diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index b9219ae00..ec80768a1 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -1,3 +1,7 @@ +Changes in 2.2.3 + +1) Added the 'continue' extension script. + Changes in 2.2.2 1) The 'check' command disclaimer is toned down further and only diff --git a/Shorewall2/continue b/Shorewall2/continue new file mode 100644 index 000000000..e608ca4ed --- /dev/null +++ b/Shorewall2/continue @@ -0,0 +1,6 @@ +############################################################################ +# Shorewall 2.2 -- /etc/shorewall/continue +# +# Add commands below that you want to be executed after shorewall has +# cleared any existing Netfilter rules and has enabled existing connections. +# diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 38569020d..197aa9f0c 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -5678,7 +5678,7 @@ initialize_netfilter () { run_user_exit init # - # The some files might be large so strip them while the firewall is still running + # Some files might be large so strip them while the firewall is still running # (restart command). This reduces the length of time that the firewall isn't # accepting new connections. # @@ -5721,6 +5721,8 @@ initialize_netfilter () { setcontinue INPUT setcontinue OUTPUT + run_user_exit continue + [ -n "$DISABLE_IPV6" ] && disable_ipv6 # @@ -5729,10 +5731,6 @@ initialize_netfilter () { run_iptables -A INPUT -i lo -j ACCEPT run_iptables -A OUTPUT -o lo -j ACCEPT - accounting_file=$(find_file accounting) - - [ -f $accounting_file ] && setup_accounting $accounting_file - # # Allow DNS lookups during startup for FQDNs # @@ -5756,6 +5754,10 @@ initialize_netfilter () { run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option fi + accounting_file=$(find_file accounting) + + [ -f $accounting_file ] && setup_accounting $accounting_file + if [ -z "$NEWNOTSYN" ]; then createchain newnotsyn no diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 4149777f0..08292f010 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,5 +1,18 @@ -Shorewall 2.2.2 +Shorewall 2.2.3 +----------------------------------------------------------------------- +Problems corrected in version 2.2.3 +----------------------------------------------------------------------- +New Features in version 2.2.3 + +1) A new extension script "continue" has been added. This script is + invoked after Shorewall has set the built-in filter chains' + policy to DROP, deleted any existing Netfilter rules and user + chains and has enabled existing connections. + + It is useful for enabling certain communication while Shorewall is + being [re]started. Be sure to delete any rules that you add here in + your /etc/shorewall/start file. ----------------------------------------------------------------------- Problems corrected in version 2.2.2