From a0b16e28037fb99c10a7c54f0062a7612d21c4c6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Apr 2011 06:56:17 -0700 Subject: [PATCH 01/14] Delete duplicate rule Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 1 - 1 file changed, 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 2b220015e..51ebfc27a 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1907,7 +1907,6 @@ EOF process_routestopped; - add_rule $input, '-i lo -j ACCEPT'; add_rule $input, '-i lo -j ACCEPT'; add_rule $output, '-o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED}; From 16276b99002b05cc59bc74bd1c449d455b95ab42 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Apr 2011 13:53:18 -0700 Subject: [PATCH 02/14] Don't assume that all nexthop routes are default routes --- Shorewall/Perl/Shorewall/Providers.pm | 2 +- Shorewall/Perl/prog.header | 11 +++++++++++ Shorewall/Perl/prog.header6 | 11 +++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 72407177a..f9567c05c 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -730,7 +730,7 @@ sub start_providers() { emit ( '#', '# Capture the default route(s) if we don\'t have it (them) already.', '#', - '[ -f ${VARDIR}/default_route ] || $IP -' . $family . ' route list | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route', + "[ -f \${VARDIR}/default_route ] || \$IP -$family route ls | save_default_route > \${VARDIR}/default_route", '#', '# Initialize the file that holds \'undo\' commands', '#', diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 7461fa468..3c37d43a6 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -504,6 +504,17 @@ undo_routing() { } +# +# Save the default route +# +save_default_route() { + awk \ + 'BEGIN {default=0;}; \ + /^default / {default=1; print; next}; \ + /nexthop/ {if (default == 1 ) {print ; next} }; \ + { default=0; };' +} + # # Restore the default route that was in place before the initial 'shorewall start' # diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index 588fd89b8..e708e88d4 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -492,6 +492,17 @@ undo_routing() { } +# +# Save the default route +# +save_default_route() { + awk \ + 'BEGIN {default=0;}; \ + /^default / {default=1; print; next}; \ + /nexthop/ {if (default == 1 ) {print ; next} }; \ + { default=0; };' +} + # # Restore the default route that was in place before the initial 'shorewall start' # From 9008cd960c8565b84df79310163768d3482e7a1e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Apr 2011 17:01:22 -0700 Subject: [PATCH 03/14] Fix a silly masq bug --- Shorewall/Perl/Shorewall/Nat.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index de0da9ec8..c009eaad8 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -207,7 +207,7 @@ sub process_one_masq( ) } else { my $ports = $addr; $ports =~ s/^://; - $ports =~ s/:/-/; + $ports =~ s/-/:/; validate_portpair( $proto, $ports ); $addrlist .= "--to-ports $ports "; $exceptionrule = do_proto( $proto, '', '' ); From 9a8f411531f71998616052a8e2b0d402595a0929 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Apr 2011 17:22:07 -0700 Subject: [PATCH 04/14] Update version to 4.4.19.1 and document corrected problems --- Shorewall-init/install.sh | 2 +- Shorewall-init/shorewall-init.spec | 4 +++- Shorewall-init/uninstall.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +++- Shorewall-lite/uninstall.sh | 2 +- Shorewall/Perl/Shorewall/Config.pm | 2 +- Shorewall/changelog.txt | 8 ++++++++ Shorewall/install.sh | 2 +- Shorewall/known_problems.txt | 19 +++++++++++++++++++ Shorewall/releasenotes.txt | 18 +++++++++++++++++- Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- Shorewall6-lite/install.sh | 2 +- Shorewall6-lite/shorewall6-lite.spec | 4 +++- Shorewall6-lite/uninstall.sh | 2 +- Shorewall6/install.sh | 2 +- Shorewall6/shorewall6.spec | 4 +++- Shorewall6/uninstall.sh | 2 +- 19 files changed, 70 insertions(+), 17 deletions(-) diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh index 618c6d947..c7f8fec71 100755 --- a/Shorewall-init/install.sh +++ b/Shorewall-init/install.sh @@ -23,7 +23,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall-init/shorewall-init.spec b/Shorewall-init/shorewall-init.spec index bdd509484..85377da49 100644 --- a/Shorewall-init/shorewall-init.spec +++ b/Shorewall-init/shorewall-init.spec @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.4.19 -%define release 0base +%define release 1 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -119,6 +119,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Wed Apr 13 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh index f9f22d67c..19eabc8bc 100755 --- a/Shorewall-init/uninstall.sh +++ b/Shorewall-init/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index f7dfa41e2..111353aa7 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index bd270a11f..529d51c30 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.4.19 -%define release 0base +%define release 1 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Name: %{name} @@ -103,6 +103,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Wed Apr 13 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 755ea78c4..0ef3fa640 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 4a7b8efb7..10a15e6dc 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -411,7 +411,7 @@ sub initialize( $ ) { EXPORT => 0, STATEMATCH => '-m state --state', UNTRACKED => 0, - VERSION => "4.4.19", + VERSION => "4.4.19.1", CAPVERSION => 40417 , ); # diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 761b27a49..4daa24ebf 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,11 @@ +Changes in Shorewall 4.4.19.1 + +1) Eliminate silly duplicate rule when stopped. + +2) Don't believe that all nexthop routes are default routes. + +3) Restore :- in masq file. + Changes in Shorewall 4.4.19 Final 1) Update release documents. diff --git a/Shorewall/install.sh b/Shorewall/install.sh index bf7bd17e8..c7f0aa5d5 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index e521b4c56..9f103a1ec 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -1,3 +1,22 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. + Corrected in Shorewall 4.4.19.1 + +2) There is a harmless duplicate ACCEPT rule in the INPUT filter chain + when the firewall is stopped. + + Corrected in Shorewall 4.4.19.1 + +3) Shorewall interprets all 'nexthop' routes as default routes when + analyzing the pre-start routing configuration. This can lead to + unwanted default routes when the firewall was started or stopped. + + Corrected in Shorewall 4.4.19.1 + +3) A defect introduced in Shorewall 4.4.17 broke the ability to + specify ':-' in the ADDRESS column of + /etc/shorewall/masq. + + Corrected in Shorewall 4.4.19.1 + diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 3021c65f5..0088b18ef 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 4 . 1 9 + S H O R E W A L L 4 . 4 . 1 9 . 1 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,22 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.4.19.1 + +1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when + the firewall is stopped. + +2) Shorewall previously interpreted all 'nexthop' routes as default + routes when analyzing the pre-start routing configuration. This + could lead to unwanted default routes when the firewall was started + or stopped. + +3) A defect introduced in Shorewall 4.4.17 broke the ability to + specify ':-' in the ADDRESS column of + /etc/shorewall/masq. + +4.4.19 + 1) Corrected a problem in optimize level 4 that resulted in the following compile-time failure. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 44803ae9f..822626eb6 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 4.4.19 -%define release 0base +%define release 1 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -109,6 +109,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Wed Apr 13 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index cabe7b382..73303df09 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index fff6b9367..dbae1dc99 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index a2501be95..01ebe6ce7 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -1,6 +1,6 @@ %define name shorewall6-lite %define version 4.4.19 -%define release 0base +%define release 1 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -94,6 +94,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Wed Apr 13 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh index 21c27d693..fbcd2a3a7 100755 --- a/Shorewall6-lite/uninstall.sh +++ b/Shorewall6-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 0802eaa85..983ff8e81 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec index a530beff0..d7b1c5f3f 100644 --- a/Shorewall6/shorewall6.spec +++ b/Shorewall6/shorewall6.spec @@ -1,6 +1,6 @@ %define name shorewall6 %define version 4.4.19 -%define release 0base +%define release 1 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -98,6 +98,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %changelog +* Wed Apr 13 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-0base * Sun Apr 03 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh index 6ee42606a..4b6f6c191 100755 --- a/Shorewall6/uninstall.sh +++ b/Shorewall6/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19 +VERSION=4.4.19.1 usage() # $1 = exit status { From 96af7bfed6ad5042e816f9663e3e01f492760e76 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 13 Apr 2011 17:56:15 -0700 Subject: [PATCH 05/14] Fix the prior commit --- Shorewall/Perl/Shorewall/Nat.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index c009eaad8..ce1456313 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -207,8 +207,9 @@ sub process_one_masq( ) } else { my $ports = $addr; $ports =~ s/^://; - $ports =~ s/-/:/; - validate_portpair( $proto, $ports ); + my $portrange = $ports; + $portrange =~ s/-/:/; + validate_portpair( $proto, $portrange ); $addrlist .= "--to-ports $ports "; $exceptionrule = do_proto( $proto, '', '' ); } From 4a060a318645f55f39111309c996574e3c32d8b7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Apr 2011 12:17:46 -0700 Subject: [PATCH 06/14] Correct default route save/restore Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 2 +- Shorewall/Perl/Shorewall/Providers.pm | 16 ++++++--- Shorewall/Perl/prog.header | 51 ++++++++++++++++----------- Shorewall/Perl/prog.header6 | 37 ++++++++++++------- 4 files changed, 69 insertions(+), 37 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 51ebfc27a..8bd3f2cdb 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1887,7 +1887,7 @@ EOF emit 'delete_tc1' if $config{CLEAR_TC}; emit( 'undo_routing', - 'restore_default_route' + "restore_default_route $config{USE_DEFAULT_RT}" ); my @chains = $config{ADMINISABSENTMINDED} ? qw/INPUT FORWARD/ : qw/INPUT OUTPUT FORWARD/; diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index f9567c05c..e30110801 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -758,13 +758,21 @@ sub finish_providers() { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - emit ( " qt \$IP -$family route del default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT}; + + if ( $config{USE_DEFAULT_RT} ) { + emit ( " while qt \$IP -$family route del default table " . MAIN_TABLE . '; do', + ' true', + ' done', + '' + ); + } + emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"' ); if ( $config{RESTORE_DEFAULT_ROUTE} ) { - emit ' restore_default_route && error_message "NOTICE: Default route restored"' + emit qq( restore_default_route $config{USE_DEFAULT_RT} && error_message "NOTICE: Default route restored") } else { emit qq( qt \$IP -$family route del default table $table && error_message "WARNING: Default route deleted from table $table"); } @@ -775,7 +783,7 @@ sub finish_providers() { emit ( '#', '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', '#', - 'restore_default_route' , + "restore_default_route $config{USE_DEFAULT_RT}" , '' ); } @@ -871,7 +879,7 @@ sub setup_providers() { push_indent; emit "\nundo_routing"; - emit 'restore_default_route'; + emit "restore_default_route $config{USE_DEFAULT_RT}"; if ( $config{NULL_ROUTE_RFC1918} ) { emit ( '#', diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 3c37d43a6..817d5206f 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -518,7 +518,27 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() { + if [ -n "$default_route" ]; then + case "$default_route" in + *metric*) + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + default_route= + ;; + *) + qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + result=0 + default_route= + ;; + esac + fi +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then @@ -530,25 +550,7 @@ restore_default_route() { while read route ; do case $route in default*) - if [ -n "$default_route" ]; then - case "$default_route" in - *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -4 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" - ;; - *) - qt $IP -4 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" - ;; - esac - - break - fi - + replace_default_route $1 default_route="$default_route $route" ;; *) @@ -557,6 +559,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + replace_default_route $1 + + if [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -4 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index e708e88d4..f8f0d71ee 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -506,7 +506,14 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() { + qt $IP -6 route replace $default_route && \ + result=0 && \ + progress_message "Default Route (${default_route# }) restored" +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then @@ -517,24 +524,21 @@ restore_default_route() { while read route ; do case $route in - default) + default*) if [ -n "$default_route" ]; then case "$default_route" in *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -6 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && replace_default_route + default_route= ;; *) - qt $IP -6 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" + replace_default_route + default_route= ;; esac - - break fi default_route="$default_route $route" @@ -545,6 +549,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + if [ -n "$default_route" ]; then + replace_default_route + elif [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -6 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi From dff405683cce949b2cdb59fabb34b36d169ecf3d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Apr 2011 12:25:33 -0700 Subject: [PATCH 07/14] Correct default route save/restore Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Misc.pm | 2 +- Shorewall/Perl/Shorewall/Providers.pm | 16 ++++++-- Shorewall/Perl/prog.header | 57 ++++++++++++++++---------- Shorewall/Perl/prog.header6 | 59 +++++++++++++++++---------- 4 files changed, 86 insertions(+), 48 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 51ebfc27a..8bd3f2cdb 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1887,7 +1887,7 @@ EOF emit 'delete_tc1' if $config{CLEAR_TC}; emit( 'undo_routing', - 'restore_default_route' + "restore_default_route $config{USE_DEFAULT_RT}" ); my @chains = $config{ADMINISABSENTMINDED} ? qw/INPUT FORWARD/ : qw/INPUT OUTPUT FORWARD/; diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index f9567c05c..e30110801 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -758,13 +758,21 @@ sub finish_providers() { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - emit ( " qt \$IP -$family route del default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT}; + + if ( $config{USE_DEFAULT_RT} ) { + emit ( " while qt \$IP -$family route del default table " . MAIN_TABLE . '; do', + ' true', + ' done', + '' + ); + } + emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"' ); if ( $config{RESTORE_DEFAULT_ROUTE} ) { - emit ' restore_default_route && error_message "NOTICE: Default route restored"' + emit qq( restore_default_route $config{USE_DEFAULT_RT} && error_message "NOTICE: Default route restored") } else { emit qq( qt \$IP -$family route del default table $table && error_message "WARNING: Default route deleted from table $table"); } @@ -775,7 +783,7 @@ sub finish_providers() { emit ( '#', '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', '#', - 'restore_default_route' , + "restore_default_route $config{USE_DEFAULT_RT}" , '' ); } @@ -871,7 +879,7 @@ sub setup_providers() { push_indent; emit "\nundo_routing"; - emit 'restore_default_route'; + emit "restore_default_route $config{USE_DEFAULT_RT}"; if ( $config{NULL_ROUTE_RFC1918} ) { emit ( '#', diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 3c37d43a6..1bffd1b86 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -518,37 +518,43 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() # $1 = USE_DEFAULT_RT +{ + # + # default_route and result are inherited from the caller + # + if [ -n "$default_route" ]; then + case "$default_route" in + *metric*) + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + default_route= + ;; + *) + qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + result=0 + default_route= + ;; + esac + fi +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result + result=1 if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then local default_route default_route= local route - result=1 while read route ; do case $route in default*) - if [ -n "$default_route" ]; then - case "$default_route" in - *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -4 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" - ;; - *) - qt $IP -4 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" - ;; - esac - - break - fi - + replace_default_route $1 default_route="$default_route $route" ;; *) @@ -557,6 +563,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + replace_default_route $1 + + if [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -4 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index e708e88d4..4caa49b3b 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -506,37 +506,43 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() # $1 = USE_DEFAULT_RT +{ + # + # default_route and result are inherited from the caller + # + if [ -n "$default_route" ]; then + case "$default_route" in + *metric*) + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && qt $IP -6 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + default_route= + ;; + *) + qt $IP -6 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + result=0 + default_route= + ;; + esac + fi +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result + result=1 if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then local default_route default_route= local route - result=1 while read route ; do case $route in - default) - if [ -n "$default_route" ]; then - case "$default_route" in - *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -6 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" - ;; - *) - qt $IP -6 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" - ;; - esac - - break - fi - + default*) + replace_default_route $1 default_route="$default_route $route" ;; *) @@ -545,6 +551,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + replace_default_route $1 + + if [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -6 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi From 4c1fbb67e4388448bd453b284c45a410a12de755 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Apr 2011 15:20:15 -0700 Subject: [PATCH 08/14] Update release documents --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 22 ++++++++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 4daa24ebf..1a8fe3ea6 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -6,6 +6,8 @@ Changes in Shorewall 4.4.19.1 3) Restore :- in masq file. +4) Correct default route safe/restore. + Changes in Shorewall 4.4.19 Final 1) Update release documents. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 0088b18ef..a54de0738 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -18,15 +18,25 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES 1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when the firewall is stopped. -2) Shorewall previously interpreted all 'nexthop' routes as default - routes when analyzing the pre-start routing configuration. This - could lead to unwanted default routes when the firewall was started - or stopped. - -3) A defect introduced in Shorewall 4.4.17 broke the ability to +2) A defect introduced in Shorewall 4.4.17 broke the ability to specify ':-' in the ADDRESS column of /etc/shorewall/masq. +3) Several long-standing defects having to do with default route + save/restore have been corrected in the Multi-ISP implementation. + + a) Shorewall previously interpreted all 'nexthop' routes as + default routes when analyzing the pre-start routing + configuration. This could lead to unwanted default routes when + the firewall was started or stopped. + + b) The default route with metric 0 was usually not restored + during 'stop' processing. + + c) If there were multiple default routes in the main table prior + to 'shorewall start' and USE_DEFAULT_RT was set, only the + first one with metric 0 was deleted. + 4.4.19 1) Corrected a problem in optimize level 4 that resulted in the From f2acf4bfe578138a5c5fa8bc4862c3e8c5c87144 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Apr 2011 16:55:56 -0700 Subject: [PATCH 09/14] Fix install.sh bug --- Shorewall/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index c7f0aa5d5..50da065a4 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -331,7 +331,7 @@ delete_file ${DESTDIR}/usr/share/shorewall/prog.footer # Install wait4ifup # -install_file wait4ifup ${DESTDIR}/usr/share/shorewall/wait4ifup 0755 +install_file wait4ifup ${DESTDIR}/usr/share/${LIBEXEC}/wait4ifup 0755 echo echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall/wait4ifup" From 0b18c37a9182d242579a657c16c9a050bd9ef768 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Apr 2011 17:00:35 -0700 Subject: [PATCH 10/14] Fix install.sh bug --- Shorewall/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 50da065a4..111ebee5f 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -331,7 +331,7 @@ delete_file ${DESTDIR}/usr/share/shorewall/prog.footer # Install wait4ifup # -install_file wait4ifup ${DESTDIR}/usr/share/${LIBEXEC}/wait4ifup 0755 +install_file wait4ifup ${DESTDIR}/usr/${LIBEXEC}/shorewall/wait4ifup 0755 echo echo "wait4ifup installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall/wait4ifup" From d42a65fd1132525f19dd537504dd7b48ee4365d3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 15 Apr 2011 07:09:34 -0700 Subject: [PATCH 11/14] Correct one more default route save/restore defect Signed-off-by: Tom Eastep --- Shorewall/Perl/prog.header | 9 +++++++-- Shorewall/Perl/prog.header6 | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 1bffd1b86..3705c3f83 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -567,9 +567,14 @@ restore_default_route() # $1 = USE_DEFAULT_RT if [ $result = 1 ]; then # - # We added a default route with metric 0 but there wasn't one previously + # We didn't restore a default route with metric 0 # - qt -4 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + if $IP -4 -o route ls 2> /dev/null | fgrep default | fgrep -qv metric; then + # + # But we added a default route with metric 0 + # + qt $IP -4 route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi fi rm -f ${VARDIR}/default_route diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index 4caa49b3b..26f1092de 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -555,9 +555,14 @@ restore_default_route() # $1 = USE_DEFAULT_RT if [ $result = 1 ]; then # - # We added a default route with metric 0 but there wasn't one previously + # We didn't restore a default route with metric 0 # - qt -6 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + if $IP -6 -o route ls 2> /dev/null | fgrep default | fgrep -qv metric; then + # + # But we added a default route with metric 0 + # + qt $IP -6 route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi fi rm -f ${VARDIR}/default_route From 5126c439a4dc3ec87dc3d1c31fca5c9b4bb4afa1 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 15 Apr 2011 11:06:45 -0700 Subject: [PATCH 12/14] Fix a progress message in the installer. Signed-off-by: Tom Eastep --- Shorewall/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 111ebee5f..6366570da 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -827,7 +827,7 @@ cd Perl install_file compiler.pl ${DESTDIR}/usr/${LIBEXEC}/shorewall/compiler.pl 0755 echo -echo "Compiler installed in ${DESTDIR}/usr/share/shorewall/compiler.pl" +echo "Compiler installed in ${DESTDIR}/usr/${LIBEXEC}/shorewall/compiler.pl" # # Install the params file helper # From 4f5970b5f225ee2c02f14667078e9edbf9ba96be Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 15 Apr 2011 11:15:32 -0700 Subject: [PATCH 13/14] Use 'ip route list' rather than 'ip route ls' for busybox compatability Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 2 +- Shorewall/Perl/prog.header | 2 +- Shorewall/Perl/prog.header6 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index e30110801..759c5f7bb 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -730,7 +730,7 @@ sub start_providers() { emit ( '#', '# Capture the default route(s) if we don\'t have it (them) already.', '#', - "[ -f \${VARDIR}/default_route ] || \$IP -$family route ls | save_default_route > \${VARDIR}/default_route", + "[ -f \${VARDIR}/default_route ] || \$IP -$family route list | save_default_route > \${VARDIR}/default_route", '#', '# Initialize the file that holds \'undo\' commands', '#', diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 3705c3f83..425b7c546 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -569,7 +569,7 @@ restore_default_route() # $1 = USE_DEFAULT_RT # # We didn't restore a default route with metric 0 # - if $IP -4 -o route ls 2> /dev/null | fgrep default | fgrep -qv metric; then + if $IP -4 -o route list 2> /dev/null | fgrep default | fgrep -qv metric; then # # But we added a default route with metric 0 # diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index 26f1092de..8cf782756 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -557,7 +557,7 @@ restore_default_route() # $1 = USE_DEFAULT_RT # # We didn't restore a default route with metric 0 # - if $IP -6 -o route ls 2> /dev/null | fgrep default | fgrep -qv metric; then + if $IP -6 -o route list 2> /dev/null | fgrep default | fgrep -qv metric; then # # But we added a default route with metric 0 # From bcb1aede204e5af9d971b0f23105c3d1f3ad5675 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 16 Apr 2011 11:28:44 -0700 Subject: [PATCH 14/14] Prepare for 4.4.19.2 --- Shorewall-init/install.sh | 2 +- Shorewall-init/shorewall-init.spec | 4 +++- Shorewall-init/uninstall.sh | 2 +- Shorewall-lite/install.sh | 2 +- Shorewall-lite/shorewall-lite.spec | 4 +++- Shorewall-lite/uninstall.sh | 2 +- Shorewall/Perl/Shorewall/Config.pm | 2 +- Shorewall/changelog.txt | 4 ++++ Shorewall/install.sh | 2 +- Shorewall/releasenotes.txt | 6 +++++- Shorewall/shorewall.spec | 4 +++- Shorewall/uninstall.sh | 2 +- Shorewall6-lite/install.sh | 2 +- Shorewall6-lite/shorewall6-lite.spec | 4 +++- Shorewall6-lite/uninstall.sh | 2 +- Shorewall6/install.sh | 2 +- Shorewall6/shorewall6.spec | 4 +++- Shorewall6/uninstall.sh | 2 +- 18 files changed, 35 insertions(+), 17 deletions(-) diff --git a/Shorewall-init/install.sh b/Shorewall-init/install.sh index c7f8fec71..2f573b39c 100755 --- a/Shorewall-init/install.sh +++ b/Shorewall-init/install.sh @@ -23,7 +23,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall-init/shorewall-init.spec b/Shorewall-init/shorewall-init.spec index 85377da49..7d5c11bdc 100644 --- a/Shorewall-init/shorewall-init.spec +++ b/Shorewall-init/shorewall-init.spec @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.4.19 -%define release 1 +%define release 2 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -119,6 +119,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Apr 16 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall-init/uninstall.sh b/Shorewall-init/uninstall.sh index 19eabc8bc..3aece0ee8 100755 --- a/Shorewall-init/uninstall.sh +++ b/Shorewall-init/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 111353aa7..f60cae64d 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index 529d51c30..7c294fb23 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.4.19 -%define release 1 +%define release 2 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Name: %{name} @@ -103,6 +103,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Apr 16 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 0ef3fa640..ba4b027ac 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 10a15e6dc..ef3d03b12 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -411,7 +411,7 @@ sub initialize( $ ) { EXPORT => 0, STATEMATCH => '-m state --state', UNTRACKED => 0, - VERSION => "4.4.19.1", + VERSION => "4.4.19.2", CAPVERSION => 40417 , ); # diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 1a8fe3ea6..48c1896ac 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,7 @@ +Changes in Shorewall 4.4.19.2 + +None. + Changes in Shorewall 4.4.19.1 1) Eliminate silly duplicate rule when stopped. diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 6366570da..e398469ca 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index a54de0738..769f392fb 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 4 . 1 9 . 1 + S H O R E W A L L 4 . 4 . 1 9 . 2 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,10 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.4.19.2 + +None. + 4.4.19.1 1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 822626eb6..67111feb4 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -1,6 +1,6 @@ %define name shorewall %define version 4.4.19 -%define release 1 +%define release 2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -109,6 +109,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Sat Apr 16 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index 73303df09..0f2d287c1 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh index dbae1dc99..f74a3180d 100755 --- a/Shorewall6-lite/install.sh +++ b/Shorewall6-lite/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec index 01ebe6ce7..4f00a484a 100644 --- a/Shorewall6-lite/shorewall6-lite.spec +++ b/Shorewall6-lite/shorewall6-lite.spec @@ -1,6 +1,6 @@ %define name shorewall6-lite %define version 4.4.19 -%define release 1 +%define release 2 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -94,6 +94,8 @@ fi %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Apr 16 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall6-lite/uninstall.sh b/Shorewall6-lite/uninstall.sh index fbcd2a3a7..aa68dd84c 100755 --- a/Shorewall6-lite/uninstall.sh +++ b/Shorewall6-lite/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index 983ff8e81..43564dd44 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status { diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec index d7b1c5f3f..ddb9c4e1f 100644 --- a/Shorewall6/shorewall6.spec +++ b/Shorewall6/shorewall6.spec @@ -1,6 +1,6 @@ %define name shorewall6 %define version 4.4.19 -%define release 1 +%define release 2 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Name: %{name} @@ -98,6 +98,8 @@ fi %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %changelog +* Sat Apr 16 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-1 * Sat Apr 09 2011 Tom Eastep tom@shorewall.net diff --git a/Shorewall6/uninstall.sh b/Shorewall6/uninstall.sh index 4b6f6c191..4a4eb6e45 100755 --- a/Shorewall6/uninstall.sh +++ b/Shorewall6/uninstall.sh @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.1 +VERSION=4.4.19.2 usage() # $1 = exit status {