diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 5240dae97..73ac39540 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -109,3 +109,11 @@ Changes in 3.1.x. 46) Add debian prog files. 47) Correct syntax error in validate_policy() +------------------------------------------------------------------------------- +3.1.10 + +48) Streamlined some code in setup_tc1() + +49) Process /etc/shorewall/params at run-time. + +50) Add new modules to /etc/shorewall/modules. diff --git a/Shorewall/compiler b/Shorewall/compiler index 554659e9b..340b45bad 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -8537,6 +8537,8 @@ run_tc() { # initialize() { __EOF__ + INDENT=" " + if [ -z "$EXPORT" ]; then cat >&3 << __EOF__ if [ ! -f /usr/share/shorewall/version ]; then @@ -8585,6 +8587,8 @@ __EOF__ __EOF__ fi + append_file params + cat >&3 << __EOF__ STOPPING= @@ -8592,6 +8596,7 @@ __EOF__ # The library requires that /var/lib/shorewall exist # [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall + } # diff --git a/Shorewall/modules b/Shorewall/modules index 25a0ae432..c0258d127 100644 --- a/Shorewall/modules +++ b/Shorewall/modules @@ -18,7 +18,9 @@ # loadmodule ip_tables loadmodule iptable_filter +loadmodule iptable_mangle loadmodule ip_conntrack +loadmodule iptable_nat # # Helpers # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 04da6b45a..2a4e4bc39 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.1.9 +Shorewall 3.1.10 Note to users upgrading from Shorewall 2.x or 3.0 @@ -27,32 +27,19 @@ Note to users upgrading from Shorewall 2.x or 3.0 Please see the "Migration Considerations" below for additional upgrade information. -Problems Corrected in 3.1.9 +Problems Corrected in 3.1.10 -1) Route generation is now correct when a specific gateway IP address is - given in the GATEWAY column of the providers file. +1) The /etc/shorewall/params file is now copied into the compiled program + so that it's contents are processed both at compile-time and at + run-time. The latter is required so that extension scripts will have + access to the variables that the file initializes. -2) If any extension script used 'set --' (like the 'Limit' standard action - extension script) then 'shorewall restore' would fail. +2) The iptable_mangle and iptable_nat modules were previously omitted from + /etc/shorewall/modules. -3) An undefined function 'delete_nat' was previously called when a compiled - program was issued the 'stop' or 'clear' command. +Other changes in 3.1.10 -4) A shell syntax error was reported if a duplicate policy was detected. - -Other changes in 3.1.9 - -1) The 'redhat' distribution is now supported in the compile command's -d - option (e.g., "compile -e -d redhat prog"). Thanks go to Simon Matter - for this support. - -2) The 'shorecap' program will now be installed in /usr/share/shorewall on - all distributions. - -3) The 'debian' distribution is now supported in the compile command's -d - option (e.g., "compile -e -d debian prog"). Please see the README.debian - file included with your Debian Shorewall package for information about - how to use compiled programs on Debian systems. +None. Migration Considerations: