Open 4.4.0.2; fix MULTICAST=Yes and ACCEPT policies

2009-08-28 15:25:43 -07:00 · 2009-08-28 15:25:43 -07:00 · de54c54ada
commit de54c54ada
parent 08fd1b5132
20 changed files with 37 additions and 33 deletions
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 1
+%define release 2
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -98,6 +98,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-1
 * Mon Aug 03 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -327,7 +327,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.0.1",
+		    VERSION => "4.4.0.2",
 		    CAPVERSION => 40310 ,
 		  );
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@ -356,7 +356,7 @@ sub policy_rules( $$$$$ ) {
    my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
    unless ( $target eq 'NONE' ) {
-	add_rule $chainref, "-d 224.0.0.0/24 -j RETURN" if $dropmulticast && $target ne 'CONTINUE';
+	add_rule $chainref, "-d 224.0.0.0/24 -j RETURN" if $dropmulticast && $target ne 'CONTINUE' && $target ne 'ACCEPT';
 	add_rule $chainref, "-j $default" if $default && $default ne 'none';
 	log_rule $loglevel , $chainref , $target , '' if $loglevel ne '';
 	fatal_error "Null target in policy_rules()" unless $target;
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,4 +1,8 @@
 Changes in Shorewall 4.4.0.2
 1)  Fix MULTICAST=Yes and ACCEPT policy.
 Changes in Shorewall 4.4.0.1
 1)  Updated release versions.
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@ -1,16 +1 @@
-1)  If ULOG is specified as the LOG LEVEL in the all->all policy, the
+There are no known problems in Shorewall version 4.4.0.2
    rules at the end of the INPUT and OUTPUT chains still use the
    LOG target rather than ULOG.
    You can work around this problem by adding two additional policies
    before the all->all one:
    	   all 		$FW	DROP	ULOG
 	   $FW		all	REJECT	ULOG
    This problem was corrected in Shorewall 4.4.0.1.
 2)  Use of CONTINUE policies with a nested IPSEC zone was broken in
    some cases.
    This problem was corrected in Shorewall 4.4.0.1.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -153,6 +153,13 @@ Shorewall 4.4.0 patch release 1.
 10) The name 'any' is now reserved and may not be used as a zone name.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0 . 2
 ----------------------------------------------------------------------------
 1)  If MULTICAST=Yes in shorewall.conf, then multicast traffic was
    excluded from ACCEPT policies.
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0 . 1
 ----------------------------------------------------------------------------
--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.0
-%define release 1
+%define release 2
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@ -104,6 +104,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 %changelog
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-1
 * Sun Aug 09 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/fallback.sh
+++ b/Shorewall6-lite/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.0
-%define release 1
+%define release 2
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -89,6 +89,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 %changelog
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-1
 * Mon Aug 03 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6/fallback.sh
+++ b/Shorewall6/fallback.sh
@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.0
-%define release 1
+%define release 2
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@ -93,6 +93,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 %changelog
 * Fri Aug 28 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-2
 * Thu Aug 13 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-1
 * Mon Aug 03 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.0.1
+VERSION=4.4.0.2
 usage() # $1 = exit status
 {