Compare commits

...

27 Commits

Author SHA1 Message Date
Tom Eastep
1d74964d4a Update release docs 2010-12-27 12:43:00 -08:00
Tom Eastep
6afef5fa8b Correct existing optimization issue 2010-12-27 12:34:20 -08:00
Tom Eastep
5781a16bda Correct version 2010-12-21 10:11:47 -08:00
Tom Eastep
5efbae0a4a Bump version to 4.4.15.4 2010-12-21 09:30:41 -08:00
Tom Eastep
0d550d9bce Unconditionally cache interface lookup results 2010-12-21 09:26:47 -08:00
Tom Eastep
845a4f40fd Add some insurance against wildcard interfaces 2010-12-21 09:26:14 -08:00
Tom Eastep
954f160dfd Disallow wildcard interfaces in additional contexts 2010-12-21 09:24:55 -08:00
Tom Eastep
b08b969daf Disallow wildcard interfaces in additional contexts 2010-12-21 09:24:35 -08:00
Tom Eastep
76683ea252 Update release docs with merged fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-20 07:48:33 -08:00
Tom Eastep
d1f2ee0c56 Fix more physical name issues
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-20 07:41:01 -08:00
Tom Eastep
c58a0fbdb3 Fix undef access out of notrack file 2010-12-20 07:37:18 -08:00
Tom Eastep
886121eaf3 Don't allow interface that is identical to the root of a wildcard 2010-12-20 07:35:19 -08:00
Tom Eastep
073366e610 Update version to 4.4.15.2 2010-12-17 07:52:42 -08:00
Tom Eastep
cb1843bbea Document fixes for unknown interface names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-11 10:29:25 -08:00
Tom Eastep
f753c3c9ea Ensure that interfaces listed in the proxyarp (proxyndp) file are known
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-11 10:13:35 -08:00
Tom Eastep
a6d73814e5 Ensure that interfaces listed in the tcinterfaces file are known 2010-12-11 10:10:10 -08:00
Tom Eastep
ce7e33cd48 Fix broken logical naming in Proxy ARP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 12:27:15 -08:00
Tom Eastep
cfe4f7c056 Document fix for logical names with Proxy ARP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 12:27:05 -08:00
Tom Eastep
780c252615 Update known problems for 4.4.15.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 10:47:23 -08:00
Tom Eastep
a6a4fc658f Document fix for missing params file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 10:32:54 -08:00
Tom Eastep
d1158a8a99 Correct handling of params file opens.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 10:15:23 -08:00
Tom Eastep
a67364c07d Revert to 'env'-based get_params() 2010-12-01 10:48:20 -08:00
Tom Eastep
d0e37eba5e Omit warning message and improve implementation of getparams
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-01 09:24:47 -08:00
Tom Eastep
1f65a5116c Bump version to 4.4.15.1 2010-12-01 08:24:32 -08:00
Tom Eastep
9c2c536ced Ignore bogus 'env' output with a warning 2010-12-01 08:24:02 -08:00
Tom Eastep
1e9fe662cd Document addition of startup_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-29 16:01:19 -08:00
Tom Eastep
7d96ad2ffd Add startup_error() function to the -lite CLIs 2010-11-29 15:46:56 -08:00
26 changed files with 226 additions and 62 deletions

View File

@ -23,7 +23,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -1,6 +1,6 @@
%define name shorewall-init
%define version 4.4.15
%define release 0base
%define release 3
Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
Name: %{name}
@ -99,6 +99,12 @@ fi
%doc COPYING changelog.txt releasenotes.txt
%changelog
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-3
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-2
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-1
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-0base
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -177,6 +177,15 @@ verify_firewall_script() {
fi
}
#
# Fatal error
#
startup_error() {
echo " ERROR: $@" >&2
kill $$
exit 1
}
#
# Start Command Executor
#

View File

@ -1,6 +1,6 @@
%define name shorewall-lite
%define version 4.4.15
%define release 0base
%define release 3
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
Name: %{name}
@ -102,6 +102,12 @@ fi
%doc COPYING changelog.txt releasenotes.txt
%changelog
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-3
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-2
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-1
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-0base
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -2039,8 +2039,7 @@ sub logchain( $$$$$$ ) {
$logtag,
'add',
'' );
add_rule( $logchainref, $exceptionrule . $target );
add_jump( $logchainref, $target, 0, $exceptionrule );
}
$logchainref;
@ -3264,7 +3263,7 @@ sub interface_nets( $ ) {
sub get_interface_nets ( $ ) {
my ( $logical ) = $_[0];
my $interface = get_physical( $logical );
my $interface = physical_name( $logical );
my $variable = interface_nets( $interface );
$global_variables |= ALL_COMMANDS;
@ -3534,6 +3533,7 @@ sub expand_rule( $$$$$$$$$$;$ )
# An interface in the SOURCE column of a masq file
#
fatal_error "Bridge ports may not appear in the SOURCE column of this file" if port_to_bridge( $iiface );
fatal_error "A wildcard interface ( $iiface) is not allowed in this context" if $iiface =~ /\+$/;
if ( $table eq 'nat' ) {
warning_message qq(Using an interface as the masq SOURCE requires the interface to be up and configured when $Product starts/restarts) unless $idiotcount++;
@ -3625,6 +3625,7 @@ sub expand_rule( $$$$$$$$$$;$ )
#
fatal_error "A DEST interface is not permitted in the PREROUTING chain" if $restriction & DESTIFACE_DISALLOW;
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
fatal_error "A wildcard interface ($diface) is not allowed in this context" if $diface =~ /\+$/;
push_command( $chainref , 'for dest in ' . get_interface_nets( $diface) . '; do', 'done' );
$rule .= '-d $dest ';
} else {
@ -3846,9 +3847,11 @@ sub expand_rule( $$$$$$$$$$;$ )
#
# Find/Create a chain that both logs and applies the target action
# and jump to the log chain if all of the rule's conditions are met
#
#
assert( $target );
add_jump( $chainref,
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $jump ),
logchain( $chainref, $loglevel, $logtag, $exceptionrule , $disposition, $target ),
$builtin_target{$disposition},
$matches,
1 );

View File

@ -353,7 +353,7 @@ sub initialize( $ ) {
EXPORT => 0,
STATEMATCH => '-m state --state',
UNTRACKED => 0,
VERSION => "4.4.15",
VERSION => "4.4.15.3",
CAPVERSION => 40415 ,
);
@ -2895,8 +2895,9 @@ sub unsupported_yes_no_warning( $ ) {
# Process the params file
#
sub get_params() {
if ( my $fn = find_file 'params' ) {
my $fn = find_file 'params';
if ( -f $fn ) {
progress_message2 "Processing $fn ...";
my $command = "$globals{SHAREDIRPL}/getparams $fn " . join( ':', @config_path );
@ -2908,8 +2909,6 @@ sub get_params() {
for ( @params ) {
if ( /^(.*?)=(.*)$/ ) {
$params{$1} = $2 unless $1 eq '_';
} else {
assert(0);
}
}
}

View File

@ -275,7 +275,7 @@ sub add_a_provider( ) {
require_capability 'REALM_MATCH', "Configuring multiple providers through one interface", "s";
}
fatal_error "Unknown Interface ($interface)" unless known_interface( $interface, 1 );
fatal_error "Unknown Interface ($interface)" unless known_interface( $interface );
fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
my $physical = get_physical $interface;

View File

@ -56,8 +56,8 @@ sub initialize( $ ) {
@proxyarp = ();
}
sub setup_one_proxy_arp( $$$$$ ) {
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
sub setup_one_proxy_arp( $$$$$$$ ) {
my ( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent) = @_;
if ( "\L$haveroute" eq 'no' || $haveroute eq '-' ) {
$haveroute = '';
@ -76,15 +76,15 @@ sub setup_one_proxy_arp( $$$$$ ) {
}
unless ( $haveroute ) {
emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $interface";
emit "[ -n \"\$g_noroutes\" ] || run_ip route replace $address dev $physical";
$haveroute = 1 if $persistent;
}
emit ( "if ! arp -i $external -Ds $address $external pub; then",
" fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
emit ( "if ! arp -i $extphy -Ds $address $extphy pub; then",
" fatal_error \"Command 'arp -i $extphy -Ds $address $extphy pub' failed\"" ,
'fi' ,
'',
"progress_message \" Host $address connected to $interface added to ARP on $external\"\n" );
"progress_message \" Host $address connected to $interface added to ARP on $extphy\"\n" );
push @proxyarp, "$address $interface $external $haveroute";
@ -117,30 +117,35 @@ sub setup_proxy_arp() {
$first_entry = 0;
}
$interface = get_physical $interface;
$external = get_physical $external;
fatal_error "Unknown interface ($interface)" unless known_interface $interface, 1;
fatal_error "Unknown interface ($external)" unless known_interface $external, 1;
my $physical = physical_name $interface;
my $extphy = physical_name $external;
$set{$interface} = 1;
$reset{$external} = 1 unless $set{$external};
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
setup_one_proxy_arp( $address, $interface, $physical, $external, $extphy, $haveroute, $persistent );
}
emit '';
for my $interface ( keys %reset ) {
unless ( $set{interface} ) {
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
" echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
my $physical = get_physical $interface;
emit ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
" echo 0 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
emit "fi\n";
}
}
for my $interface ( keys %set ) {
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
" echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
my $physical = get_physical $interface;
emit ( "if [ -f /proc/sys/net/ipv4/conf/$physical/proxy_arp ]; then" ,
" echo 1 > /proc/sys/net/ipv4/conf/$physical/proxy_arp" );
emit ( 'else' ,
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $physical\"" ) unless interface_is_optional( $interface );
emit "fi\n";
}

View File

@ -476,6 +476,8 @@ sub process_simple_device() {
my $number = in_hexp( $tcdevices{$device} = ++$devnum );
fatal_error "Unknown interface( $device )" unless known_interface $device;
my $physical = physical_name $device;
my $dev = chain_base( $physical );

View File

@ -192,6 +192,7 @@ use constant { SIMPLE_IF_OPTION => 1,
IF_OPTION_ZONEONLY => 8,
IF_OPTION_HOST => 16,
IF_OPTION_VSERVER => 32,
IF_OPTION_WILDOK => 64
};
our %validinterfaceoptions;
@ -249,9 +250,9 @@ sub initialize( $ ) {
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
upnp => SIMPLE_IF_OPTION,
upnpclient => SIMPLE_IF_OPTION,
mss => NUMERIC_IF_OPTION,
physical => STRING_IF_OPTION + IF_OPTION_HOST,
wait => NUMERIC_IF_OPTION,
mss => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
physical => STRING_IF_OPTION + IF_OPTION_HOST,
wait => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
);
%validhostoptions = (
blacklist => 1,
@ -276,10 +277,10 @@ sub initialize( $ ) {
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
sourceroute => BINARY_IF_OPTION,
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
mss => NUMERIC_IF_OPTION,
mss => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
forward => BINARY_IF_OPTION,
physical => STRING_IF_OPTION + IF_OPTION_HOST,
wait => NUMERIC_IF_OPTION,
wait => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
);
%validhostoptions = (
blacklist => 1,
@ -998,6 +999,7 @@ sub process_interface( $$ ) {
assert( 0 );
}
} elsif ( $type == NUMERIC_IF_OPTION ) {
fatal_error "The '$option' option may not be specified on a wildcard interface" if $wildcard && ! $type && IF_OPTION_WILDOK;
$value = $defaultinterfaceoptions{$option} unless defined $value;
fatal_error "The '$option' option requires a value" unless defined $value;
my $numval = numeric_value $value;
@ -1185,7 +1187,7 @@ sub map_physical( $$ ) {
# If the passed name matches a wildcard and 'cache' is true, an entry for the name is added in
# %interfaces.
#
sub known_interface($;$)
sub known_interface($)
{
my ( $interface, $cache ) = @_;
my $interfaceref = $interfaces{$interface};
@ -1197,20 +1199,16 @@ sub known_interface($;$)
for my $i ( @interfaces ) {
$interfaceref = $interfaces{$i};
my $root = $interfaceref->{root};
if ( $i ne $root && substr( $interface, 0, length $root ) eq $root ) {
if ( $i ne $root && $interface ne $root && substr( $interface, 0, length $root ) eq $root ) {
my $physical = map_physical( $interface, $interfaceref );
my $copyref = { options => $interfaceref->{options},
bridge => $interfaceref->{bridge} ,
name => $i ,
number => $interfaceref->{number} ,
physical => $physical ,
base => chain_base( $physical ) ,
};
$interfaces{$interface} = $copyref if $cache;
return $copyref;
return $interfaces{$interface} = { options => $interfaceref->{options},
bridge => $interfaceref->{bridge} ,
name => $i ,
number => $interfaceref->{number} ,
physical => $physical ,
base => chain_base( $physical ) ,
};
}
}
@ -1332,7 +1330,7 @@ sub find_interfaces_by_option1( $ ) {
my $wild = 0;
for my $interface ( sort { $interfaces{$a}->{number} <=> $interfaces{$b}->{number} }
keys %interfaces ) {
( grep $interfaces{$_}{root}, keys %interfaces ) ) {
my $interfaceref = $interfaces{$interface};
next unless defined $interfaceref->{physical};
@ -1356,7 +1354,14 @@ sub find_interfaces_by_option1( $ ) {
sub get_interface_option( $$ ) {
my ( $interface, $option ) = @_;
$interfaces{$interface}{options}{$option};
my $ref = $interfaces{$interface};
return $ref->{options}{$option} if $ref;
assert( $ref = known_interface( $interface ) );
$ref->{options}{$option};
}
#

View File

@ -1,9 +1,35 @@
Changes in Shorewall 4.4.15.3
1) Don't let root match wildcard.
2) Fix use of wildcard names in the notrack file.
3) Fix use of wildcard names in the proxyarp file
4) Prevent perl runtime warnings with cached interface entries.
5) Fix old optimization bug.
Changes in Shorewall 4.4.15.2
1) Fix broken logical naming with Proxy ARP.
2) Verify interface names in proxyarp and tcinterfaces.
Changes in Shorewall 4.4.15.1
1) Change assertion into a warning in getparams.
2) Correct handling of missing params file.
Changes in Shorewall 4.4.15
1) Add macros from Tuomo Soini.
2) Corrected macro.JAP.
3) Added fatal_error() functions to the -lite CLIs.
RC 1
1) Another Perl 5.12 warning.

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -1 +1,30 @@
There are no known problems in Shorewall 4.4.15
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
2) If the output of 'env' contains a multi-line value, then
compilation failed with an Internal Error.
Workaround: In /etc/shorewall/params, reset any exported variables
that have a multi-line value.
Corrected in 4.4.15.1.
3) If a params file does not appear in the CONFIG_PATH, compilation
fails with the error:
.: 31: Can't open /etc/shorewall6/params
ERROR: Processing of /etc/shorewall6/params failed
Workaround: 'touch /etc/shorewall/params' (or
/etc/shorewall6/params).
Corrected in 4.4.15.1.
4) When logical interface names are used, proxy ARP does not
work. Symptoms include numerous Perl runtime error Messages.
Workaround: Don't use proxy arp involving an interface with a
logical name that is different from its physical name.
5) Unknown interface names in the proxyarp and tcinterfaces files
result in Perl runtime errors.

View File

@ -1,5 +1,5 @@
----------------------------------------------------------------------------
S H O R E W A L L 4 . 4 . 1 5
S H O R E W A L L 4 . 4 . 1 5 . 3
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@ -12,6 +12,46 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
4.4.15.3
1) Previously, the root of a wildcard name erroneously matched that
name. For example 'eth' matched 'eth+'. Now there must be at least
one additional character (e.g., 'eth4').
2) Use of logical interface names in the notrack and ecn files
resulted in perl runtime warning messages.
3) The use of wildcard-matching names in certain contexts would result
in perl run-time messages similar to this one:
Use of uninitialized value in numeric comparison (<=>)
at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
4) Under very rare circumstances, a chain could be optimized away
even when there are jumps to the chain. This resulted in a
start/restart failure.
4.4.15.2
1) Previously, proxy ARP with logical interface names did not
work. Symptoms included numerous Perl runtime error messages.
2) Previously, unknown interface names in the proxyarp and
tcinterfaces files resulted in Perl runtime errors.
4.4.15.1
1) If the output of 'env' contained a multi-line value, then
compilation failed with an Internal Error. The code has been
changed to ignore all but the first line of a multi-line value.
2) If a params file does not appear in the CONFIG_PATH, compilation
failed with the error:
.: 31: Can't open /etc/shorewall6/params
ERROR: Processing of /etc/shorewall6/params failed
4.4.15
1) Previously, if
@ -66,6 +106,13 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
macros (if 'PARAM' was passed to an nested macro invocation, it was
not expanded to the current parameter value).
7) Previously, if find_first_interface_address() failed when running
shorewall-lite or shoreawll6-lite, the following unhelpful message
was issued:
/usr/share/shorewall-lite/lib.common: line 449: startup_error: command
not found
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------

View File

@ -1,6 +1,6 @@
%define name shorewall
%define version 4.4.15
%define release 0base
%define release 3
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@ -109,6 +109,12 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-3
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-2
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-1
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-0base
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -176,6 +176,15 @@ verify_firewall_script() {
fi
}
#
# Fatal error
#
startup_error() {
echo " ERROR: $@" >&2
kill $$
exit 1
}
#
# Start Command Executor
#

View File

@ -1,6 +1,6 @@
%define name shorewall6-lite
%define version 4.4.15
%define release 0base
%define release 3
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
Name: %{name}
@ -93,6 +93,12 @@ fi
%doc COPYING changelog.txt releasenotes.txt
%changelog
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-3
* Fri Dec 17 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-2
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-1
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-0base
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{

View File

@ -1,6 +1,6 @@
%define name shorewall6
%define version 4.4.15
%define release 0base
%define release 3
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
Name: %{name}
@ -98,6 +98,12 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-3
* Tue Dec 21 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-2
* Wed Dec 01 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-1
* Fri Nov 26 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.15-0base
* Mon Nov 22 2010 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.15
VERSION=4.4.15.3
usage() # $1 = exit status
{