Fix release notes

Shorewall-init/install.sh

@@ -23,7 +23,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall-init/shorewall-init.spec

@@ -1,6 +1,6 @@
 %define name shorewall-init
 %define version 4.4.18
-%define release 1
+%define release 2
 
 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
 Name: %{name}
@@ -119,6 +119,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun Mar 27 2011 Tom Eastep tom@shorewall.net
+- Updated to 4.4.18-2
 * Sat Mar 19 2011 Tom Eastep tom@shorewall.net
 - Updated to 4.4.18-1
 * Sun Mar 13 2011 Tom Eastep tom@shorewall.net

Shorewall-init/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.18
-%define release 1
+%define release 2
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -103,6 +103,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun Mar 27 2011 Tom Eastep tom@shorewall.net
+- Updated to 4.4.18-2
 * Sat Mar 19 2011 Tom Eastep tom@shorewall.net
 - Updated to 4.4.18-1
 * Sun Mar 13 2011 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Chains.pm

@@ -387,8 +387,8 @@ our %builtin_target = ( ACCEPT      => 1,
 #   2. The compiler can run multiple times in the same process so it has to be
 #      able to re-initialize its dependent modules' state.
 #
-sub initialize( $ ) {
-    $family = shift;
+sub initialize( $$ ) {
+    ( $family, my $hard ) = @_;
 
     %chain_table = ( raw    => {},
 		     mangle => {},
@@ -428,7 +428,7 @@ sub initialize( $ ) {
     $idiotcount1        = 0;
     $warningcount       = 0;
     $hashlimitset       = 0;
-    $ipset_rules        = 0;
+    $ipset_rules        = 0 if $hard;
     #
     # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
     #
@@ -2657,7 +2657,9 @@ sub match_source_dev( $ ) {
     $interface = $interfaceref->{physical} if $interfaceref;
     return '' if $interface eq '+';
     if ( $interfaceref && $interfaceref->{options}{port} ) {
-	"-i $interfaceref->{bridge} -m physdev --physdev-in $interface ";
+	my $bridgeref = find_interface $interfaceref->{bridge};
+
+	"-i $bridgeref->{physical} -m physdev --physdev-in $interface ";
     } else {
 	"-i $interface ";
     }
@@ -2672,10 +2674,12 @@ sub match_dest_dev( $ ) {
     $interface = $interfaceref->{physical} if $interfaceref;
     return '' if $interface eq '+';
     if ( $interfaceref && $interfaceref->{options}{port} ) {
+	my $bridgeref = find_interface $interfaceref->{bridge};
+
 	if ( have_capability( 'PHYSDEV_BRIDGE' ) ) {
-	    "-o $interfaceref->{bridge} -m physdev --physdev-is-bridged --physdev-out $interface ";
+	    "-o $bridgeref->{physical} -m physdev --physdev-is-bridged --physdev-out $interface ";
 	} else {
-	    "-o $interfaceref->{bridge} -m physdev --physdev-out $interface ";
+	    "-o $bridgeref->{physical} -m physdev --physdev-out $interface ";
 	}
     } else {
 	"-o $interface ";

Shorewall/Perl/Shorewall/Compiler.pm

@@ -55,7 +55,7 @@ our $family;
 #
 sub initialize_package_globals() {
     Shorewall::Config::initialize($family);
-    Shorewall::Chains::initialize ($family);
+    Shorewall::Chains::initialize ($family, 1);
     Shorewall::Zones::initialize ($family);
     Shorewall::Nat::initialize;
     Shorewall::Providers::initialize($family);
@@ -818,7 +818,7 @@ sub compiler {
 	# We must reinitialize Shorewall::Chains before generating the iptables-restore input
 	# for stopping the firewall
 	#
-	Shorewall::Chains::initialize( $family );
+	Shorewall::Chains::initialize( $family, 0 );
 	initialize_chain_table;
 	#
 	#                           S T O P _ F I R E W A L L
@@ -882,7 +882,7 @@ sub compiler {
 	# Re-initialize the chain table so that process_routestopped() has the same
 	# environment that it would when called by compile_stop_firewall().
 	#
-	Shorewall::Chains::initialize( $family );
+	Shorewall::Chains::initialize( $family , 0 );
 	initialize_chain_table;
 
 	if ( $debug ) {

Shorewall/Perl/Shorewall/Config.pm

@@ -410,7 +410,7 @@ sub initialize( $ ) {
 		    EXPORT     => 0,
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED  => 0,
-		    VERSION    => "4.4.18.1",
+		    VERSION    => "4.4.18.2",
 		    CAPVERSION => 40417 ,
 		  );
     #

Shorewall/changelog.txt

@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.18.2
+
+1)  Fix SAVE_IPSETS=Yes without dynamic zones.
+
 Changes in Shorewall 4.4.18.1
 
 1)  Fix params processing bug.

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -24,3 +24,30 @@
     run-time error occurs.
 
     Corrected in Shorewall 4.4.18.1
+
+5)  If a bridge interface has subordinate ports defined in
+    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
+    the 'ipsec' option specified) in /etc/shorewall/hosts results in
+    the compiler generating an incorrect Netfilter configuration.
+ 
+    Workaround: Change the hosts entry to specify one of the bridge
+    ports. If the specified network spans more than one port, then
+    replicate for each port.
+ 
+    Will be corrected in Shorewall 4.4.19
+
+6)  SAVE_IPSETS=Yes doesn't work unless there is a dynamic zone
+    defined.
+
+    Workaround: Create a dummy dynamic zone.
+
+    Corrected in Shorewall 4.4.18.2
+
+7)  If a logical name is given to a bridge and the ports on the bridge
+    are defined in /etc/shorewall/interfaces, then the compiler may
+    generate matches that use the logical name rather than the physical
+    name.
+
+    Workaround: Do not use logical names on bridges with ports.
+
+    Corrected in Shorewall 4.4.18.2

Shorewall/releasenotes.txt

@@ -1,5 +1,5 @@
 ----------------------------------------------------------------------------
-                     S H O R E W A L L  4 . 4 . 1 8 . 1
+                     S H O R E W A L L  4 . 4 . 1 8 . 2
 ----------------------------------------------------------------------------
 
 I.    PROBLEMS CORRECTED IN THIS RELEASE
@@ -13,6 +13,15 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
   I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
+4.4.18.2
+
+1)  SAVE_IPSETS=Yes didn't work unless there is a dynamic zone defined.
+
+2)  If a logical name was given to a bridge and the ports on the bridge
+    were defined in /etc/shorewall/interfac, then the compiler could
+    generate matches that used the logical name rather than the
+    physical name.
+ 
 4.4.18.1
 
 1)  An issue with params processing on RHEL6 has been corrected. The
@@ -93,6 +102,14 @@ None.
 1)  On systems running Upstart, shorewall-init cannot reliably secure
     the firewall before interfaces are brought up.
 
+2)  If a bridge interface has subordinate ports defined in
+    /etc/shorewall/interface, then an ipsec entry (either ipsec zone or
+    the 'ipsec' option specified) in /etc/shorewall/hosts results in
+    an incorrect Netfilter configuration.
+
+    Workaround: Assign the ipsec entry to one or more of the bridge
+    ports rather than the bridge itself.
+
 ----------------------------------------------------------------------------
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.18
-%define release 1
+%define release 2
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -109,6 +109,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
 
 %changelog
+* Sun Mar 27 2011 Tom Eastep tom@shorewall.net
+- Updated to 4.4.18-2
 * Sat Mar 19 2011 Tom Eastep tom@shorewall.net
 - Updated to 4.4.18-1
 * Sun Mar 13 2011 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.18
-%define release 1
+%define release 2
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -94,6 +94,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sun Mar 27 2011 Tom Eastep tom@shorewall.net
+- Updated to 4.4.18-2
 * Sat Mar 19 2011 Tom Eastep tom@shorewall.net
 - Updated to 4.4.18-1
 * Sun Mar 13 2011 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.18
-%define release 1
+%define release 2
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Sun Mar 27 2011 Tom Eastep tom@shorewall.net
+- Updated to 4.4.18-2
 * Sat Mar 19 2011 Tom Eastep tom@shorewall.net
 - Updated to 4.4.18-1
 * Sun Mar 13 2011 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.18.1
+VERSION=4.4.18.2
 
 usage() # $1 = exit status
 {

docs/Documentation_Index.xml

@@ -59,7 +59,8 @@
 
             <entry><ulink url="Vserver.html">Linux-vserver</ulink></entry>
 
-            <entry></entry>
+            <entry><ulink url="Laptop.html">Shorewall on a
+            Laptop</ulink></entry>
           </row>
 
           <row>
@@ -84,7 +85,8 @@
           <row>
             <entry><ulink url="Actions.html">Actions</ulink></entry>
 
-            <entry><ulink url="Macros.html">Macros</ulink></entry>
+            <entry><ulink url="LXC.html">LXC (Linux
+            Containers)</ulink></entry>
 
             <entry><ulink url="samba.htm">SMB</ulink></entry>
           </row>
@@ -93,8 +95,7 @@
             <entry><ulink url="Shorewall_and_Aliased_Interfaces.html">Aliased
             (virtual) Interfaces (e.g., eth0:0)</ulink></entry>
 
-            <entry><ulink url="MAC_Validation.html">MAC
-            Verification</ulink></entry>
+            <entry><ulink url="Macros.html">Macros</ulink></entry>
 
             <entry><ulink url="two-interface.htm#SNAT">SNAT</ulink>
             (<firstterm>Source Network Address
@@ -105,7 +106,8 @@
             <entry><ulink url="Anatomy.html">Anatomy of
             Shorewall</ulink></entry>
 
-            <entry><ulink url="Manpages.html">Man Pages</ulink></entry>
+            <entry><ulink url="MAC_Validation.html">MAC
+            Verification</ulink></entry>
 
             <entry><ulink url="SplitDNS.html">Split DNS the Easy
             Way</ulink></entry>
@@ -115,8 +117,7 @@
             <entry><ulink url="traffic_shaping.htm">Bandwidth
             Control</ulink></entry>
 
-            <entry><ulink url="ManualChains.html">Manual
-            Chains</ulink></entry>
+            <entry><ulink url="Manpages.html">Man Pages</ulink></entry>
 
             <entry><ulink url="Shorewall_Squid_Usage.html">Squid with
             Shorewall</ulink></entry>
@@ -126,8 +127,8 @@
             <entry><ulink
             url="blacklisting_support.htm">Blacklisting</ulink></entry>
 
-            <entry><ulink
-            url="two-interface.htm#SNAT">Masquerading</ulink></entry>
+            <entry><ulink url="ManualChains.html">Manual
+            Chains</ulink></entry>
 
             <entry><ulink
             url="starting_and_stopping_shorewall.htm">Starting/stopping the
@@ -138,9 +139,8 @@
             <entry>Bridge: <ulink
             url="bridge-Shorewall-perl.html">Bridge/Firewall</ulink></entry>
 
-            <entry><ulink url="MultiISP.html">Multiple Internet Connections
-            from a Single Firewall</ulink> (<ulink
-            url="MultiISP_ru.html">Russian</ulink>)</entry>
+            <entry><ulink
+            url="two-interface.htm#SNAT">Masquerading</ulink></entry>
 
             <entry><ulink url="NAT.htm">Static (one-to-one)
             NAT</ulink></entry>
@@ -150,8 +150,8 @@
             <entry>Bridge: <ulink url="SimpleBridge.html">No firewalling of
             traffic between bridge port</ulink></entry>
 
-            <entry><ulink url="Multiple_Zones.html">Multiple Zones Through One
-            Interface</ulink></entry>
+            <entry><ulink url="MultiISP.html">Multiple Internet Connections
+            from a Single Firewall</ulink></entry>
 
             <entry><ulink url="support.htm">Support</ulink></entry>
           </row>
@@ -160,8 +160,8 @@
             <entry><ulink url="Build.html">Building Shorewall from
             GIT</ulink></entry>
 
-            <entry><ulink url="MyNetwork.html">My Shorewall
-            Configuration</ulink></entry>
+            <entry><ulink url="Multiple_Zones.html">Multiple Zones Through One
+            Interface</ulink></entry>
 
             <entry><ulink url="configuration_file_basics.htm">Tips and
             Hints</ulink></entry>
@@ -171,8 +171,8 @@
             <entry><ulink
             url="starting_and_stopping_shorewall.htm">Commands</ulink></entry>
 
-            <entry><ulink url="NetfilterOverview.html">Netfilter
-            Overview</ulink></entry>
+            <entry><ulink url="MyNetwork.html">My Shorewall
+            Configuration</ulink></entry>
 
             <entry><ulink url="Accounting.html">Traffic
             Accounting</ulink></entry>
@@ -182,7 +182,8 @@
             <entry><ulink url="CompiledPrograms.html">Compiled Firewall
             Programs</ulink></entry>
 
-            <entry><ulink url="netmap.html">Network Mapping</ulink></entry>
+            <entry><ulink url="NetfilterOverview.html">Netfilter
+            Overview</ulink></entry>
 
             <entry><ulink url="simple_traffic_shaping.html">Traffic
             Shaping/QOS - Simple</ulink></entry>
@@ -192,8 +193,7 @@
             <entry><ulink url="configuration_file_basics.htm">Configuration
             File Basics</ulink></entry>
 
-            <entry><ulink url="NAT.htm">One-to-one NAT</ulink> (Static
-            NAT)</entry>
+            <entry><ulink url="netmap.html">Network Mapping</ulink></entry>
 
             <entry><ulink url="traffic_shaping.htm">Traffic Shaping/QOS -
             Complex</ulink></entry>
@@ -203,7 +203,7 @@
             <entry><ulink url="dhcp.htm">DHCP</ulink></entry>
 
             <entry><ulink url="Multiple_Zones.html"><ulink
-            url="OPENVPN.html">OpenVPN</ulink></ulink></entry>
+            url="NAT.htm">One-to-one NAT</ulink> (Static NAT)</ulink></entry>
 
             <entry><ulink url="Shorewall_Squid_Usage.html">Transparent
             Proxy</ulink></entry>
@@ -214,7 +214,7 @@
             url="two-interface.htm#DNAT">DNAT</ulink> (<firstterm>Destination
             Network Address Translation</firstterm>)</ulink></entry>
 
-            <entry><ulink url="OpenVZ.html">OpenVZ</ulink></entry>
+            <entry><ulink url="OPENVPN.html">OpenVPN</ulink></entry>
 
             <entry><ulink url="UPnP.html">UPnP</ulink></entry>
           </row>
@@ -222,8 +222,7 @@
           <row>
             <entry><ulink url="Dynamic.html">Dynamic Zones</ulink></entry>
 
-            <entry><ulink url="starting_and_stopping_shorewall.htm">Operating
-            Shorewall</ulink></entry>
+            <entry><ulink url="OpenVZ.html">OpenVZ</ulink></entry>
 
             <entry><ulink url="OpenVZ.html">OpenVZ</ulink></entry>
           </row>
@@ -232,8 +231,8 @@
             <entry><ulink url="ECN.html">ECN Disabling by host or
             subnet</ulink></entry>
 
-            <entry><ulink url="PacketMarking.html">Packet
-            Marking</ulink></entry>
+            <entry><ulink url="starting_and_stopping_shorewall.htm">Operating
+            Shorewall</ulink></entry>
 
             <entry><ulink url="LennyToSqueeze.html">Upgrading to Shorewall 4.4
             (Upgrading Debian Lenny to Squeeze)</ulink></entry>
@@ -244,8 +243,8 @@
             url="shorewall_extension_scripts.htm">Extension Scripts</ulink>
             (User Exits)</ulink></entry>
 
-            <entry><ulink url="PacketHandling.html">Packet Processing in a
-            Shorewall-based Firewall</ulink></entry>
+            <entry><ulink url="PacketMarking.html">Packet
+            Marking</ulink></entry>
 
             <entry><ulink url="VPNBasics.html">VPN</ulink></entry>
           </row>
@@ -254,7 +253,8 @@
             <entry><ulink
             url="fallback.htm">Fallback/Uninstall</ulink></entry>
 
-            <entry><ulink url="ping.html">'Ping' Management</ulink></entry>
+            <entry><ulink url="PacketHandling.html">Packet Processing in a
+            Shorewall-based Firewall</ulink></entry>
 
             <entry><ulink url="VPN.htm">VPN Passthrough</ulink></entry>
           </row>
@@ -262,8 +262,7 @@
           <row>
             <entry><ulink url="FAQ.htm">FAQs</ulink></entry>
 
-            <entry><ulink url="two-interface.htm#DNAT">Port
-            Forwarding</ulink></entry>
+            <entry><ulink url="ping.html">'Ping' Management</ulink></entry>
 
             <entry><ulink url="whitelisting_under_shorewall.htm">White List
             Creation</ulink></entry>
@@ -273,7 +272,8 @@
             <entry><ulink
             url="shorewall_features.htm">Features</ulink></entry>
 
-            <entry><ulink url="ports.htm">Port Information</ulink></entry>
+            <entry><ulink url="two-interface.htm#DNAT">Port
+            Forwarding</ulink></entry>
 
             <entry><ulink url="XenMyWay.html">Xen - Shorewall in a Bridged Xen
             DomU</ulink></entry>
@@ -283,8 +283,7 @@
             <entry><ulink url="Multiple_Zones.html">Forwarding Traffic on the
             Same Interface</ulink></entry>
 
-            <entry><ulink url="PortKnocking.html">Port Knocking and Other Uses
-            of the 'Recent Match'</ulink></entry>
+            <entry><ulink url="ports.htm">Port Information</ulink></entry>
 
             <entry><ulink url="XenMyWay-Routed.html">Xen - Shorewall in Routed
             Xen Dom0</ulink></entry>
@@ -293,7 +292,8 @@
           <row>
             <entry><ulink url="FTP.html">FTP and Shorewall</ulink></entry>
 
-            <entry><ulink url="PPTP.htm">PPTP</ulink></entry>
+            <entry><ulink url="PortKnocking.html">Port Knocking and Other Uses
+            of the 'Recent Match'</ulink></entry>
 
             <entry></entry>
           </row>
@@ -302,17 +302,14 @@
             <entry><ulink url="FoolsFirewall.html">Fool's
             Firewall</ulink></entry>
 
-            <entry><ulink url="ProxyARP.htm">Proxy ARP</ulink></entry>
-
-            <entry></entry>
+            <entry><ulink url="PPTP.htm">PPTP</ulink></entry>
           </row>
 
           <row>
             <entry><ulink url="support.htm">Getting help or answers to
             questions</ulink></entry>
 
-            <entry><ulink url="shorewall_quickstart_guide.htm">QuickStart
-            Guides</ulink></entry>
+            <entry><ulink url="ProxyARP.htm">Proxy ARP</ulink></entry>
 
             <entry></entry>
           </row>
@@ -321,7 +318,8 @@
             <entry><ulink
             url="Install.htm">Installation/Upgrade</ulink></entry>
 
-            <entry><ulink url="NewRelease.html">Release Model</ulink></entry>
+            <entry><ulink url="shorewall_quickstart_guide.htm">QuickStart
+            Guides</ulink></entry>
 
             <entry></entry>
           </row>
@@ -329,6 +327,14 @@
           <row>
             <entry><ulink url="IPP2P.html">IPP2P</ulink></entry>
 
+            <entry><ulink url="NewRelease.html">Release Model</ulink></entry>
+
+            <entry></entry>
+          </row>
+
+          <row>
+            <entry><ulink url="IPSEC-2.6.html">IPSEC</ulink></entry>
+
             <entry><ulink
             url="shorewall_prerequisites.htm">Requirements</ulink></entry>
 
@@ -336,7 +342,7 @@
           </row>
 
           <row>
-            <entry><ulink url="IPSEC-2.6.html">IPSEC</ulink></entry>
+            <entry><ulink url="ipsets.html">Ipsets</ulink></entry>
 
             <entry><ulink url="Shorewall_and_Routing.html">Routing and
             Shorewall</ulink></entry>
@@ -345,7 +351,7 @@
           </row>
 
           <row>
-            <entry><ulink url="ipsets.html">Ipsets</ulink></entry>
+            <entry><ulink url="IPv6Support.html">IPv6 Support</ulink></entry>
 
             <entry><ulink url="Multiple_Zones.html">Routing on One
             Interface</ulink></entry>
@@ -353,20 +359,11 @@
             <entry></entry>
           </row>
 
-          <row>
-            <entry><ulink url="IPv6Support.html">IPv6 Support</ulink></entry>
-
-            <entry><ulink url="samba.htm">Samba</ulink></entry>
-
-            <entry></entry>
-          </row>
-
           <row>
             <entry><ulink url="Shorewall_and_Kazaa.html">Kazaa
             Filtering</ulink></entry>
 
-            <entry><ulink url="Shorewall-init.html">Shorewall
-            Init</ulink></entry>
+            <entry><ulink url="samba.htm">Samba</ulink></entry>
 
             <entry></entry>
           </row>
@@ -375,8 +372,8 @@
             <entry><ulink url="kernel.htm">Kernel
             Configuration</ulink></entry>
 
-            <entry><ulink url="CompiledPrograms.html#Lite">Shorewall
-            Lite</ulink></entry>
+            <entry><ulink url="Shorewall-init.html">Shorewall
+            Init</ulink></entry>
 
             <entry></entry>
           </row>
@@ -385,8 +382,8 @@
             <entry><ulink url="KVM.html">KVM (Kernel-mode Virtual
             Machine)</ulink></entry>
 
-            <entry><ulink url="Laptop.html">Shorewall on a
-            Laptop</ulink></entry>
+            <entry><ulink url="CompiledPrograms.html#Lite">Shorewall
+            Lite</ulink></entry>
 
             <entry></entry>
           </row>