Merge Tuono's 'sane' patch

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8405 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -22,6 +22,8 @@ Changes in 4.1.7
 
 11) Defer enabling of forwarding until rules are in place.
 
+12) Merge Tuomo's SANE support patch. 
+
 Changes in 4.1.6
 
 1)  Deprecate IMPLICIT_CONTINUE=Yes

Shorewall-common/macro.SANE

@@ -0,0 +1,23 @@
+#
+# Shorewall version 4 - SANE Macro
+#
+# /usr/share/shorewall/macro.SANE
+#
+#	This macro handles SANE network scanning.
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	tcp	6566
+#
+# Kernels 2.6.23+ has nf_conntrack_sane module which will handle
+# sane data connection.
+#
+# If you don't have sane conntracking support you need to open whole dynamic
+# port range.
+#
+# This is for normal linux 2.4+
+#PARAM	-	-	tcp	32768:61000
+# This is generic rule for any os running saned.
+#PARAM	-	-	tcp	1024:
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-common/modules

@@ -89,6 +89,7 @@ loadmodule nf_conntrack_proto_gre
 loadmodule nf_conntrack_proto_sctp
 loadmodule nf_conntrack_sip
 loadmodule nf_conntrack_tftp
+loadmodule nf_conntrack_sane
 loadmodule nf_nat_amanda
 loadmodule nf_nat_ftp
 loadmodule nf_nat_h323

Shorewall-common/releasenotes.txt

@@ -249,6 +249,12 @@ New Features in 4.1.7.
     NULL_ROUTE_RFC1918 defaults to 'No' and is only supported by
     Shorewall-perl; Shorewall-shell ignores the option.
 
+7)  There is now a macro.SANE which supports network-attached
+    scanners. Shorewall now automatically loads the sane connection
+    tracking helper module.
+
+    Thanks for this feature go to Tuomo Soini.
+
 New Features in Shorewall 4.1.
 
 1)  Shorewall 4.1 contains support for multiple Internet providers