changed files with 16 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -1604,8 +1604,10 @@ sub process_secmark_rule() {
 		 O => 'tcout'   , );

    my %state = ( N =>  'NEW' ,
+		  NI => 'NEW,INVALID',
 		  E =>  'ESTABLISHED' ,
-		  ER => 'ESTABLISHED,RELATED' );
+		  ER => 'ESTABLISHED,RELATED',
+		);

    my ( $chain , $state, $rest) = split ':', $chainin , 3;

--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Final

 1)  Set /proc/sys/net/bridge/bridge_nf_call_ip6?tables.

+2)  Add 'NI' STATE in secmarks.
+
 Changes in Shorewall 4.4.20 RC 1

 1)  Update release documents.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -253,6 +253,9 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
    versions are available in the configfiles directory within the
    tarball.

+11) The STATE subcolumn of the secmarks file now allow the value 'NI'
+    which will match packets in either NEW or INVALID state.
+
 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------
--- a/manpages/shorewall-secmarks.xml
+++ b/manpages/shorewall-secmarks.xml
@ -90,7 +90,7 @@

      <varlistentry>
        <term><emphasis role="bold">CHAIN:STATE -
-        {P|I|F|O|T}[:{N|E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>

        <listitem>
          <para>This column determines the CHAIN where the SElinux context is
@ -109,12 +109,14 @@
          </simplelist>

          <para>It may be optionally followed by a colon and an indication of
-          the connection state(s) at which the context is to be
+          the Netfilter connection state(s) at which the context is to be
          applied:</para>

          <simplelist>
            <member>:N - NEW connection</member>

+            <member>:NI - NEW or INVALID connection</member>
+
            <member>:E - ESTABLISHED connection</member>

            <member>:ER - ESTABLISHED or RELATED connection</member>
--- a/manpages6/shorewall6-secmarks.xml
+++ b/manpages6/shorewall6-secmarks.xml
@ -90,7 +90,7 @@

      <varlistentry>
        <term><emphasis role="bold">CHAIN -
-        {P|I|F|O|T}[:{N|E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>

        <listitem>
          <simplelist>
@ -106,12 +106,14 @@
          </simplelist>

          <para>It may be optionally followed by a colon and an indication of
-          the connection state(s) at which the context is to be
+          the Netfilter connection state(s) at which the context is to be
          applied:</para>

          <simplelist>
            <member>:N - NEW connection</member>

+            <member>:NI - New or INVALID connection</member>
+
            <member>:E - ESTABLISHED connection</member>

            <member>:ER - ESTABLISHED or RELATED connection</member>