diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index f8cb72b6a..14b59bf50 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -1,5 +1,19 @@ Shorewall 4.3.3 +Notice: + +There are two incompatible changes in this release. + +1) Rather than square brackets ([]), addresses following an interface + name are now enclosed in angle brackets (<>). This change is made + to avoid confusion in the documentation with the meta characters + '[' and ']'. + +2) Only those macros that have different contents in IPv6 are now + included in /usr/share/shorewall6/. As a consequence, + /usr/share/shorewall must be added to your CONFIG_PATH in + /etc/shorewall6/shorewall6.conf. + ---------------------------------------------------------------------------- R E L E A S E 4 . 3 H I G H L I G H T S ---------------------------------------------------------------------------- @@ -98,10 +112,10 @@ New Features in Shorewall 4.3 f) When both an interface and an address or address list need to be specified in a rule, the address or list must be enclosed in - square brackets. Example: + angle brackets. Example: #ACTION SOURCE DEST - ACCEPT net:eth0:[2001:19f0:feee::dead:beef:cafe] dmz + ACCEPT net:eth0:<2001:19f0:feee::dead:beef:cafe> dmz Note that this includes MAC addresses as well as IPv6 addresses. @@ -109,13 +123,13 @@ New Features in Shorewall 4.3 convention: #ZONE HOSTS OPTIONS - chat6 eth0:[2001:19f0:feee::dead:beef:cafe] + chat6 eth0:<2001:19f0:feee::dead:beef:cafe> Even when an interface is not specified, it is permitted to - enclose addresses in [] to improve readability. Example: + enclose addresses in <> to improve readability. Example: #ACTION SOURCE DEST - ACCEPT net:[2001:1::1] $FW + ACCEPT net:<2001:1::1> $FW g) There are currently no Shorewall6 or Shorewall6-lite manpages. diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index b0eeadfca..d8ad01b2a 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -2008,11 +2008,11 @@ sub expand_rule( $$$$$$$$$$$ ) } else { $iiface = $source; } - } elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) { + } elsif ( $source =~ /^(.+?):<(.+)>\s*$/ ) { $iiface = $1; $inets = $2; } elsif ( $source =~ /:/ ) { - if ( $source =~ /^\[(.+)\]$/ ) { + if ( $source =~ /^<(.+)>$/ ) { $inets = $1; } else { $inets = $source; @@ -2095,11 +2095,11 @@ sub expand_rule( $$$$$$$$$$$ ) } else { $diface = $dest; } - } elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) { + } elsif ( $dest =~ /^(.+?):<(.+)>\s*$/ ) { $diface = $1; $dnets = $2; } elsif ( $dest =~ /:/ ) { - if ( $dest =~ /^\[(.+)\]$/ ) { + if ( $dest =~ /^<(.+)>$/ ) { $dnets = $1; } else { $dnets = $dest; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 832afc7de..db601cecd 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -128,7 +128,7 @@ sub process_tos() { if ( $family == F_IPV4 ) { ( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); fatal_error 'Invalid SOURCE' if defined $remainder; - } elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) { + } elsif ( $src =~ /^(.+?):<(.*)>\s*$/ ) { $srczone = $1; $source = $2; } else { diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index beca5b6e0..9b4f2f247 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -1022,7 +1022,7 @@ sub validate_hosts_file() fatal_error "Invalid HOST(S) column contents: $hosts"; } } else { - if ( $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]\s*$/ ) { + if ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>\s*$/ ) { $interface = $1; $hosts = $2; $zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;