holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix shorewall-lite install.sh; fix SHOREWALL_COMPILER=shell when removing shorewall-shell rpm; update web site for RC2

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6843 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-11 15:06:44 +00:00
parent 38892108c9
commit f0897e3773
5 changed files with 108 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 4.0.0 Final
1) Fix lite install.sh manpage problem.
Changes in 4.0.0 RC 2 Changes in 4.0.0 RC 2
1) Fix zone type check in Tunnels File. 1) Fix zone type check in Tunnels File.

138
Shorewall-common/releasenotes.txt
View File

@ -25,65 +25,22 @@ Shorewall 4.0.0 RC 2
Shorewall-perl compiler. This support utilizes the reduced-function Shorewall-perl compiler. This support utilizes the reduced-function
physdev match support available in Linux kernel 2.6.20 and later. physdev match support available in Linux kernel 2.6.20 and later.
Problems corrected in 4.0.0 RC 2. Problems corrected in 4.0.0 Final.
1) Shorewall-perl now correctly permits zones of type 'ipsec' in the 1) The shorewall-lite install.sh may now be run multiple times from
ZONE column of /etc/shorewall/tunnels.
2) The shorewall-common install.sh may now be run multiple times from
the same directory. Previously, the manpages were gzipped in-place the same directory. Previously, the manpages were gzipped in-place
which made it impossible to rerun the script. which made it impossible to rerun the script.
3) The implementation of LITEDIR has always been 2) If shorewall.conf contained SHOREWALL_COMPILER=shell (which it can
unsatisfactory. Furthermore, there have been other cases where on Shorewall 3.4.2-4 systems) and the shorewall-shell RPM was
people have asked to be able to designate the state directory removed, subsequent "shorewall [re]start" operations failed. When
(default /var/lib/shorewall[-lite]). shorewall-shell is removed, the shorewall.conf file is modified to
specify SHOREWALL_COMPILER= and the original is saved in
shorewall.conf.rpmsave.
To meet these objectives: Other changes in Shorewall 4.0.0 Final.
a) The LITEDIR variable has been eliminated in None.
/usr/share/shorewall[-lite]/configpath.
b) A new file /etc/shorewall[-lite]/vardir has been added. This
file is not created by default but may be added as needed. It
is expected to contain a single variable assignment:
VARDIR=<directory>
Example:
VARDIR=/root/shorewall
To change VARDIR, copy the old directory to the new one before you
restart Shorewall[-lite].
To use this feature with Shorewall-lite, all packages involved
(compiler, shorewall-common and shorewall-lite) must be version
4.0.0-RC2 or later.
4) Several bugs in Shorewall-perl's handling of ipsec zones have been
corrected.
5) Tuomo Soini has contributed bi-directional macros for various
tunnel types:
IPsecah
GRE
IPsec
IPIP
IPsecnat
L2TP
Other changes in Shorewall 4.0.0 RC 2.
1) The -f option is no longer the default when Shorewall is started at
boot time (usually via /etc/init.d/shorewall). With Shorewall-perl,
"shorewall start" is nearly as fast as "shorewall restore" and
"shorewall start" uses the current configuration which avoids
confusion.
2) Code in Shorewall-perl that allowed it to run under Shorewall 3.4
has been removed (although it might still work under 3.4.4).
Migration Considerations: Migration Considerations:
@ -158,6 +115,9 @@ Migration Considerations:
shorewall check shorewall check
shorewall restart shorewall restart
Be sure to modify shorewall.conf if it still has
SHOREWALL_COMPILER=shell.
2) The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work 2) The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
slightly differently in Shorewall 4.0.0. In prior releases, leaving slightly differently in Shorewall 4.0.0. In prior releases, leaving
these options empty was equivalent to setting them to 'No' which these options empty was equivalent to setting them to 'No' which
@ -181,6 +141,36 @@ Migration Considerations:
If you currently have neither of those files, you will need to If you currently have neither of those files, you will need to
create one of them. create one of them.
4) This issue will only affect you if you use Shorewall Lite and have
modified /usr/share/configpath to specify a different LITEDIR.
The implementation of LITEDIR has always been
unsatisfactory. Furthermore, there have been other cases where
people have asked to be able to designate the state directory
(default /var/lib/shorewall[-lite]).
To meet these objectives:
a) The LITEDIR variable has been eliminated in
/usr/share/shorewall[-lite]/configpath.
b) A new file /etc/shorewall[-lite]/vardir has been added. This
file is not created by default but may be added as needed. It
is expected to contain a single variable assignment:
VARDIR=<directory>
Example:
VARDIR=/root/shorewall
To change VARDIR, copy the old directory to the new one before you
restart Shorewall[-lite].
To use this feature with Shorewall-lite, all packages involved
(compiler, shorewall-common and shorewall-lite) must be version
4.0.0-RC2 or later.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S N E W F E A T U R E S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -819,6 +809,48 @@ Migration Considerations:
encounter problems with the generated module, simply copy the encounter problems with the generated module, simply copy the
fallback module to /usr/share/shorewall-perl/Shorewall/Ports.pm. fallback module to /usr/share/shorewall-perl/Shorewall/Ports.pm.
11) Tuomo Soini has contributed bi-directional macros for various
tunnel types:
IPsecah
GRE
IPsec
IPIP
IPsecnat
L2TP
12) The -f option is no longer the default when Shorewall is started at
boot time (usually via /etc/init.d/shorewall). With Shorewall-perl,
"shorewall start" is nearly as fast as "shorewall restore" and
"shorewall start" uses the current configuration which avoids
confusion.
13) The implementation of LITEDIR has always been
unsatisfactory. Furthermore, there have been other cases where
people have asked to be able to designate the state directory
(default /var/lib/shorewall[-lite]).
To meet these objectives:
a) The LITEDIR variable has been eliminated in
/usr/share/shorewall[-lite]/configpath.
b) A new file /etc/shorewall[-lite]/vardir has been added. This
file is not created by default but may be added as needed. It
is expected to contain a single variable assignment:
VARDIR=<directory>
Example:
VARDIR=/root/shorewall
To change VARDIR, copy the old directory to the new one before you
restart Shorewall[-lite].
To use this feature with Shorewall-lite, all packages involved
(compiler, shorewall-common and shorewall-lite) must be version
4.0.0-RC2 or later.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
P R E R E Q U I S I T E S P R E R E Q U I S I T E S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

6
Shorewall-lite/install.sh
View File

@ -334,16 +334,14 @@ echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
cd manpages cd manpages
rm -f *.gz
for f in *.5; do for f in *.5; do
gzip $f gzip -c $f > $f.gz
run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man5/$f.gz
echo "Man page $f.gz installed to /usr/share/man/man5/$f.gz" echo "Man page $f.gz installed to /usr/share/man/man5/$f.gz"
done done
for f in *.8; do for f in *.8; do
gzip $f gzip -d $f > $f.gz
run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz run_install -D -m 644 $f.gz ${PREFIX}/usr/share/man/man8/$f.gz
echo "Man page $f.gz installed to /usr/share/man/man8/$f.gz" echo "Man page $f.gz installed to /usr/share/man/man8/$f.gz"
done done

13
Shorewall-shell/shorewall-shell.spec
View File

@ -1,6 +1,6 @@
%define name shorewall-shell %define name shorewall-shell
%define version 4.0.0 %define version 4.0.0
%define release 0RC2 %define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -49,6 +49,17 @@ rm -rf $RPM_BUILD_ROOT
%preun %preun
%postun
if [ "$1" -eq 0 -a -f /etc/shorewall/shorewall.conf ]; then
sed -i.rpmsave -e 's/SHOREWALL_COMPILER=shell/SHOREWALL_COMPILER=/' /etc/shorewall/shorewall.conf
if cmp -s /etc/shorewall/shorewall.conf.rpmsave /etc/shorewall/shorewall.conf; then
rm -f /etc/shorewall/shorewall.conf.rpmsave
else
echo "/etc/shorewall/shorewall.conf modified - original saved as /etc/shorewall/shorewall.conf.rpmsave"
fi
fi
%files %files
%defattr(0644,root,root,0755) %defattr(0644,root,root,0755)
%attr(0755,root,root) %dir /usr/share/shorewall-shell %attr(0755,root,root) %dir /usr/share/shorewall-shell

10
web/shorewall_index.htm
View File

@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
license is included in the section entitled “<a href="GnuCopyright.htm" license is included in the section entitled “<a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>”.</p> target="_self">GNU Free Documentation License</a>”.</p>
<p>2007-07-05</p> <p>2007-07-10</p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<h2>Table of Contents</h2> <h2>Table of Contents</h2>
@ -131,16 +131,16 @@ is 3.2.10<br>
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li>
</ul> </ul>
The <span style="font-weight: bold;">current Development Release</span> is The <span style="font-weight: bold;">current Development Release</span> is
4.0.0 RC1 4.0.0 RC2
<ul> <ul>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/releasenotes.txt">release href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC2/releasenotes.txt">release
notes</a> <br> notes</a> <br>
</li> </li>
<li>Here are the <a <li>Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/known_problems.txt">known href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC2/known_problems.txt">known
problems</a> and <a problems</a> and <a
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/errata/">updates</a>.</li> href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC2/errata/">updates</a>.</li>
</ul> </ul>
<div style="margin-left: 40px;"> <div style="margin-left: 40px;">