Update release docs

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/install.sh

@@ -23,7 +23,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall-init/shorewall-init.spec

@@ -1,6 +1,6 @@
 %define name shorewall-init
 %define version 4.4.15
-%define release 0base
+%define release 3
 
 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
 Name: %{name}
@@ -99,6 +99,12 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-3
+* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-2
+* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall-init/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite

@@ -177,6 +177,15 @@ verify_firewall_script() {
     fi
 }
 
+#
+# Fatal error
+#
+startup_error() {
+    echo "   ERROR: $@" >&2
+    kill $$
+    exit 1
+}
+
 #
 # Start Command Executor
 #

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.15
-%define release 0base
+%define release 3
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -102,6 +102,12 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-3
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-2
+* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Chains.pm

@@ -2039,8 +2039,7 @@ sub logchain( $$$$$$ ) {
 		       $logtag,
 		       'add',
 		       '' );
-
+	add_jump( $logchainref, $target, 0, $exceptionrule );
-	add_rule( $logchainref, $exceptionrule . $target );
     }
 
     $logchainref;
@@ -3264,7 +3263,7 @@ sub interface_nets( $ ) {
 sub get_interface_nets ( $ ) {
     my ( $logical ) = $_[0];
 
-    my $interface = get_physical( $logical );
+    my $interface = physical_name( $logical );
     my $variable = interface_nets( $interface );
 
     $global_variables |= ALL_COMMANDS;
@@ -3534,6 +3533,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 	    # An interface in the SOURCE column of a masq file
 	    #
 	    fatal_error "Bridge ports may not appear in the SOURCE column of this file" if port_to_bridge( $iiface );
+	    fatal_error "A wildcard interface ( $iiface) is not allowed in this context" if $iiface =~ /\+$/;
 
 	    if ( $table eq 'nat' ) {
 		warning_message qq(Using an interface as the masq SOURCE requires the interface to be up and configured when $Product starts/restarts) unless $idiotcount++;
@@ -3625,6 +3625,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 	    #
 	    fatal_error "A DEST interface is not permitted in the PREROUTING chain" if $restriction & DESTIFACE_DISALLOW;
 	    fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
+	    fatal_error "A wildcard interface ($diface) is not allowed in this context" if $diface =~ /\+$/;
 	    push_command( $chainref , 'for dest in ' . get_interface_nets( $diface) . '; do', 'done' );
 	    $rule .= '-d $dest ';
 	} else {
@@ -3846,9 +3847,11 @@ sub expand_rule( $$$$$$$$$$;$ )
 				#
 				# Find/Create a chain that both logs and applies the target action
 				# and jump to the log chain if all of the rule's conditions are met
-				#
+ 				#
+				assert( $target );
+
 				add_jump( $chainref,
-					  logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $jump ),
+					  logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $target ),
 					  $builtin_target{$disposition},
 					  $matches,
 					  1 );

Shorewall/Perl/Shorewall/Config.pm

@@ -353,7 +353,7 @@ sub initialize( $ ) {
 		    EXPORT => 0,
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED => 0,
-		    VERSION => "4.4.15",
+		    VERSION => "4.4.15.3",
 		    CAPVERSION => 40415 ,
 		  );
 
@@ -2895,8 +2895,9 @@ sub unsupported_yes_no_warning( $ ) {
 # Process the params file
 #
 sub get_params() {
-    if ( my $fn = find_file 'params' ) {
+    my $fn = find_file 'params';
 
+    if ( -f $fn ) {
 	progress_message2 "Processing $fn ...";
 
 	my $command = "$globals{SHAREDIRPL}/getparams $fn " . join( ':', @config_path );
@@ -2908,9 +2909,7 @@ sub get_params() {
 	for ( @params ) {
 	    if ( /^(.*?)=(.*)$/ ) {
 		$params{$1} = $2 unless $1 eq '_';
-	    } else {
+	    }	
-		assert(0);
-	    }
 	} 
     }
 }

Shorewall/Perl/Shorewall/Providers.pm

@@ -275,7 +275,7 @@ sub add_a_provider( ) {
 	require_capability 'REALM_MATCH', "Configuring multiple providers through one interface", "s";
     }
 
-    fatal_error "Unknown Interface ($interface)" unless known_interface( $interface, 1 );
+    fatal_error "Unknown Interface ($interface)" unless known_interface( $interface );
     fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
 
     my $physical    = get_physical $interface;

Shorewall/Perl/Shorewall/Proxyarp.pm

@@ -56,8 +56,8 @@ sub initialize( $ ) {
     @proxyarp = ();
 }
 
-sub setup_one_proxy_arp( $$$$$ ) {
+sub setup_one_proxy_arp( $$$$$$$ ) {
-    my ( $address, $interface, $external, $haveroute, $persistent) = @_;
+    my ( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent) = @_;
 
     if ( "\L$haveroute" eq 'no' || $haveroute eq '-' ) {
 	$haveroute = '';
@@ -76,15 +76,15 @@ sub setup_one_proxy_arp( $$$$$ ) {
     }
 
     unless ( $haveroute ) {
-	emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $interface";
+	emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $physical";
 	$haveroute = 1 if $persistent;
     }
 
-    emit ( "if ! arp -i $external -Ds $address $external pub; then",
+    emit ( "if ! arp -i $extphy -Ds $address $extphy pub; then",
-	   "    fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
+	   "    fatal_error \"Command 'arp -i $extphy -Ds $address $extphy pub' failed\"" ,
 	   'fi' ,
 	   '',
-	   "progress_message \"   Host $address connected to $interface added to ARP on $external\"\n" );
+	   "progress_message \"   Host $address connected to $interface added to ARP on $extphy\"\n" );
 
     push @proxyarp, "$address $interface $external $haveroute";
 
@@ -117,30 +117,35 @@ sub setup_proxy_arp() {
 		    $first_entry = 0;
 		}
 
-		$interface = get_physical $interface;
+		fatal_error "Unknown interface ($interface)" unless known_interface $interface, 1;
-		$external  = get_physical $external;
+		fatal_error "Unknown interface ($external)"  unless known_interface $external, 1;
+
+		my $physical = physical_name $interface;
+		my $extphy   = physical_name $external;
 
 		$set{$interface}  = 1;
 		$reset{$external} = 1 unless $set{$external};
 
-		setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
+		setup_one_proxy_arp( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent );
 	    }
 
 	    emit '';
 
 	    for my $interface ( keys %reset ) {
 		unless ( $set{interface} ) {
-		    emit  ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
+		    my $physical = get_physical $interface;
-			    "    echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
+		    emit  ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
+			    "    echo 0 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
 		    emit    "fi\n";
 		}
 	    }
 
 	    for my $interface ( keys %set ) {
-		emit  ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
+		my $physical = get_physical $interface;
-			"    echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
+		emit  ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
+			"    echo 1 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
 		emit  ( 'else' ,
-			"    error_message \"    WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
+			"    error_message \"    WARNING: Cannot set the 'proxy_arp' option for interface $physical\"" ) unless interface_is_optional( $interface );
 		emit    "fi\n";
 	    }
 

Shorewall/Perl/Shorewall/Tc.pm

@@ -476,6 +476,8 @@ sub process_simple_device() {
 
     my $number = in_hexp( $tcdevices{$device} = ++$devnum );
 
+    fatal_error "Unknown interface( $device )" unless known_interface $device;
+
     my $physical = physical_name $device;
     my $dev      = chain_base( $physical );
 

Shorewall/Perl/Shorewall/Zones.pm

@@ -192,6 +192,7 @@ use constant { SIMPLE_IF_OPTION   => 1,
 	       IF_OPTION_ZONEONLY => 8,
 	       IF_OPTION_HOST     => 16,
 	       IF_OPTION_VSERVER  => 32,
+	       IF_OPTION_WILDOK   => 64
 	   };
 
 our %validinterfaceoptions;
@@ -249,9 +250,9 @@ sub initialize( $ ) {
 				  tcpflags    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
 				  upnp        => SIMPLE_IF_OPTION,
 				  upnpclient  => SIMPLE_IF_OPTION,
-				  mss         => NUMERIC_IF_OPTION,
+				  mss         => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
-				  physical    => STRING_IF_OPTION + IF_OPTION_HOST,
+				  physical    => STRING_IF_OPTION  + IF_OPTION_HOST,
-				  wait        => NUMERIC_IF_OPTION,
+				  wait        => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
 				 );
 	%validhostoptions = (
 			     blacklist => 1,
@@ -276,10 +277,10 @@ sub initialize( $ ) {
 				    routeback   => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
 				    sourceroute => BINARY_IF_OPTION,
 				    tcpflags    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
-				    mss         => NUMERIC_IF_OPTION,
+				    mss         => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
 				    forward     => BINARY_IF_OPTION,
 				    physical    => STRING_IF_OPTION + IF_OPTION_HOST,
-				    wait        => NUMERIC_IF_OPTION,
+				    wait        => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
 				 );
 	%validhostoptions = (
 			     blacklist => 1,
@@ -998,6 +999,7 @@ sub process_interface( $$ ) {
 		    assert( 0 );
 		}
 	    } elsif ( $type == NUMERIC_IF_OPTION ) {
+		fatal_error "The '$option' option may not be specified on a wildcard interface" if $wildcard && ! $type && IF_OPTION_WILDOK; 
 		$value = $defaultinterfaceoptions{$option} unless defined $value;
 		fatal_error "The '$option' option requires a value" unless defined $value;
 		my $numval = numeric_value $value;
@@ -1185,7 +1187,7 @@ sub map_physical( $$ ) {
 # If the passed name matches a wildcard and 'cache' is true, an entry for the name is added in
 # %interfaces.
 #
-sub known_interface($;$)
+sub known_interface($)
 {
     my ( $interface, $cache ) = @_;
     my $interfaceref = $interfaces{$interface};
@@ -1197,20 +1199,16 @@ sub known_interface($;$)
     for my $i ( @interfaces ) {
 	$interfaceref = $interfaces{$i};
 	my $root = $interfaceref->{root};
-	if ( $i ne $root && substr( $interface, 0, length $root ) eq $root ) {
+	if ( $i ne $root && $interface ne $root && substr( $interface, 0, length $root ) eq $root ) {
 	    my $physical = map_physical( $interface, $interfaceref );
 
-	    my $copyref = { options  => $interfaceref->{options},
+	    return $interfaces{$interface} = { options  => $interfaceref->{options},
-			    bridge   => $interfaceref->{bridge} ,
+					       bridge   => $interfaceref->{bridge} ,
-			    name     => $i ,
+					       name     => $i ,
-			    number   => $interfaceref->{number} ,
+					       number   => $interfaceref->{number} ,
-			    physical => $physical ,
+					       physical => $physical ,
-			    base     => chain_base( $physical ) ,
+					       base     => chain_base( $physical ) ,
-			  };
+					     };
-
-	    $interfaces{$interface} = $copyref if $cache;
-
-	    return $copyref;
 	}
     }
 
@@ -1332,7 +1330,7 @@ sub find_interfaces_by_option1( $ ) {
     my $wild = 0;
 
     for my $interface ( sort { $interfaces{$a}->{number} <=> $interfaces{$b}->{number} }
-			keys %interfaces ) {
+			( grep $interfaces{$_}{root}, keys %interfaces ) ) {
 	my $interfaceref = $interfaces{$interface};
 
 	next unless defined $interfaceref->{physical};
@@ -1356,7 +1354,14 @@ sub find_interfaces_by_option1( $ ) {
 sub get_interface_option( $$ ) {
     my ( $interface, $option ) = @_;
 
-    $interfaces{$interface}{options}{$option};
+    my $ref = $interfaces{$interface};
+
+    return $ref->{options}{$option} if $ref;
+
+    assert( $ref = known_interface( $interface ) );
+
+    $ref->{options}{$option};
+    
 }
 
 #

Shorewall/changelog.txt

@@ -1,9 +1,35 @@
+Changes in Shorewall 4.4.15.3
+
+1)  Don't let root match wildcard.
+
+2)  Fix use of wildcard names in the notrack file.
+
+3)  Fix use of wildcard names in the proxyarp file
+
+4)  Prevent perl runtime warnings with cached interface entries.
+
+5)  Fix old optimization bug.
+
+Changes in Shorewall 4.4.15.2
+
+1)  Fix broken logical naming with Proxy ARP.
+
+2)  Verify interface names in proxyarp and tcinterfaces.
+
+Changes in Shorewall 4.4.15.1
+
+1)  Change assertion into a warning in getparams.
+
+2)  Correct handling of missing params file.
+
 Changes in Shorewall 4.4.15
 
 1)  Add macros from Tuomo Soini.
 
 2)  Corrected macro.JAP.
 
+3)  Added fatal_error() functions to the -lite CLIs.
+
 RC 1
 
 1)  Another Perl 5.12 warning.

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -1 +1,30 @@
-There are no known problems in Shorewall 4.4.15
+1)  On systems running Upstart, shorewall-init cannot reliably secure
+    the firewall before interfaces are brought up.
+
+2)  If the output of 'env' contains a multi-line value, then
+    compilation failed with an Internal Error.
+
+    Workaround: In /etc/shorewall/params, reset any exported variables
+    that have a multi-line value.
+
+    Corrected in 4.4.15.1.
+
+3)  If a params file does not appear in the CONFIG_PATH, compilation
+    fails with the error:
+
+    	   .: 31: Can't open /etc/shorewall6/params
+	   ERROR: Processing of /etc/shorewall6/params failed
+
+    Workaround: 'touch /etc/shorewall/params' (or
+                /etc/shorewall6/params).
+
+    Corrected in 4.4.15.1.
+
+4)  When logical interface names are used, proxy ARP does not
+    work. Symptoms include numerous Perl runtime error Messages.
+
+    Workaround: Don't use proxy arp involving an interface with a
+    logical name that is different from its physical name.
+
+5)  Unknown interface names in the proxyarp and tcinterfaces files
+    result in Perl runtime errors.

Shorewall/releasenotes.txt

@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-                      S H O R E W A L L  4 . 4 . 1 5
+                      S H O R E W A L L  4 . 4 . 1 5 . 3
 ----------------------------------------------------------------------------
 
 I.    PROBLEMS CORRECTED IN THIS RELEASE
@@ -12,6 +12,46 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 ----------------------------------------------------------------------------
   I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
+4.4.15.3
+
+1)  Previously, the root of a wildcard name erroneously matched that
+    name. For example 'eth' matched 'eth+'. Now there must be at least
+    one additional character (e.g., 'eth4').
+
+2)  Use of logical interface names in the notrack and ecn files
+    resulted in perl runtime warning messages.
+
+3)  The use of wildcard-matching names in certain contexts would result
+    in perl run-time messages similar to this one:
+
+       Use of uninitialized value in numeric comparison (<=>) 
+       at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
+
+4)  Under very rare circumstances, a chain could be optimized away 
+    even when there are jumps to the chain. This resulted in a
+    start/restart failure.
+
+4.4.15.2
+
+1)  Previously, proxy ARP with logical interface names did not
+    work. Symptoms included numerous Perl runtime error messages.
+
+2)  Previously, unknown interface names in the proxyarp and
+    tcinterfaces files resulted in Perl runtime errors.
+
+4.4.15.1
+
+1)  If the output of 'env' contained a multi-line value, then
+    compilation failed with an Internal Error. The code has been
+    changed to ignore all but the first line of a multi-line value.
+
+2)  If a params file does not appear in the CONFIG_PATH, compilation
+    failed with the error:
+
+    	   .: 31: Can't open /etc/shorewall6/params 
+	   ERROR: Processing of /etc/shorewall6/params failed
+
+4.4.15
 
 1)  Previously, if 
 
@@ -66,6 +106,13 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
     macros (if 'PARAM' was passed to an nested macro invocation, it was
     not expanded to the current parameter value).
 
+7)  Previously, if find_first_interface_address() failed when running
+    shorewall-lite or shoreawll6-lite, the following unhelpful message
+    was issued:
+
+    	/usr/share/shorewall-lite/lib.common: line 449: startup_error: command
+                                              not found
+
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.15
-%define release 0base
+%define release 3
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -109,6 +109,12 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
 
 %changelog
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-3
+* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-2
+* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite

@@ -176,6 +176,15 @@ verify_firewall_script() {
     fi
 }
 
+#
+# Fatal error
+#
+startup_error() {
+    echo "   ERROR: $@" >&2
+    kill $$
+    exit 1
+}
+
 #
 # Start Command Executor
 #

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.15
-%define release 0base
+%define release 3
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -93,6 +93,12 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-3
+* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-2
+* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.15
-%define release 0base
+%define release 3
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,12 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-3
+* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-2
+* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.15-1
 * Fri Nov 26 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.15-0base
 * Mon Nov 22 2010 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.15
+VERSION=4.4.15.3
 
 usage() # $1 = exit status
 {