forked from extern/shorewall_code
Compare commits
27 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
1d74964d4a | ||
|
6afef5fa8b | ||
|
5781a16bda | ||
|
5efbae0a4a | ||
|
0d550d9bce | ||
|
845a4f40fd | ||
|
954f160dfd | ||
|
b08b969daf | ||
|
76683ea252 | ||
|
d1f2ee0c56 | ||
|
c58a0fbdb3 | ||
|
886121eaf3 | ||
|
073366e610 | ||
|
cb1843bbea | ||
|
f753c3c9ea | ||
|
a6d73814e5 | ||
|
ce7e33cd48 | ||
|
cfe4f7c056 | ||
|
780c252615 | ||
|
a6a4fc658f | ||
|
d1158a8a99 | ||
|
a67364c07d | ||
|
d0e37eba5e | ||
|
1f65a5116c | ||
|
9c2c536ced | ||
|
1e9fe662cd | ||
|
7d96ad2ffd |
@ -23,7 +23,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
%define name shorewall-init
|
||||
%define version 4.4.15
|
||||
%define release 0base
|
||||
%define release 3
|
||||
|
||||
Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
|
||||
Name: %{name}
|
||||
@ -99,6 +99,12 @@ fi
|
||||
%doc COPYING changelog.txt releasenotes.txt
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-3
|
||||
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-2
|
||||
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-1
|
||||
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-0base
|
||||
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -177,6 +177,15 @@ verify_firewall_script() {
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Fatal error
|
||||
#
|
||||
startup_error() {
|
||||
echo " ERROR: $@" >&2
|
||||
kill $$
|
||||
exit 1
|
||||
}
|
||||
|
||||
#
|
||||
# Start Command Executor
|
||||
#
|
||||
|
@ -1,6 +1,6 @@
|
||||
%define name shorewall-lite
|
||||
%define version 4.4.15
|
||||
%define release 0base
|
||||
%define release 3
|
||||
|
||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||
Name: %{name}
|
||||
@ -102,6 +102,12 @@ fi
|
||||
%doc COPYING changelog.txt releasenotes.txt
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-3
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-2
|
||||
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-1
|
||||
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-0base
|
||||
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -2039,8 +2039,7 @@ sub logchain( $$$$$$ ) {
|
||||
$logtag,
|
||||
'add',
|
||||
'' );
|
||||
|
||||
add_rule( $logchainref, $exceptionrule . $target );
|
||||
add_jump( $logchainref, $target, 0, $exceptionrule );
|
||||
}
|
||||
|
||||
$logchainref;
|
||||
@ -3264,7 +3263,7 @@ sub interface_nets( $ ) {
|
||||
sub get_interface_nets ( $ ) {
|
||||
my ( $logical ) = $_[0];
|
||||
|
||||
my $interface = get_physical( $logical );
|
||||
my $interface = physical_name( $logical );
|
||||
my $variable = interface_nets( $interface );
|
||||
|
||||
$global_variables |= ALL_COMMANDS;
|
||||
@ -3534,6 +3533,7 @@ sub expand_rule( $$$$$$$$$$;$ )
|
||||
# An interface in the SOURCE column of a masq file
|
||||
#
|
||||
fatal_error "Bridge ports may not appear in the SOURCE column of this file" if port_to_bridge( $iiface );
|
||||
fatal_error "A wildcard interface ( $iiface) is not allowed in this context" if $iiface =~ /\+$/;
|
||||
|
||||
if ( $table eq 'nat' ) {
|
||||
warning_message qq(Using an interface as the masq SOURCE requires the interface to be up and configured when $Product starts/restarts) unless $idiotcount++;
|
||||
@ -3625,6 +3625,7 @@ sub expand_rule( $$$$$$$$$$;$ )
|
||||
#
|
||||
fatal_error "A DEST interface is not permitted in the PREROUTING chain" if $restriction & DESTIFACE_DISALLOW;
|
||||
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
|
||||
fatal_error "A wildcard interface ($diface) is not allowed in this context" if $diface =~ /\+$/;
|
||||
push_command( $chainref , 'for dest in ' . get_interface_nets( $diface) . '; do', 'done' );
|
||||
$rule .= '-d $dest ';
|
||||
} else {
|
||||
@ -3846,9 +3847,11 @@ sub expand_rule( $$$$$$$$$$;$ )
|
||||
#
|
||||
# Find/Create a chain that both logs and applies the target action
|
||||
# and jump to the log chain if all of the rule's conditions are met
|
||||
#
|
||||
#
|
||||
assert( $target );
|
||||
|
||||
add_jump( $chainref,
|
||||
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $jump ),
|
||||
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $target ),
|
||||
$builtin_target{$disposition},
|
||||
$matches,
|
||||
1 );
|
||||
|
@ -353,7 +353,7 @@ sub initialize( $ ) {
|
||||
EXPORT => 0,
|
||||
STATEMATCH => '-m state --state',
|
||||
UNTRACKED => 0,
|
||||
VERSION => "4.4.15",
|
||||
VERSION => "4.4.15.3",
|
||||
CAPVERSION => 40415 ,
|
||||
);
|
||||
|
||||
@ -2895,8 +2895,9 @@ sub unsupported_yes_no_warning( $ ) {
|
||||
# Process the params file
|
||||
#
|
||||
sub get_params() {
|
||||
if ( my $fn = find_file 'params' ) {
|
||||
my $fn = find_file 'params';
|
||||
|
||||
if ( -f $fn ) {
|
||||
progress_message2 "Processing $fn ...";
|
||||
|
||||
my $command = "$globals{SHAREDIRPL}/getparams $fn " . join( ':', @config_path );
|
||||
@ -2908,8 +2909,6 @@ sub get_params() {
|
||||
for ( @params ) {
|
||||
if ( /^(.*?)=(.*)$/ ) {
|
||||
$params{$1} = $2 unless $1 eq '_';
|
||||
} else {
|
||||
assert(0);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -275,7 +275,7 @@ sub add_a_provider( ) {
|
||||
require_capability 'REALM_MATCH', "Configuring multiple providers through one interface", "s";
|
||||
}
|
||||
|
||||
fatal_error "Unknown Interface ($interface)" unless known_interface( $interface, 1 );
|
||||
fatal_error "Unknown Interface ($interface)" unless known_interface( $interface );
|
||||
fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
|
||||
|
||||
my $physical = get_physical $interface;
|
||||
|
@ -56,8 +56,8 @@ sub initialize( $ ) {
|
||||
@proxyarp = ();
|
||||
}
|
||||
|
||||
sub setup_one_proxy_arp( $$$$$ ) {
|
||||
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
|
||||
sub setup_one_proxy_arp( $$$$$$$ ) {
|
||||
my ( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent) = @_;
|
||||
|
||||
if ( "\L$haveroute" eq 'no' || $haveroute eq '-' ) {
|
||||
$haveroute = '';
|
||||
@ -76,15 +76,15 @@ sub setup_one_proxy_arp( $$$$$ ) {
|
||||
}
|
||||
|
||||
unless ( $haveroute ) {
|
||||
emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $interface";
|
||||
emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $physical";
|
||||
$haveroute = 1 if $persistent;
|
||||
}
|
||||
|
||||
emit ( "if ! arp -i $external -Ds $address $external pub; then",
|
||||
" fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
|
||||
emit ( "if ! arp -i $extphy -Ds $address $extphy pub; then",
|
||||
" fatal_error \"Command 'arp -i $extphy -Ds $address $extphy pub' failed\"" ,
|
||||
'fi' ,
|
||||
'',
|
||||
"progress_message \" Host $address connected to $interface added to ARP on $external\"\n" );
|
||||
"progress_message \" Host $address connected to $interface added to ARP on $extphy\"\n" );
|
||||
|
||||
push @proxyarp, "$address $interface $external $haveroute";
|
||||
|
||||
@ -117,30 +117,35 @@ sub setup_proxy_arp() {
|
||||
$first_entry = 0;
|
||||
}
|
||||
|
||||
$interface = get_physical $interface;
|
||||
$external = get_physical $external;
|
||||
fatal_error "Unknown interface ($interface)" unless known_interface $interface, 1;
|
||||
fatal_error "Unknown interface ($external)" unless known_interface $external, 1;
|
||||
|
||||
my $physical = physical_name $interface;
|
||||
my $extphy = physical_name $external;
|
||||
|
||||
$set{$interface} = 1;
|
||||
$reset{$external} = 1 unless $set{$external};
|
||||
|
||||
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
|
||||
setup_one_proxy_arp( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent );
|
||||
}
|
||||
|
||||
emit '';
|
||||
|
||||
for my $interface ( keys %reset ) {
|
||||
unless ( $set{interface} ) {
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
" echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
||||
my $physical = get_physical $interface;
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
|
||||
" echo 0 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
|
||||
emit "fi\n";
|
||||
}
|
||||
}
|
||||
|
||||
for my $interface ( keys %set ) {
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
||||
" echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
||||
my $physical = get_physical $interface;
|
||||
emit ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
|
||||
" echo 1 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
|
||||
emit ( 'else' ,
|
||||
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
|
||||
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $physical\"" ) unless interface_is_optional( $interface );
|
||||
emit "fi\n";
|
||||
}
|
||||
|
||||
|
@ -476,6 +476,8 @@ sub process_simple_device() {
|
||||
|
||||
my $number = in_hexp( $tcdevices{$device} = ++$devnum );
|
||||
|
||||
fatal_error "Unknown interface( $device )" unless known_interface $device;
|
||||
|
||||
my $physical = physical_name $device;
|
||||
my $dev = chain_base( $physical );
|
||||
|
||||
|
@ -192,6 +192,7 @@ use constant { SIMPLE_IF_OPTION => 1,
|
||||
IF_OPTION_ZONEONLY => 8,
|
||||
IF_OPTION_HOST => 16,
|
||||
IF_OPTION_VSERVER => 32,
|
||||
IF_OPTION_WILDOK => 64
|
||||
};
|
||||
|
||||
our %validinterfaceoptions;
|
||||
@ -249,9 +250,9 @@ sub initialize( $ ) {
|
||||
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
upnp => SIMPLE_IF_OPTION,
|
||||
upnpclient => SIMPLE_IF_OPTION,
|
||||
mss => NUMERIC_IF_OPTION,
|
||||
physical => STRING_IF_OPTION + IF_OPTION_HOST,
|
||||
wait => NUMERIC_IF_OPTION,
|
||||
mss => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
|
||||
physical => STRING_IF_OPTION + IF_OPTION_HOST,
|
||||
wait => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
|
||||
);
|
||||
%validhostoptions = (
|
||||
blacklist => 1,
|
||||
@ -276,10 +277,10 @@ sub initialize( $ ) {
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
|
||||
sourceroute => BINARY_IF_OPTION,
|
||||
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
mss => NUMERIC_IF_OPTION,
|
||||
mss => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
|
||||
forward => BINARY_IF_OPTION,
|
||||
physical => STRING_IF_OPTION + IF_OPTION_HOST,
|
||||
wait => NUMERIC_IF_OPTION,
|
||||
wait => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
|
||||
);
|
||||
%validhostoptions = (
|
||||
blacklist => 1,
|
||||
@ -998,6 +999,7 @@ sub process_interface( $$ ) {
|
||||
assert( 0 );
|
||||
}
|
||||
} elsif ( $type == NUMERIC_IF_OPTION ) {
|
||||
fatal_error "The '$option' option may not be specified on a wildcard interface" if $wildcard && ! $type && IF_OPTION_WILDOK;
|
||||
$value = $defaultinterfaceoptions{$option} unless defined $value;
|
||||
fatal_error "The '$option' option requires a value" unless defined $value;
|
||||
my $numval = numeric_value $value;
|
||||
@ -1185,7 +1187,7 @@ sub map_physical( $$ ) {
|
||||
# If the passed name matches a wildcard and 'cache' is true, an entry for the name is added in
|
||||
# %interfaces.
|
||||
#
|
||||
sub known_interface($;$)
|
||||
sub known_interface($)
|
||||
{
|
||||
my ( $interface, $cache ) = @_;
|
||||
my $interfaceref = $interfaces{$interface};
|
||||
@ -1197,20 +1199,16 @@ sub known_interface($;$)
|
||||
for my $i ( @interfaces ) {
|
||||
$interfaceref = $interfaces{$i};
|
||||
my $root = $interfaceref->{root};
|
||||
if ( $i ne $root && substr( $interface, 0, length $root ) eq $root ) {
|
||||
if ( $i ne $root && $interface ne $root && substr( $interface, 0, length $root ) eq $root ) {
|
||||
my $physical = map_physical( $interface, $interfaceref );
|
||||
|
||||
my $copyref = { options => $interfaceref->{options},
|
||||
bridge => $interfaceref->{bridge} ,
|
||||
name => $i ,
|
||||
number => $interfaceref->{number} ,
|
||||
physical => $physical ,
|
||||
base => chain_base( $physical ) ,
|
||||
};
|
||||
|
||||
$interfaces{$interface} = $copyref if $cache;
|
||||
|
||||
return $copyref;
|
||||
return $interfaces{$interface} = { options => $interfaceref->{options},
|
||||
bridge => $interfaceref->{bridge} ,
|
||||
name => $i ,
|
||||
number => $interfaceref->{number} ,
|
||||
physical => $physical ,
|
||||
base => chain_base( $physical ) ,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@ -1332,7 +1330,7 @@ sub find_interfaces_by_option1( $ ) {
|
||||
my $wild = 0;
|
||||
|
||||
for my $interface ( sort { $interfaces{$a}->{number} <=> $interfaces{$b}->{number} }
|
||||
keys %interfaces ) {
|
||||
( grep $interfaces{$_}{root}, keys %interfaces ) ) {
|
||||
my $interfaceref = $interfaces{$interface};
|
||||
|
||||
next unless defined $interfaceref->{physical};
|
||||
@ -1356,7 +1354,14 @@ sub find_interfaces_by_option1( $ ) {
|
||||
sub get_interface_option( $$ ) {
|
||||
my ( $interface, $option ) = @_;
|
||||
|
||||
$interfaces{$interface}{options}{$option};
|
||||
my $ref = $interfaces{$interface};
|
||||
|
||||
return $ref->{options}{$option} if $ref;
|
||||
|
||||
assert( $ref = known_interface( $interface ) );
|
||||
|
||||
$ref->{options}{$option};
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -1,9 +1,35 @@
|
||||
Changes in Shorewall 4.4.15.3
|
||||
|
||||
1) Don't let root match wildcard.
|
||||
|
||||
2) Fix use of wildcard names in the notrack file.
|
||||
|
||||
3) Fix use of wildcard names in the proxyarp file
|
||||
|
||||
4) Prevent perl runtime warnings with cached interface entries.
|
||||
|
||||
5) Fix old optimization bug.
|
||||
|
||||
Changes in Shorewall 4.4.15.2
|
||||
|
||||
1) Fix broken logical naming with Proxy ARP.
|
||||
|
||||
2) Verify interface names in proxyarp and tcinterfaces.
|
||||
|
||||
Changes in Shorewall 4.4.15.1
|
||||
|
||||
1) Change assertion into a warning in getparams.
|
||||
|
||||
2) Correct handling of missing params file.
|
||||
|
||||
Changes in Shorewall 4.4.15
|
||||
|
||||
1) Add macros from Tuomo Soini.
|
||||
|
||||
2) Corrected macro.JAP.
|
||||
|
||||
3) Added fatal_error() functions to the -lite CLIs.
|
||||
|
||||
RC 1
|
||||
|
||||
1) Another Perl 5.12 warning.
|
||||
|
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -1 +1,30 @@
|
||||
There are no known problems in Shorewall 4.4.15
|
||||
1) On systems running Upstart, shorewall-init cannot reliably secure
|
||||
the firewall before interfaces are brought up.
|
||||
|
||||
2) If the output of 'env' contains a multi-line value, then
|
||||
compilation failed with an Internal Error.
|
||||
|
||||
Workaround: In /etc/shorewall/params, reset any exported variables
|
||||
that have a multi-line value.
|
||||
|
||||
Corrected in 4.4.15.1.
|
||||
|
||||
3) If a params file does not appear in the CONFIG_PATH, compilation
|
||||
fails with the error:
|
||||
|
||||
.: 31: Can't open /etc/shorewall6/params
|
||||
ERROR: Processing of /etc/shorewall6/params failed
|
||||
|
||||
Workaround: 'touch /etc/shorewall/params' (or
|
||||
/etc/shorewall6/params).
|
||||
|
||||
Corrected in 4.4.15.1.
|
||||
|
||||
4) When logical interface names are used, proxy ARP does not
|
||||
work. Symptoms include numerous Perl runtime error Messages.
|
||||
|
||||
Workaround: Don't use proxy arp involving an interface with a
|
||||
logical name that is different from its physical name.
|
||||
|
||||
5) Unknown interface names in the proxyarp and tcinterfaces files
|
||||
result in Perl runtime errors.
|
||||
|
@ -1,5 +1,5 @@
|
||||
----------------------------------------------------------------------------
|
||||
S H O R E W A L L 4 . 4 . 1 5
|
||||
S H O R E W A L L 4 . 4 . 1 5 . 3
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
I. PROBLEMS CORRECTED IN THIS RELEASE
|
||||
@ -12,6 +12,46 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
----------------------------------------------------------------------------
|
||||
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||
----------------------------------------------------------------------------
|
||||
4.4.15.3
|
||||
|
||||
1) Previously, the root of a wildcard name erroneously matched that
|
||||
name. For example 'eth' matched 'eth+'. Now there must be at least
|
||||
one additional character (e.g., 'eth4').
|
||||
|
||||
2) Use of logical interface names in the notrack and ecn files
|
||||
resulted in perl runtime warning messages.
|
||||
|
||||
3) The use of wildcard-matching names in certain contexts would result
|
||||
in perl run-time messages similar to this one:
|
||||
|
||||
Use of uninitialized value in numeric comparison (<=>)
|
||||
at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
|
||||
|
||||
4) Under very rare circumstances, a chain could be optimized away
|
||||
even when there are jumps to the chain. This resulted in a
|
||||
start/restart failure.
|
||||
|
||||
4.4.15.2
|
||||
|
||||
1) Previously, proxy ARP with logical interface names did not
|
||||
work. Symptoms included numerous Perl runtime error messages.
|
||||
|
||||
2) Previously, unknown interface names in the proxyarp and
|
||||
tcinterfaces files resulted in Perl runtime errors.
|
||||
|
||||
4.4.15.1
|
||||
|
||||
1) If the output of 'env' contained a multi-line value, then
|
||||
compilation failed with an Internal Error. The code has been
|
||||
changed to ignore all but the first line of a multi-line value.
|
||||
|
||||
2) If a params file does not appear in the CONFIG_PATH, compilation
|
||||
failed with the error:
|
||||
|
||||
.: 31: Can't open /etc/shorewall6/params
|
||||
ERROR: Processing of /etc/shorewall6/params failed
|
||||
|
||||
4.4.15
|
||||
|
||||
1) Previously, if
|
||||
|
||||
@ -66,6 +106,13 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
macros (if 'PARAM' was passed to an nested macro invocation, it was
|
||||
not expanded to the current parameter value).
|
||||
|
||||
7) Previously, if find_first_interface_address() failed when running
|
||||
shorewall-lite or shoreawll6-lite, the following unhelpful message
|
||||
was issued:
|
||||
|
||||
/usr/share/shorewall-lite/lib.common: line 449: startup_error: command
|
||||
not found
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -1,6 +1,6 @@
|
||||
%define name shorewall
|
||||
%define version 4.4.15
|
||||
%define release 0base
|
||||
%define release 3
|
||||
|
||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||
Name: %{name}
|
||||
@ -109,6 +109,12 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-3
|
||||
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-2
|
||||
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-1
|
||||
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-0base
|
||||
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -176,6 +176,15 @@ verify_firewall_script() {
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Fatal error
|
||||
#
|
||||
startup_error() {
|
||||
echo " ERROR: $@" >&2
|
||||
kill $$
|
||||
exit 1
|
||||
}
|
||||
|
||||
#
|
||||
# Start Command Executor
|
||||
#
|
||||
|
@ -1,6 +1,6 @@
|
||||
%define name shorewall6-lite
|
||||
%define version 4.4.15
|
||||
%define release 0base
|
||||
%define release 3
|
||||
|
||||
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
||||
Name: %{name}
|
||||
@ -93,6 +93,12 @@ fi
|
||||
%doc COPYING changelog.txt releasenotes.txt
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-3
|
||||
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-2
|
||||
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-1
|
||||
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-0base
|
||||
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -22,7 +22,7 @@
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
%define name shorewall6
|
||||
%define version 4.4.15
|
||||
%define release 0base
|
||||
%define release 3
|
||||
|
||||
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
||||
Name: %{name}
|
||||
@ -98,6 +98,12 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
||||
|
||||
%changelog
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-3
|
||||
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-2
|
||||
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-1
|
||||
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
|
||||
- Updated to 4.4.15-0base
|
||||
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Shorewall Firewall
|
||||
|
||||
VERSION=4.4.15
|
||||
VERSION=4.4.15.3
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user