From d31970936e8a4d1496dfdd7de7b72fd7a63eb7db Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 28 Aug 2003 18:19:15 +0000 Subject: [PATCH] Shorewall 1.4.6c plus Fix for IPV6 addresses and the 'ip' utility git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@736 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE/changelog.txt | 4 ++++ STABLE/fallback.sh | 2 +- STABLE/firewall | 6 +++--- STABLE/install.sh | 2 +- STABLE/releasenotes.txt | 10 ++++++++++ STABLE/shorewall.spec | 4 +++- STABLE/uninstall.sh | 2 +- 7 files changed, 23 insertions(+), 7 deletions(-) diff --git a/STABLE/changelog.txt b/STABLE/changelog.txt index e8e4a1b2d..89228dd62 100644 --- a/STABLE/changelog.txt +++ b/STABLE/changelog.txt @@ -60,3 +60,7 @@ Changes since 1.4.5 25. Disabled 'stop' command when startup is disabled. 26. Fixed adding addresses to ppp interfaces. + +27. Corrected IP range in masq entry WRT ADD_SNAT_ALIASES + +28. Fix IPV6 address confusion. diff --git a/STABLE/fallback.sh b/STABLE/fallback.sh index 14415556a..8d3be4783 100755 --- a/STABLE/fallback.sh +++ b/STABLE/fallback.sh @@ -28,7 +28,7 @@ # shown below. Simply run this script to revert to your prior version of # Shoreline Firewall. -VERSION=1.4.6b +VERSION=1.4.6c usage() # $1 = exit status { diff --git a/STABLE/firewall b/STABLE/firewall index 734c7e849..9a461021e 100755 --- a/STABLE/firewall +++ b/STABLE/firewall @@ -828,7 +828,7 @@ find_interface_address() # $1 = interface # # get the line of output containing the first IP address # - addr=`ip addr show $1 2> /dev/null | grep inet | head -n1` + addr=`ip -f inet addr show $1 2> /dev/null | grep inet | head -n1` # # If there wasn't one, bail out now # @@ -846,7 +846,7 @@ find_interface_address() # $1 = interface # find_interface_addresses() # $1 = interface { - ip addr show $1 | grep inet | sed 's/inet //;s/\/.*//;s/ peer.*//' + ip -f inet addr show $1 | grep inet | sed 's/inet //;s/\/.*//;s/ peer.*//' } # @@ -1360,7 +1360,7 @@ setup_mac_lists() { # for interface in $maclist_interfaces; do chain=`mac_chain $interface` - blob=`ip addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;'` + blob=`ip -f inet addr show $interface 2> /dev/null | grep inet | sed 's/inet //; s/brd //; s/scope.*//;'` [ -z "$blob" ] && \ fatal_error "Interface $interface must be up before Shorewall can start" diff --git a/STABLE/install.sh b/STABLE/install.sh index 48ac0c618..be2e9219f 100755 --- a/STABLE/install.sh +++ b/STABLE/install.sh @@ -54,7 +54,7 @@ # /etc/rc.d/rc.local file is modified to start the firewall. # -VERSION=1.4.6b +VERSION=1.4.6c usage() # $1 = exit status { diff --git a/STABLE/releasenotes.txt b/STABLE/releasenotes.txt index d9e5e6536..6409b1486 100644 --- a/STABLE/releasenotes.txt +++ b/STABLE/releasenotes.txt @@ -40,6 +40,16 @@ Problems Corrected: The firewall script has been modified to eliminate the error messages. +10) When ADD_SNAT_ALIASES=Yes in shorewall.conf, the following entry in + /etc/shorewall/masq resulted in a startup error: + + eth0 eth1 206.124.146.20-206.124.146.24 + +11) Shorewall previously choked over IPV6 addresses configured on + interfaces in contexts where Shorewall needed to detect something + about the interface (such as when "detect" appears in the BROADCAST + column of the /etc/shorewall/interfaces file). + Migration Issues: 1) In earlier versions, an undocumented feature allowed entries in diff --git a/STABLE/shorewall.spec b/STABLE/shorewall.spec index 9c6a31aac..98abc5ff7 100644 --- a/STABLE/shorewall.spec +++ b/STABLE/shorewall.spec @@ -1,5 +1,5 @@ %define name shorewall -%define version 1.4.6b +%define version 1.4.6c %define release 1 %define prefix /usr @@ -105,6 +105,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel %changelog +* Wed Aug 27 2003 Tom Eastep +- Changed version to 1.4.6c-1 * Fri Aug 01 2003 Tom Eastep - Changed version to 1.4.6b-1 * Tue Jul 22 2003 Tom Eastep diff --git a/STABLE/uninstall.sh b/STABLE/uninstall.sh index cd6248711..b9c23a243 100755 --- a/STABLE/uninstall.sh +++ b/STABLE/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Seattle Firewall -VERSION=1.4.6b +VERSION=1.4.6c usage() # $1 = exit status {