Correct known_problems

Apply multi-zone fix to 4.4.0
Apply nets= fix to 4.4.0
2009-08-29 08:58:21 -07:00 · 2009-08-29 08:20:09 -07:00 · 2009-08-29 07:27:32 -07:00 · 2009-08-28 15:58:14 -07:00 · 2009-08-28 15:25:43 -07:00 · 2009-08-27 11:09:26 -07:00
417 changed files with 3555 additions and 21541 deletions
--- a/Samples/one-interface/interfaces
+++ b/Samples/one-interface/interfaces
@@ -17,4 +17,3 @@
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          dhcp,tcpflags,logmartians,nosmurfs
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/one-interface/policy
+++ b/Samples/one-interface/policy
@@ -16,8 +16,6 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 $FW		net		ACCEPT
-net		$FW		DROP		info
 net		all		DROP		info
 # The FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -19,10 +19,8 @@

 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW

 # Permit all ICMP traffic FROM the firewall TO the net zone

 ACCEPT		$FW		net		icmp
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@@ -28,7 +28,7 @@ STARTUP_ENABLED=No

 VERBOSITY=1

-x###############################################################################
+###############################################################################
 #			       L O G G I N G
 ###############################################################################

@@ -139,7 +139,7 @@ DELAYBLACKLISTLOAD=No

 MODULE_SUFFIX=

-DISABLE_IPV6=Yes
+DISABLE_IPV6=No

 BRIDGING=No

--- a/Samples/one-interface/zones
+++ b/Samples/one-interface/zones
@@ -18,4 +18,3 @@
 #					OPTIONS			OPTIONS
 fw	firewall
 net	ipv4
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples/three-interfaces/interfaces
+++ b/Samples/three-interfaces/interfaces
@@ -19,4 +19,3 @@
 net     eth0            detect          tcpflags,dhcp,nosmurfs,routefilter,logmartians
 loc     eth1            detect          tcpflags,nosmurfs,routefilter,logmartians
 dmz     eth2            detect		tcpflags,nosmurfs,routefilter,logmartians
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/three-interfaces/masq
+++ b/Samples/three-interfaces/masq
@@ -19,4 +19,3 @@ eth0			10.0.0.0/8,\
 			169.254.0.0/16,\
 			172.16.0.0/12,\
 			192.168.0.0/16
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples/three-interfaces/policy
+++ b/Samples/three-interfaces/policy
@@ -16,67 +16,7 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

-#
-# Note about policies and logging:
-#	This file contains an explicit policy for every combination of
-#	zones defined in this sample.  This is solely for the purpose of
-#	providing more specific messages in the logs.  This is not
-#	necessary for correct operation of the firewall, but greatly
-#	assists in diagnosing problems. The policies below are logically
-#	equivalent to:
-#
-#	loc	net		ACCEPT
-#	net	all		DROP		info
-#	all	all		REJECT		info
-#
-#	The Shorewall-perl compiler will generate the individual policies
-#	below from the above general policies if you set 
-#	EXPAND_POLICIES=Yes in shorewall.conf. 
-#
-
-#
-# Policies for traffic originating from the local LAN (loc)
-#
-# If you want to force clients to access the Internet via a proxy server
-# in your DMZ, change the following policy to REJECT info.
 loc		net		ACCEPT
-# If you want open access to DMZ from loc, change the following policy
-# to ACCEPT.  (If you chose not to do this, you will need to add a rule
-# for each service in the rules file.)
-loc		dmz		REJECT		info
-loc		$FW		REJECT		info
-loc		all		REJECT		info
-
-#
-# Policies for traffic originating from the firewall ($FW)
-#
-# If you want open access to the Internet from your firewall, change the
-# $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
-$FW		net		REJECT		info
-$FW		dmz		REJECT		info
-$FW		loc		REJECT		info
-$FW		all		REJECT		info
-
-#
-# Policies for traffic originating from the De-Militarized Zone (dmz)
-#
-# If you want open access from DMZ to the Internet change the following
-# policy to ACCEPT.  This may be useful if you run a proxy server in
-# your DMZ.
-dmz		net		REJECT		info
-dmz		$FW		REJECT		info
-dmz		loc		REJECT		info
-dmz		all		REJECT		info
-
-#
-# Policies for traffic originating from the Internet zone (net)
-#
-net		dmz		DROP		info
-net		$FW		DROP		info
-net		loc		DROP		info
 net		all		DROP		info
-
 # THE FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
-
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples/three-interfaces/routestopped
+++ b/Samples/three-interfaces/routestopped
@@ -19,4 +19,3 @@
 #INTERFACE	HOST(S)
 eth1		-
 eth2		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/three-interfaces/rules
+++ b/Samples/three-interfaces/rules
@@ -19,33 +19,33 @@
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             $FW
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net


 # Drop Ping from the "bad" net zone.

-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW

 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #

-Ping/ACCEPT     loc             $FW
-Ping/ACCEPT     dmz             $FW
-Ping/ACCEPT     loc             dmz
-Ping/ACCEPT     dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    loc             $FW
+Ping(ACCEPT)    dmz             $FW
+Ping(ACCEPT)    loc             dmz
+Ping(ACCEPT)    dmz             loc
+Ping(ACCEPT)    dmz             net

 ACCEPT		$FW		net		icmp
 ACCEPT		$FW		loc		icmp
@@ -54,7 +54,5 @@ ACCEPT		$FW		dmz		icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc

-#Ping/ACCEPT    net             dmz
-#Ping/ACCEPT    net             loc
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
+#Ping(ACCEPT)    net             dmz
+#Ping(ACCEPT)    net             loc
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@@ -139,7 +139,7 @@ DELAYBLACKLISTLOAD=No

 MODULE_SUFFIX=

-DISABLE_IPV6=Yes
+DISABLE_IPV6=No

 BRIDGING=No

--- a/Samples/three-interfaces/zones
+++ b/Samples/three-interfaces/zones
@@ -20,4 +20,3 @@ fw	firewall
 net	ipv4
 loc	ipv4
 dmz	ipv4
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples/two-interfaces/interfaces
+++ b/Samples/two-interfaces/interfaces
@@ -18,4 +18,3 @@
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          dhcp,tcpflags,nosmurfs,routefilter,logmartians
 loc     eth1            detect          tcpflags,nosmurfs,routefilter,logmartians
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/two-interfaces/masq
+++ b/Samples/two-interfaces/masq
@@ -19,4 +19,3 @@ eth0			10.0.0.0/8,\
 			169.254.0.0/16,\
 			172.16.0.0/12,\
 			192.168.0.0/16
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples/two-interfaces/policy
+++ b/Samples/two-interfaces/policy
@@ -16,50 +16,8 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

-#
-# Note about policies and logging:
-#	This file contains an explicit policy for every combination of
-#	zones defined in this sample.  This is solely for the purpose of
-#	providing more specific messages in the logs.  This is not
-#	necessary for correct operation of the firewall, but greatly
-#	assists in diagnosing problems. The policies below are logically
-#	equivalent to:
-#
-#	loc	net		ACCEPT
-#	net	all		DROP		info
-#	all	all		REJECT		info
-#
-#	The Shorewall-perl compiler will generate the individual policies
-#	below from the above general policies if you set 
-#	EXPAND_POLICIES=Yes in shorewall.conf. 
-#
-
-# Policies for traffic originating from the local LAN (loc)
-#
-# If you want to force clients to access the Internet via a proxy server
-# on your firewall, change the loc to net policy to REJECT info.
 loc		net		ACCEPT
-loc		$FW		REJECT		info
-loc		all		REJECT		info
-
-#
-# Policies for traffic originating from the firewall ($FW)
-#
-# If you want open access to the Internet from your firewall, change the
-# $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL.
-# This may be useful if you run a proxy server on the firewall.
-$FW		net		REJECT		info
-$FW		loc		REJECT		info
-$FW		all		REJECT		info
-
-#
-# Policies for traffic originating from the Internet zone (net)
-#
-net		$FW		DROP		info
-net		loc		DROP		info
 net		all		DROP		info
-
 # THE FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info

-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples/two-interfaces/routestopped
+++ b/Samples/two-interfaces/routestopped
@@ -18,4 +18,3 @@
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@@ -19,24 +19,22 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW

 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #

-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW

 ACCEPT		$FW		loc		icmp
 ACCEPT		$FW		net		icmp
 #
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@@ -146,7 +146,7 @@ DELAYBLACKLISTLOAD=No

 MODULE_SUFFIX=

-DISABLE_IPV6=Yes
+DISABLE_IPV6=No

 BRIDGING=No

--- a/Samples/two-interfaces/zones
+++ b/Samples/two-interfaces/zones
@@ -19,5 +19,3 @@
 fw	firewall
 net	ipv4
 loc	ipv4
-
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/one-interface/interfaces
+++ b/Samples6/one-interface/interfaces
@@ -13,4 +13,3 @@
 ###############################################################################
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/one-interface/policy
+++ b/Samples6/one-interface/policy
@@ -18,4 +18,3 @@ net		$FW		DROP		info
 net		all		DROP		info
 # The FOLLOWING POLICY MUST BE LAST
 all		all		REJECT		info
-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/one-interface/rules
+++ b/Samples6/one-interface/rules
@@ -16,10 +16,9 @@

 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW

 # Permit all ICMP traffic FROM the firewall TO the net zone

 ACCEPT		$FW		net		ipv6-icmp

-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/one-interface/zones
+++ b/Samples6/one-interface/zones
@@ -15,4 +15,3 @@
 #					OPTIONS			OPTIONS
 fw	firewall
 net	ipv6
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/three-interfaces/interfaces
+++ b/Samples6/three-interfaces/interfaces
@@ -15,4 +15,3 @@
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
 dmz     eth2            detect
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/policy
+++ b/Samples6/three-interfaces/policy
@@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info

-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/routestopped
+++ b/Samples6/three-interfaces/routestopped
@@ -18,4 +18,3 @@
 #INTERFACE	HOST(S)
 eth1		-
 eth2		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@@ -16,33 +16,33 @@
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             $FW
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net


 # Drop Ping from the "bad" net zone.

-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW

 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #

-Ping/ACCEPT     loc             $FW
-Ping/ACCEPT     dmz             $FW
-Ping/ACCEPT     loc             dmz
-Ping/ACCEPT     dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    loc             $FW
+Ping(ACCEPT)    dmz             $FW
+Ping(ACCEPT)    loc             dmz
+Ping(ACCEPT)    dmz             loc
+Ping(ACCEPT)    dmz             net

 ACCEPT		$FW		net		ipv6-icmp
 ACCEPT		$FW		loc		ipv6-icmp
@@ -51,7 +51,6 @@ ACCEPT		$FW		dmz		ipv6-icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc

-#Ping/ACCEPT    net             dmz
-#Ping/ACCEPT    net             loc
+#Ping(ACCEPT)    net             dmz
+#Ping(ACCEPT)    net             loc

-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/three-interfaces/zones
+++ b/Samples6/three-interfaces/zones
@@ -18,4 +18,3 @@ fw	firewall
 net	ipv4
 loc	ipv4
 dmz	ipv4
-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Samples6/two-interfaces/interfaces
+++ b/Samples6/two-interfaces/interfaces
@@ -14,4 +14,3 @@
 #ZONE	INTERFACE	BROADCAST	OPTIONS
 net     eth0            detect          tcpflags
 loc     eth1            detect          tcpflags
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/policy
+++ b/Samples6/two-interfaces/policy
@@ -17,4 +17,3 @@ loc		net		ACCEPT
 net		all		DROP		info
 all		all		REJECT		info

-#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/routestopped
+++ b/Samples6/two-interfaces/routestopped
@@ -17,4 +17,3 @@
 ##############################################################################
 #INTERFACE	HOST(S)                  OPTIONS
 eth1		-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@@ -16,24 +16,22 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW

 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #

-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW

 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp
 #
-
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Samples6/two-interfaces/zones
+++ b/Samples6/two-interfaces/zones
@@ -17,4 +17,3 @@ fw	firewall
 net	ipv6
 loc	ipv6

-#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
--- a/Shorewall-lite/fallback.sh
+++ b/Shorewall-lite/fallback.sh
@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.

-VERSION=4.4.0-Beta2
+VERSION=4.4.0.2

 usage() # $1 = exit status
 {
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #

-VERSION=4.4.0-Beta2
+VERSION=4.4.0.2

 usage() # $1 = exit status
 {
@@ -107,14 +107,6 @@ if [ -z "$RUNLEVELS" ] ; then
 	RUNLEVELS=""
 fi

-if [ -z "$OWNER" ] ; then
-	OWNER=root
-fi
-
-if [ -z "$GROUP" ] ; then
-	GROUP=root
-fi
-
 while [ $# -gt 0 ] ; do
    case "$1" in
 	-h|help|?)
@@ -138,17 +130,34 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
 # Determine where to install the firewall script
 #
 DEBIAN=
+CYGWIN=
+
+case $(uname) in
+    CYGWIN*)
+	if [ -z "$PREFIX" ]; then
+	    DEST=
+	    INIT=
+	fi
+
+	OWNER=$(id -un)
+	GROUP=$(id -gn)
+	;;
+    *)
+	[ -z "$OWNER" ] && OWNER=root
+	[ -z "$GROUP" ] && GROUP=root
+	;;
+esac

 OWNERSHIP="-o $OWNER -g $GROUP"

 if [ -n "$PREFIX" ]; then
-	if [ `id -u` != 0 ] ; then
-	    echo "Not setting file owner/group permissions, not running as root."
-	    OWNERSHIP=""
-	fi
-
-	install -d $OWNERSHIP -m 755 ${PREFIX}/sbin
-	install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
+    if [ `id -u` != 0 ] ; then
+	echo "Not setting file owner/group permissions, not running as root."
+	OWNERSHIP=""
+    fi
+    
+    install -d $OWNERSHIP -m 755 ${PREFIX}/sbin
+    install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
 elif [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
    DEBIAN=yes
 elif [ -f /etc/slackware-version ] ; then
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@@ -515,6 +515,7 @@ if [ $# -eq 0 ]; then
 fi

 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+export PATH
 MUTEX_TIMEOUT=

 SHAREDIR=/usr/share/shorewall-lite
@@ -624,6 +625,7 @@ case "$COMMAND" in
 	;;
    status)
 	[ $# -eq 1 ] || usage 1
+	[ "$(id -u)" != 0 ] && fatal_error "ERROR: The status command may only be run by root"
 	echo "Shorewall Lite $version Status at $HOSTNAME - $(date)"
 	echo
 	if shorewall_is_started ; then
--- a/Shorewall-lite/shorewall-lite.spec
+++ b/Shorewall-lite/shorewall-lite.spec
@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.0
-%define release 0Beta2
+%define release 2

 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,20 @@ fi
 %doc COPYING changelog.txt releasenotes.txt

 %changelog
+* Fri Aug 28 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-2
+* Thu Aug 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-1
+* Mon Aug 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0base
+* Tue Jul 28 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC2
+* Sun Jul 12 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0RC1
+* Thu Jul 09 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0Beta4
+* Sat Jun 27 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.0-0Beta3
 * Mon Jun 15 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.0-0Beta2
 * Fri Jun 12 2009 Tom Eastep tom@shorewall.net
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall

-VERSION=4.4.0-Beta2
+VERSION=4.4.0.2

 usage() # $1 = exit status
 {
--- a/Shorewall/Macros/macro.AllowICMPs
+++ b/Shorewall/Macros/macro.AllowICMPs
@@ -13,4 +13,3 @@ COMMENT Needed ICMP types

 ACCEPT	-	-	icmp	fragmentation-needed
 ACCEPT	-	-	icmp	time-exceeded
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Amanda
+++ b/Shorewall/Macros/macro.Amanda
@@ -18,4 +18,3 @@ PARAM	-	-	udp	10080
 # systems which need to pass AMANDA traffic through netfilter.
 #PARAM	-	-	tcp	50000:50100
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Auth
+++ b/Shorewall/Macros/macro.Auth
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	113
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.BGP
+++ b/Shorewall/Macros/macro.BGP
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - BGP Macro
+#
+# /usr/share/shorewall/macro.BGP
+#
+#       This macro handles BGP4 traffic.
+#
+###############################################################################
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                               PORT(S) PORT(S) LIMIT   GROUP
+PARAM   -       -       tcp     179     				# BGP4
--- a/Shorewall/Macros/macro.BitTorrent
+++ b/Shorewall/Macros/macro.BitTorrent
@@ -16,4 +16,3 @@ PARAM	-	-	tcp	6881:6889
 #
 PARAM	-	-	udp	6881
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.BitTorrent32
+++ b/Shorewall/Macros/macro.BitTorrent32
@@ -14,4 +14,3 @@ PARAM	-	-	tcp	6881:6999
 #
 PARAM	-	-	udp	6881
 #
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.CVS
+++ b/Shorewall/Macros/macro.CVS
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	2401
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Citrix
+++ b/Shorewall/Macros/macro.Citrix
@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - Citrix/ICA Macro
+#
+# /usr/share/shorewall/macro.Citrix
+#
+# This macro handles Citrix/ICA traffic (ICA, ICA Browser, CGP a.k.a. ICA Session Reliability)
+#
+####################################################################################
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                               PORT(S) PORT(S) LIMIT   GROUP
+PARAM   -       -       tcp     1494 				   # ICA
+PARAM   -       -       udp     1604    			   # ICA Browser
+PARAM   -       -       tcp     2598    			   # CGP Session Reliabilty
--- a/Shorewall/Macros/macro.DAAP
+++ b/Shorewall/Macros/macro.DAAP
@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3689
 PARAM	-	-	udp	3689
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.DCC
+++ b/Shorewall/Macros/macro.DCC
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6277
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.DNS
+++ b/Shorewall/Macros/macro.DNS
@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	53
 PARAM	-	-	tcp	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Distcc
+++ b/Shorewall/Macros/macro.Distcc
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3632
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Drop
+++ b/Shorewall/Macros/macro.Drop
@@ -50,4 +50,3 @@ dropNotSyn
 # the log.
 #
 DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.DropDNSrep
+++ b/Shorewall/Macros/macro.DropDNSrep
@@ -12,4 +12,3 @@
 COMMENT Late DNS Replies

 DROP	-	-	udp	-	53
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.DropUPnP
+++ b/Shorewall/Macros/macro.DropUPnP
@@ -12,4 +12,3 @@
 COMMENT UPnP

 DROP	-	-	udp	1900
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Edonkey
+++ b/Shorewall/Macros/macro.Edonkey
@@ -32,4 +32,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	4662
 PARAM	-	-	udp	4665
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.FTP
+++ b/Shorewall/Macros/macro.FTP
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	21
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Finger
+++ b/Shorewall/Macros/macro.Finger
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	79
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.GNUnet
+++ b/Shorewall/Macros/macro.GNUnet
@@ -12,4 +12,3 @@ PARAM	-	-	tcp	2086
 PARAM	-	-	udp	2086
 PARAM	-	-	tcp	1080
 PARAM	-	-	udp	1080
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.GRE
+++ b/Shorewall/Macros/macro.GRE
@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	47	# GRE
 PARAM	DEST	SOURCE	47	# GRE
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Git
+++ b/Shorewall/Macros/macro.Git
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9418
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Gnutella
+++ b/Shorewall/Macros/macro.Gnutella
@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6346
 PARAM	-	-	udp	6346
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.HTTP
+++ b/Shorewall/Macros/macro.HTTP
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	80
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.HTTPS
+++ b/Shorewall/Macros/macro.HTTPS
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	443
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.ICQ
+++ b/Shorewall/Macros/macro.ICQ
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5190
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IMAP
+++ b/Shorewall/Macros/macro.IMAP
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	143
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IMAPS
+++ b/Shorewall/Macros/macro.IMAPS
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	993
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPIP
+++ b/Shorewall/Macros/macro.IPIP
@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	94	# IPIP
 PARAM	DEST	SOURCE	94	# IPIP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPP
+++ b/Shorewall/Macros/macro.IPP
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPPbrd
+++ b/Shorewall/Macros/macro.IPPbrd
@@ -0,0 +1,12 @@
+#
+# Shorewall version 4 - IPP Broadcast Macro
+#
+# /usr/share/shorewall/macro.IPPbrd
+#
+#	This macro handles Internet Printing Protocol (IPP) broadcasts.
+#       If you also need to handle TCP 631 connections in the opposite
+#       direction, use the IPPserver Macro
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	udp	631
--- a/Shorewall/Macros/macro.IPPserver
+++ b/Shorewall/Macros/macro.IPPserver
@@ -1,5 +1,5 @@
 #
-# Shorewall version 3.2 - IPPserver Macro
+# Shorewall version 4 - IPPserver Macro
 #
 # /usr/share/shorewall/macro.IPPserver
 #
@@ -27,4 +27,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	SOURCE	DEST	tcp	631
 PARAM	DEST	SOURCE	udp	631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPsec
+++ b/Shorewall/Macros/macro.IPsec
@@ -12,4 +12,3 @@ PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	50			# ESP
 PARAM	DEST	SOURCE	udp	500	500	# IKE
 PARAM	DEST	SOURCE	50			# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPsecah
+++ b/Shorewall/Macros/macro.IPsecah
@@ -13,4 +13,3 @@ PARAM	-	-	udp	500	500	# IKE
 PARAM	-	-	51			# AH
 PARAM	DEST	SOURCE	udp	500	500	# IKE
 PARAM	DEST	SOURCE	51			# AH
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IPsecnat
+++ b/Shorewall/Macros/macro.IPsecnat
@@ -14,4 +14,3 @@ PARAM	-	-	50		# ESP
 PARAM	DEST	SOURCE	udp	500	# IKE
 PARAM	DEST	SOURCE	udp	4500	# NAT-T
 PARAM	DEST	SOURCE	50		# ESP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.IRC
+++ b/Shorewall/Macros/macro.IRC
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	6667
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.JAP
+++ b/Shorewall/Macros/macro.JAP
@@ -15,4 +15,3 @@ PARAM	-	-	tcp	6544 # HTTP port
 PARAM	-	-	tcp	6543 # InfoService port
 HTTPS/PARAM
 SSH/PARAM
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.JabberPlain
+++ b/Shorewall/Macros/macro.JabberPlain
@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5222
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.JabberSecure
+++ b/Shorewall/Macros/macro.JabberSecure
@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5223
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Jabberd
+++ b/Shorewall/Macros/macro.Jabberd
@@ -9,4 +9,3 @@
 #TARGET	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5269
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Jetdirect
+++ b/Shorewall/Macros/macro.Jetdirect
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	9100
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.L2TP
+++ b/Shorewall/Macros/macro.L2TP
@@ -11,4 +11,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	1701	# L2TP
 PARAM	DEST	SOURCE	udp	1701	# L2TP
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.LDAP
+++ b/Shorewall/Macros/macro.LDAP
@@ -14,4 +14,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.LDAPS
+++ b/Shorewall/Macros/macro.LDAPS
@@ -14,4 +14,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	636
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.MySQL
+++ b/Shorewall/Macros/macro.MySQL
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3306
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.NNTP
+++ b/Shorewall/Macros/macro.NNTP
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	119
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.NNTPS
+++ b/Shorewall/Macros/macro.NNTPS
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	563
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.NTP
+++ b/Shorewall/Macros/macro.NTP
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.NTPbi
+++ b/Shorewall/Macros/macro.NTPbi
@@ -0,0 +1,12 @@
+#
+# Shorewall version 4 - NTPbi Macro
+#
+# /usr/share/shorewall/macro.NTPbi
+#
+#        This macro handles  bi-directional NTP (for NTP peers)
+#
+###############################################################################
+#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
+#				PORT(S)	PORT(S)	LIMIT	GROUP
+PARAM	-	-	udp	123
+PARAM	DEST	SOURCE	udp	123
--- a/Shorewall/Macros/macro.NTPbrd
+++ b/Shorewall/Macros/macro.NTPbrd
@@ -15,4 +15,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-		-		udp	123
 PARAM	-		-		udp	1024:	123
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.OSPF
+++ b/Shorewall/Macros/macro.OSPF
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - OSPF Macro
+#
+# /usr/share/shorewall/macro.OSPF
+#
+#       This macro handles OSPF multicast traffic
+#
+#######################################################################################################
+#ACTION         SOURCE          DEST    PROTO   DEST    SOURCE  ORIGINAL        RATE    USER/   ORIGINAL
+#                                               PORT(S) PORT(S) DEST            LIMIT   GROUP   DEST
+PARAM           -               -       89      -                                                       # OSPF
--- a/Shorewall/Macros/macro.OpenVPN
+++ b/Shorewall/Macros/macro.OpenVPN
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	1194
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.PCA
+++ b/Shorewall/Macros/macro.PCA
@@ -10,4 +10,3 @@
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	udp	5632
 PARAM	-	-	tcp	5631
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.POP3
+++ b/Shorewall/Macros/macro.POP3
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	110
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.POP3S
+++ b/Shorewall/Macros/macro.POP3S
@@ -10,4 +10,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	995	# Secure POP3
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.PPtP
+++ b/Shorewall/Macros/macro.PPtP
@@ -11,4 +11,3 @@
 PARAM	-	-	47
 PARAM	DEST	SOURCE	47
 PARAM	-	-	tcp	1723
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Ping
+++ b/Shorewall/Macros/macro.Ping
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	icmp	8
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.PostgreSQL
+++ b/Shorewall/Macros/macro.PostgreSQL
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	5432
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Printer
+++ b/Shorewall/Macros/macro.Printer
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	515
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.RDP
+++ b/Shorewall/Macros/macro.RDP
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	3389
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.RIPbi
+++ b/Shorewall/Macros/macro.RIPbi
@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - RIPbi Macro
+#
+# /usr/share/shorewall/macro.RIPbi
+#
+#        This macro handles RIP (Routing Information Protocol) - bidirectional
+#
+###############################################################################
+#ACTION SOURCE  DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                               PORT(S) PORT(S) LIMIT   GROUP
+PARAM   -       -       udp	520
+PARAM   DEST    SOURCE  udp	520
+
--- a/Shorewall/Macros/macro.RNDC
+++ b/Shorewall/Macros/macro.RNDC
@@ -9,4 +9,3 @@
 #ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
 #				PORT(S)	PORT(S)	LIMIT	GROUP
 PARAM	-	-	tcp	953
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/Macros/macro.Razor
+++ b/Shorewall/Macros/macro.Razor
@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Razor Macro
+#
+# /usr/share/shorewall/macro.Razor
+#
+# This macro handles traffic for the Razor Antispam System
+#
+###############################################################################
+#ACTION         SOURCE          DEST    PROTO   DEST    SOURCE  RATE    USER/
+#                                               PORT(S) PORT(S) LIMIT   GROUP
+ACCEPT          -               -       tcp     2703
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tom Eastep	00a20d5e1d	Correct known_problems	2009-08-29 08:58:21 -07:00
Tom Eastep	cb95e0a355	Apply multi-zone fix to 4.4.0	2009-08-29 08:20:09 -07:00
Tom Eastep	a623dc28aa	Apply nets= fix to 4.4.0	2009-08-29 07:27:32 -07:00
Tom Eastep	0b681a49ea	Update known_problems	2009-08-28 15:58:14 -07:00
Tom Eastep	de54c54ada	Open 4.4.0.2; fix MULTICAST=Yes and ACCEPT policies	2009-08-28 15:25:43 -07:00
Tom Eastep	08fd1b5132	Remove tools and web for good	2009-08-27 11:09:26 -07:00
Tom Eastep	73e73a19e6	Revert "Remove tools and web" This reverts commit `966f162c87`.	2009-08-27 07:08:17 -07:00
Tom Eastep	966f162c87	Remove tools and web	2009-08-27 07:06:08 -07:00
Tom Eastep	21f316abdd	Revert "Remove tools and web directories" This reverts commit `422d37900b`.	2009-08-26 15:45:04 -07:00
Tom Eastep	422d37900b	Remove tools and web directories	2009-08-26 15:29:29 -07:00
Tom Eastep	b85d024a6b	Update known problems	2009-08-26 12:50:08 -07:00
Tom Eastep	cdf0d8f64b	Fix nested IPSEC zones	2009-08-26 12:46:53 -07:00
Tom Eastep	4c3bb5bac8	Fix logging in rules at the end of INPUT and OUTPUT	2009-08-25 09:37:11 -07:00
Tom Eastep	640c1605f6	Update README.txt	2009-08-15 17:51:06 -07:00
Tom Eastep	ff5063e7a9	Prepare 4.4.0.1	2009-08-13 12:53:05 -07:00
Tom Eastep	4917ddee38	Fix broken link	2009-08-12 14:04:22 -07:00
Tom Eastep	2bac824207	Fix provider number in masq entry	2009-08-12 13:52:56 -07:00
Tom Eastep	f056faa6c4	Compensate for OpenSuSE bash 'feature'	2009-08-11 08:43:54 -07:00
Tom Eastep	5cb9ff0009	Fix 'upnpclient' on required interfaces	2009-08-11 08:31:58 -07:00
Tom Eastep	51e7bcdaf4	Extend release notes and correct typos	2009-08-11 08:02:36 -07:00
Tom Eastep	49554c5d7d	Suppress echoing of RPM list during stage/upload	2009-08-10 13:50:54 -07:00
Tom Eastep	c026c3d75e	Some last-minute updates to the docs for 4.4	2009-08-10 09:42:00 -07:00
Tom Eastep	ef7fe8166a	Back out prior change	2009-08-10 07:31:55 -07:00
Tom Eastep	33c3a27960	Add Debian config info to 6to4 doc	2009-08-10 07:24:29 -07:00
Tom Eastep	3e7c7a7e90	Fix a couple of typos	2009-08-09 11:38:18 -07:00
Tom Eastep	3cf02bd617	Update 'Upgrade Issues' doc with WARNING about SHOREWALL_COMPILER	2009-08-09 08:44:14 -07:00
Tom Eastep	b7a6223f44	Make perl an RPM prerequisite	2009-08-09 08:38:55 -07:00
Tom Eastep	6a25d6b9db	Make a functional Perl a prerequisite for installation	2009-08-09 08:33:22 -07:00
Tom Eastep	1d1133532f	Make 'SHOREWALL_COMPILER=shell' a WARNING rather than an ERROR	2009-08-09 08:19:24 -07:00
Tom Eastep	1a5027de9f	Restore ipset binding capability	2009-08-08 08:26:22 -07:00
Tom Eastep	1051c44f51	Add xtables-addons install link to release notes	2009-08-07 14:42:06 -07:00
Tom Eastep	8011a61970	Add section IDs to Dynamic Zones page	2009-08-07 13:54:24 -07:00
Tom Eastep	a4090dc34f	Document that 'any' is now a reserved word	2009-08-07 13:41:21 -07:00
Tom Eastep	55c879e4e6	Fix log record displays	2009-08-07 13:33:07 -07:00
Tom Eastep	c34e09cd67	Add a 4.4 stage script that stages to a private part of the FTP site	2009-08-07 12:48:01 -07:00
Tom Eastep	374aceb06c	Fix a couple of typos	2009-08-07 12:24:56 -07:00
Tom Eastep	7fbfb61fee	Remove empty section from the release notes	2009-08-07 09:59:13 -07:00
Tom Eastep	429178d162	Add additional 4.4 upgrade FAQs	2009-08-07 09:55:19 -07:00
Tom Eastep	fd75bc728a	Idiot-proofing of the upgrade issues page	2009-08-07 09:46:20 -07:00
Tom Eastep	ed1e1f1352	Yet more idiot-proofing	2009-08-07 07:47:31 -07:00
Tom Eastep	51e70ee1e8	Use new macro paramater syntax in samples	2009-08-07 07:25:57 -07:00
Tom Eastep	a069b8817c	More idiot-proofing of the release notes	2009-08-07 07:23:24 -07:00
Tom Eastep	b612336b95	Fix broken link	2009-08-06 12:45:10 -07:00
Tom Eastep	71fb62c760	More tweaking of the release notes	2009-08-06 12:35:00 -07:00
Tom Eastep	b92730554e	Idiot-proofing of the release notes	2009-08-06 12:23:35 -07:00
Tom Eastep	88c389e186	More Documentation updates in preparation for 4.4 release	2009-08-06 11:07:08 -07:00
Tom Eastep	3af3ce6779	More release note tweaks	2009-08-06 10:24:21 -07:00
Tom Eastep	0c0026db53	Tweak release notes	2009-08-06 07:45:50 -07:00
Tom Eastep	a6d382331d	Bring News up to date	2009-08-05 14:24:29 -07:00
Tom Eastep	9fd25a4832	Fix logging NAT rules -- fix release notes	2009-08-05 13:00:10 -07:00
Tom Eastep	031afd59b5	Fix logging NAT rules -- update release notes wording	2009-08-05 12:51:11 -07:00
Tom Eastep	70f46c02cc	Fix logging NAT rules	2009-08-05 12:48:14 -07:00
Tom Eastep	9ce5887269	Restore LAST LINE to those files that are processed by the shell	2009-08-05 07:59:32 -07:00
Tom Eastep	e91d3dd905	More LAST LINE deletions	2009-08-05 07:38:02 -07:00
Tom Eastep	1219397a74	Add more forceful warning about Shorewall-shell	2009-08-03 15:05:26 -07:00
Tom Eastep	02b950dc9e	Update the Notices page to reflect an earlier release date for 4.4	2009-08-03 14:49:51 -07:00
Tom Eastep	dd5a73d678	Tweak to 'My Config' doc	2009-08-03 13:23:34 -07:00
Tom Eastep	46ba12a915	Fix build usage report and STYLESHEET variable	2009-08-03 11:32:17 -07:00
Tom Eastep	999a00dc77	Remove need for '-v-1' when compiling to stdout	2009-08-03 11:20:34 -07:00
Tom Eastep	3efaef813f	Update version to 4.4.0	2009-08-03 10:16:37 -07:00
Tom Eastep	8c5a41f1fc	Remove absurd rules	2009-08-02 09:28:26 -07:00
Tom Eastep	5ded978c07	Update graphic	2009-08-02 08:50:20 -07:00
Tom Eastep	0e09292587	Add traffic shaping to my network configuration	2009-08-02 08:36:29 -07:00
Tom Eastep	4cd41a81f7	More updates to MyNetwork	2009-08-01 07:56:31 -07:00
Tom Eastep	70dfdb517e	Finish MyNetwork article	2009-08-01 07:35:07 -07:00
Tom Eastep	b324d9d84f	Publish the new 'Tom's Configuration' page	2009-07-31 19:37:24 -07:00
Tom Eastep	e971a3fbe5	Publish the new 'Tom's Configuration' page	2009-07-31 19:34:41 -07:00
Tom Eastep	6c4b9255f0	Update upgrade issues web page	2009-07-29 17:04:46 -07:00
Tom Eastep	bdb69876ee	Add migration issue for nested zones	2009-07-29 16:55:05 -07:00
Tom Eastep	489e09a4d7	Propagate super option to parents	2009-07-29 15:33:47 -07:00
Tom Eastep	ff5e95b164	Update manpages to mention mixed type nesting	2009-07-29 15:09:32 -07:00
Tom Eastep	4af6c7650e	Correct handling of nested IPSEC zone	2009-07-29 14:35:27 -07:00
Tom Eastep	99128502a2	Fix instructions for building xtables-addons on a yet-to-be-installed kernel	2009-07-29 14:32:37 -07:00
Tom Eastep	50420f0841	Do all signing at upload time	2009-07-29 10:19:57 -07:00
Tom Eastep	8d8920e7ad	Disallow ipsec zones nested within an ip zone	2009-07-29 07:49:06 -07:00
Tom Eastep	19736bcdbd	Update version to RC2	2009-07-28 13:45:26 -07:00
Tom Eastep	5034e1bf85	Update Documentation Page for Release Candidate	2009-07-27 10:00:49 -07:00
Tom Eastep	f2f8cab962	Make 'any' a reserved zone name	2009-07-26 12:29:37 -07:00
Tom Eastep	26cb2b1eeb	Allow Shorewall6 to recognize TC, IP and IPSET	2009-07-26 12:26:49 -07:00
Tom Eastep	0ee15ec91e	Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall	2009-07-25 12:40:45 -07:00
Tom Eastep	add34f4a17	Fix Shorewall6 capabilities version	2009-07-25 12:23:00 -07:00
Tom Eastep	3a9d4efabe	Fix upload44	2009-07-25 11:07:36 -07:00
Tom Eastep	fdbd691a94	More build/upload changes	2009-07-25 10:19:29 -07:00
Tom Eastep	2d45a35c8f	Make PREFIX work under Cygwin - Take 2	2009-07-25 07:44:53 -07:00
Tom Eastep	eed9df1c06	Make PREFIX work under Cygwin	2009-07-25 07:30:08 -07:00
Tom Eastep	c028fefa30	Fix 'disable_ipv6 -- take 2	2009-07-24 17:27:42 -07:00
Tom Eastep	fde24c16df	Fix 'disable_ipv6	2009-07-24 16:58:49 -07:00
Tom Eastep	c77f462d2d	Delete prog.functions and prog.functions6	2009-07-24 14:51:24 -07:00
Tom Eastep	45fffc7261	Replace 'edit' by 'validate' in compiler parameter handling logic	2009-07-22 10:43:53 -07:00
Tom Eastep	264126e9f5	Fix syntax error in last change	2009-07-22 10:43:15 -07:00
Tom Eastep	7f790e3aa2	Don't call generate_matrix() during 'check'	2009-07-21 14:13:26 -07:00
Tom Eastep	4fd338f3ca	Fix 'rpm -U' from earlier versions	2009-07-21 12:32:25 -07:00
Tom Eastep	902d6e0d45	A couple of cosmetic fixes	2009-07-21 06:57:11 -07:00
Tom Eastep	2146a356a6	Fix .spec to re-add the init symlinks during an upgrade	2009-07-21 06:53:00 -07:00
Tom Eastep	0204ea46a6	Ensure that move_rules doesn't crash in NONAT case	2009-07-16 15:59:59 -07:00
Tom Eastep	55045ace4b	Optimize nonat rules in certain cases	2009-07-16 11:05:37 -07:00
Tom Eastep	58f0110ad3	Purge more manpages of outdated references	2009-07-15 19:15:52 -07:00
Tom Eastep	f16b2300b6	Remove references to Shorewall-shell, Shorewall-perl and prior Shorewall versions from the manpages	2009-07-15 17:50:55 -07:00
Tom Eastep	9c2966448e	Fix NONAT of sub-zone	2009-07-15 15:59:53 -07:00
Tom Eastep	73b9f04fc6	Don't allow the -p start/stop option with Shorewall6; remove Shorewall-shell/Shorewall-perl references from the 'shorewall' manpage	2009-07-15 13:47:16 -07:00
Tom Eastep	6c1a500408	Fix typo in 'shorewall6' manpage	2009-07-15 13:08:04 -07:00
Tom Eastep	8e9bef0a61	Fix routing with no providers	2009-07-15 13:03:49 -07:00
Tom Eastep	3bd9d31c05	Correct NOROUTE logic when no providers	2009-07-15 12:32:26 -07:00
Tom Eastep	17f61ad1c6	Optimize creation of /etc/iproute2/rt_tables	2009-07-15 12:22:31 -07:00
Tom Eastep	8f57a5d7a2	Some minor tweaks to the Providers module	2009-07-14 16:12:59 -07:00
Tom Eastep	d64b526319	Come cleanup of the Chains module	2009-07-13 16:54:39 -07:00
Tom Eastep	3c326841ce	Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall	2009-07-13 06:51:54 -07:00
Tom Eastep	94d3651666	Fix typo in the Introduction to Shorewall	2009-07-13 06:51:27 -07:00
Tom Eastep	7456b4ab40	Remove LAST LINE lines from Shorewall6	2009-07-12 14:09:18 -07:00
Tom Eastep	887a643f9e	Initiate RC1	2009-07-12 10:06:57 -07:00
Tom Eastep	75861185e0	Minor typo/cosmetic corrections	2009-07-12 09:26:25 -07:00
Tom Eastep	1b4e50f607	Update home page for 4.4.0 Beta 4	2009-07-12 07:53:11 -07:00
Tom Eastep	2ca7e4b1eb	More updates to OpenVZ doc	2009-07-11 08:16:25 -07:00
Tom Eastep	966729a665	Update OpenVZ graphic	2009-07-11 07:56:36 -07:00
Tom Eastep	4d09aa0ff4	Remove duplicate macro GIT and update OpenVZ Doc	2009-07-10 11:31:33 -07:00
Tom Eastep	328eeba719	Add FAQ 34	2009-07-10 08:48:54 -07:00
Tom Eastep	73a48e1ddc	Update FAQ 14	2009-07-10 07:52:14 -07:00
Tom Eastep	54089a3607	Add FAQ 14	2009-07-10 07:46:34 -07:00
Tom Eastep	5bd3d710b7	Push version to Beta 4	2009-07-09 16:41:10 -07:00
Tom Eastep	bdd124b504	Derive IP6TABLES from IPTABLES	2009-07-09 10:29:56 -07:00
Tom Eastep	047a5caffd	Update OpenVZ doc again and update FAQ to refer to it	2009-07-08 09:06:15 -07:00
Tom Eastep	459f222137	Clarify RFC 1918 configuration	2009-07-07 16:25:35 -07:00
Tom Eastep	2142e92f8a	Remove add_command and replace all calls with calls to add_commands	2009-07-06 18:38:39 -07:00
Tom Eastep	0bb1fbd9c4	Make DISABLE_IPV6=No the default for released shorewall.conf files	2009-07-06 18:38:10 -07:00
Tom Eastep	f88048ebe4	More revert conflicts	2009-07-06 18:23:23 -07:00
Tom Eastep	bab4f9df33	Resolve revert conflicts	2009-07-06 18:08:17 -07:00
Tom Eastep	36a42fbe7f	More OpenVZ doc updates	2009-07-06 10:03:27 -07:00
Tom Eastep	86025ceaf1	Add OPTIONS to interfaces	2009-07-05 10:08:50 -07:00
Tom Eastep	fb571210c9	More OpenVZ documentation updates	2009-07-05 09:09:58 -07:00
Tom Eastep	187e250915	Add link to parallels.com	2009-07-01 17:30:56 -07:00
Tom Eastep	a10343dbf7	Mention Parellels in favor of SWSoft	2009-07-01 17:16:01 -07:00
Tom Eastep	16006e0425	Ensure that PATH is exported	2009-07-01 14:02:00 -07:00
Tom Eastep	81188bce1c	Update release notes	2009-06-30 09:01:05 -07:00
Tom Eastep	a6ba1d6b39	Add OpenVZ Documentation	2009-06-30 08:55:19 -07:00
Tom Eastep	38f859dfc4	Add OpenVZ Documentation	2009-06-30 08:55:04 -07:00
Tom Eastep	cb26cacac5	Update News for Beta 3	2009-06-30 07:09:02 -07:00
Tom Eastep	4a98936290	Update home page for Beta 3	2009-06-30 07:06:47 -07:00
Tom Eastep	bc85b615ba	More new macros	2009-06-29 21:05:23 -07:00
Tom Eastep	0afd7f3a6f	More new macros	2009-06-29 21:00:34 -07:00
Tom Eastep	26aa8ba504	Delete DISABLE_IPV6 option	2009-06-29 18:33:44 -07:00
Tom Eastep	050375b211	Delete DISABLE_IPV6 option	2009-06-29 18:33:13 -07:00
Tom Eastep	9dbafc59d0	Fix 'findgw'	2009-06-29 08:14:53 -07:00
Tom Eastep	355a515b1b	Some 4.4 cleanup of the Configuration File Basics doc	2009-06-28 08:11:27 -07:00
Tom Eastep	bbd9ff0a25	Add more verbage to the Download page and correct some typos	2009-06-28 07:21:47 -07:00
Tom Eastep	d32d677028	Add macro.OSPF	2009-06-28 06:18:43 -07:00
Tom Eastep	bc89604ba2	Add macro.OSPF	2009-06-28 06:17:48 -07:00
Tom Eastep	0b08186056	Fix a typo in the release notes	2009-06-27 13:46:50 -07:00
Tom Eastep	f264510729	Minor corrections to release notes	2009-06-27 10:27:30 -07:00
Tom Eastep	25c2403f48	Update version to Beta 3	2009-06-27 08:26:41 -07:00
Tom Eastep	b2b6633ced	More on port list split/validation	2009-06-26 15:05:35 -07:00
Tom Eastep	cb681ab5ca	Fix for source port counting	2009-06-26 10:31:43 -07:00
Tom Eastep	900cfa0def	1) Cosmetic change to compiler.pl 2) Make 'purge_jump' handle '-g <target>' correctly 3) Minor effeciency changes to Chains.pm	2009-06-26 09:46:15 -07:00
Tom Eastep	40bb8283d2	Verify the availability of the LOG target	2009-06-25 13:50:27 -07:00
Tom Eastep	974ae7f3bf	Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall	2009-06-25 06:25:27 -07:00
Tom Eastep	ca15ead9ab	Remove '#LAST LINE' from config files	2009-06-25 06:24:49 -07:00
Cristian Rodríguez	0d1b60bfa5	update link of FAQ 38	2009-06-25 07:17:01 -04:00
Tom Eastep	2f01fc9a3e	Fix 'show dynamic' -- take 2	2009-06-24 15:41:15 -07:00
Tom Eastep	f4338b52fe	Fix 'show dynamic'	2009-06-24 15:28:43 -07:00
Tom Eastep	6eb202666c	Fix for mis-configured interfaces	2009-06-24 08:58:37 -07:00
Tom Eastep	c85eacb863	Add new macros	2009-06-23 14:47:49 -07:00
Tom Eastep	88a0115776	Mention 'optional' in swping/lsm section	2009-06-23 11:14:02 -07:00
Cristian Rodríguez	7e5e2e882b	fix broken link	2009-06-21 19:00:28 -04:00
Cristian Rodríguez	1967f9cbb4	Merge branch 'master' of ssh://judas_iscariote@shorewall.git.sourceforge.net/gitroot/shorewall	2009-06-21 18:58:27 -04:00
Tom Eastep	14d07265ee	Add recommendation to migrate before upgrade	2009-06-21 08:51:05 -07:00
Tom Eastep	a01c1a1319	Tweak Shorewall-4/Shorewall-perl Docs -- take 2	2009-06-21 08:33:02 -07:00
Tom Eastep	d745f3bfc5	Tweak Shorewall-4/Shorewall-perl Docs	2009-06-21 08:31:19 -07:00
Tom Eastep	5044c70230	Remove bizarre sentence from tcclasses man pages	2009-06-20 17:37:09 -07:00
Cristian Rodríguez	9e246996ad	Merge branch 'master' of ssh://judas_iscariote@shorewall.git.sourceforge.net/gitroot/shorewall	2009-06-17 12:39:38 -04:00
Cristian Rodríguez	b714605663	Add new GIT macro	2009-06-16 22:12:56 -04:00