From cb64f41c6e9fcd71aee9193ac7d97a727981a3a5 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 11 May 2005 17:20:23 +0000 Subject: [PATCH] Clarify requirements for /etc/shorewall/ipsec; fix PKTTYPE Handling git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2104 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE2/changelog.txt | 4 ++++ STABLE2/firewall | 3 ++- STABLE2/ipsec | 7 ++++--- STABLE2/releasenotes.txt | 8 +++++++- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index 11288bc27..52958a7a5 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -1,3 +1,7 @@ +Changes in 2.2.5 + +1) Correct behavior of PKTTYPE=No + Changes in 2.2.4 1) Added support for UPnP diff --git a/STABLE2/firewall b/STABLE2/firewall index 66392de8d..744cc4a92 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -7461,6 +7461,8 @@ do_initialize() { [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable" fi + PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities + determine_capabilities [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall @@ -7580,7 +7582,6 @@ do_initialize() { DISABLE_IPV6=$(added_param_value_no DISABLE_IPV6 $DISABLE_IPV6) BRIDGING=$(added_param_value_no BRIDGING $BRIDGING) DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES) - PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED) RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES) DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD) diff --git a/STABLE2/ipsec b/STABLE2/ipsec index b6692d8fd..84e884edc 100644 --- a/STABLE2/ipsec +++ b/STABLE2/ipsec @@ -2,8 +2,9 @@ # Shorewall 2.2 - /etc/shorewall/ipsec # # This file defines the attributes of zones with respect to -# IPSEC. To use this file, you must be running a 2.6 kernel and -# both your kernel and iptables must include Policy Match Support. +# IPSEC. To use this file for any purpose except for setting mss, +# you must be running a 2.6 kernel and both your kernel and iptables +# must include Policy Match Support. # # The columns are: # @@ -26,7 +27,7 @@ # # proto=ah|esp|ipcomp # -# mss= (sets the MSS field in TCP packets) +# mss= (sets the MSS field in TCP packets) # # mode=transport|tunnel # diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index 19dc7e7d1..d60b6aab5 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -1,4 +1,10 @@ -Shorewall 2.2.4 +Shorewall 2.2.5 + +----------------------------------------------------------------------- +Problems corrected in version 2.2.5 + +1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would + still be used if the kernel supported it. ----------------------------------------------------------------------- Problems corrected in version 2.2.4