Set version to 4.4.2.5

Shorewall-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.2
-%define release 0base
+%define release 5
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -98,6 +98,16 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-5
+* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-4
+* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-3
+* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-2
+* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-1
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Compiler.pm

@@ -230,14 +230,24 @@ sub generate_script_2() {
 	   '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
 	   );
 
+    pop_indent;
+
+    emit "\n}\n"; # End of initialize()
+
+    emit( '' ,
+	  '#' ,
+	  '# Set global variables holding detected IP information' ,
+	  '#' ,
+	  'detect_configuration()',
+	  '{' );
+
     my $global_variables = have_global_variables;
 
+    push_indent;
+
     if ( $global_variables ) {
-	emit( '' ,
-	      '#' ,
-	      '# Set global variables holding detected IP information' ,
-	      '#' ,
-	      'case $COMMAND in' );
+	
+	emit( 'case $COMMAND in' );
 
 	push_indent;
 
@@ -273,12 +283,14 @@ sub generate_script_2() {
 	pop_indent;
 
 	emit ( 'esac' ) ,
+    } else {
+	emit( 'true' ) unless handle_optional_interfaces;
     }
 
     pop_indent;
 
-    emit "\n}\n"; # End of initialize()
-
+    emit "\n}\n"; # End of detect_configuration()
+    
 }
 
 #

Shorewall/Perl/Shorewall/Config.pm

@@ -328,7 +328,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.2",
+		    VERSION => "4.4.2.5",
 		    CAPVERSION => 40402 ,
 		  );
 

Shorewall/Perl/Shorewall/Nat.pm

@@ -290,7 +290,6 @@ sub process_one_masq( )
 		next if $addrs eq 'detect';
 		for my $addr ( ip_range_explicit $addrs ) {
 		    unless ( $addresses_to_add{$addr} ) {
-			emit "del_ip_addr $addr $interface" unless $config{RETAIN_ALIASES};
 			$addresses_to_add{$addr} = 1;
 			if ( defined $alias ) {
 			    push @addresses_to_add, $addr, "$interface:$alias";

Shorewall/Perl/Shorewall/Providers.pm

@@ -143,10 +143,12 @@ sub setup_route_marking() {
 sub copy_table( $$$ ) {
     my ( $duplicate, $number, $realm ) = @_;
 
+    my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
+
     if ( $realm ) {
 	emit  ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
     } else {
-	emit  ( "\$IP -$family route show table $duplicate | while read net route; do" )
+	emit  ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
     }
 
     emit ( '    case $net in',
@@ -162,11 +164,13 @@ sub copy_table( $$$ ) {
 
 sub copy_and_edit_table( $$$$ ) {
     my ( $duplicate, $number, $copy, $realm) = @_;
+    
+    my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
 
     if ( $realm ) {
 	emit  ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
     } else {
-	emit  ( "\$IP -$family route show table $duplicate | while read net route; do" )
+	emit  ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
     }
 
     emit (  '    case $net in',
@@ -819,6 +823,8 @@ sub handle_optional_interfaces() {
 		  "    ${base}_IS_USABLE=" ,
 		  'fi' );
 	}
+
+	1;
     }
 }
 

Shorewall/Perl/Shorewall/Rules.pm

@@ -330,6 +330,8 @@ sub process_routestopped() {
 	}
 
 	unless ( $options eq '-' ) {
+	    my $chainref = $filter_table->{FORWARD};
+
 	    for my $option (split /,/, $options ) {
 		if ( $option eq 'routeback' ) {
 		    if ( $routeback ) {
@@ -341,7 +343,7 @@ sub process_routestopped() {
 			    my $source = match_source_net $host;
 			    my $dest   = match_dest_net   $host;
 
-			    emit "run_iptables -A FORWARD -i $interface -o $interface $source $dest -j ACCEPT";
+			    add_rule $chainref , "-i $interface -o $interface $source $dest -j ACCEPT";
 			    clearrule;
 			}
 		    }
@@ -1576,6 +1578,9 @@ sub process_rules() {
 # Add jumps from the builtin chains to the interface-chains that are used by this configuration
 #
 sub add_interface_jumps {
+    our %input_jump_added;
+    our %output_jump_added;
+    our %forward_jump_added;
     #
     # Add Nat jumps
     #
@@ -1596,10 +1601,10 @@ sub add_interface_jumps {
     # Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
     #
     for my $interface ( @_ ) {
-	add_jump( $filter_table->{FORWARD} , forward_chain $interface , 0, match_source_dev( $interface ) ) if use_forward_chain $interface;
-	add_jump( $filter_table->{INPUT}   , input_chain $interface ,   0, match_source_dev( $interface ) ) if use_input_chain $interface;
+	add_jump( $filter_table->{FORWARD} , forward_chain $interface , 0, match_source_dev( $interface ) ) unless $forward_jump_added{$interface} || ! use_forward_chain $interface;
+	add_jump( $filter_table->{INPUT}   , input_chain $interface ,   0, match_source_dev( $interface ) ) unless $input_jump_added{$interface}   || ! use_input_chain $interface;
 
-	if ( use_output_chain $interface ) {
+	unless ( $output_jump_added{$interface} || ! use_output_chain $interface ) {
 	    add_jump $filter_table->{OUTPUT} , output_chain $interface , 0, match_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
 	}
     }
@@ -1666,6 +1671,9 @@ sub generate_matrix() {
     my $notrackref = $raw_table->{notrack_chain $fw};
     my @zones = non_firewall_zones;
     my $interface_jumps_added = 0;
+    our %input_jump_added   = ();
+    our %output_jump_added  = ();
+    our %forward_jump_added = ();
 
     #
     # Special processing for complex configurations
@@ -1687,6 +1695,7 @@ sub generate_matrix() {
 
 		if ( use_forward_chain( $interface ) ) {
 		    $sourcechainref = $filter_table->{forward_chain $interface};
+		    add_jump $filter_table->{FORWARD} , $sourcechainref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
 		} else {
 		    $sourcechainref = $filter_table->{FORWARD};
 		    $interfacematch = match_source_dev $interface;
@@ -1798,6 +1807,7 @@ sub generate_matrix() {
 
 			    if ( use_output_chain $interface ) {
 				$outputref = $filter_table->{output_chain $interface};
+				add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
 			    } else {
 				$outputref = $filter_table->{OUTPUT};
 				$interfacematch = match_dest_dev $interface;
@@ -1846,6 +1856,7 @@ sub generate_matrix() {
 
 			if ( use_input_chain $interface ) {
 			    $inputchainref = $filter_table->{input_chain $interface};
+			    add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
 			} else {
 			    $inputchainref = $filter_table->{INPUT};
 			    $interfacematch = match_source_dev $interface;
@@ -1859,7 +1870,9 @@ sub generate_matrix() {
 			if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {
 			    my $ref = source_exclusion( $exclusions, $frwd_ref );
 			    if ( use_forward_chain $interface ) {
-				add_jump $filter_table->{forward_chain $interface} , $ref, 0, join( '', $source, $ipsec_in_match );
+				my $forwardref = $filter_table->{forward_chain $interface};
+				add_jump $forwardref , $ref, 0, join( '', $source, $ipsec_in_match );
+				add_jump $filter_table->{FORWARD} , $forwardref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
 			    } else {
 				add_jump $filter_table->{FORWARD} , $ref, 0, join( '', match_source_dev( $interface ) , $source, $ipsec_in_match );
 				move_rules ( $filter_table->{forward_chain $interface} , $frwd_ref );
@@ -1978,6 +1991,7 @@ sub generate_matrix() {
 
 			if ( use_forward_chain $interface ) {
 			    $chain3ref = $filter_table->{forward_chain $interface};
+			    add_jump $filter_table->{FORWARD} , $chain3ref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
 			} else {
 			    $chain3ref  = $filter_table->{FORWARD};
 			    $match_source_dev = match_source_dev $interface;

Shorewall/Perl/prog.footer

@@ -362,6 +362,7 @@ case "$COMMAND" in
 	    status=0
 	else
 	    progress_message3 "Starting $PRODUCT...."
+	    detect_configuration
 	    define_firewall
 	    status=$?
 	    [ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
@@ -371,6 +372,7 @@ case "$COMMAND" in
     stop)
 	[ $# -ne 1 ] && usage 2
 	progress_message3 "Stopping $PRODUCT...."
+	detect_configuration
 	stop_firewall
 	status=0
 	[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
@@ -414,6 +416,7 @@ case "$COMMAND" in
 	    progress_message3 "Starting $PRODUCT...."
 	fi
 
+	detect_configuration
 	define_firewall
 	status=$?
 	if [ -n "$SUBSYSLOCK" ]; then
@@ -425,6 +428,7 @@ case "$COMMAND" in
 	[ $# -ne 1 ] && usage 2
 	if shorewall_is_started; then
 	    progress_message3 "Refreshing $PRODUCT...."
+	    detect_configuration
 	    define_firewall
 	    status=$?
 	    progress_message3 "done."
@@ -435,6 +439,7 @@ case "$COMMAND" in
 	;;
     restore)
 	[ $# -ne 1 ] && usage 2
+	detect_configuration
 	define_firewall
 	status=$?
 	if [ -n "$SUBSYSLOCK" ]; then

Shorewall/Perl/prog.footer6

@@ -328,6 +328,7 @@ else
 		status=0
 	    else
 		progress_message3 "Starting $PRODUCT...."
+		detect_configuration
 		define_firewall
 		status=$?
 		[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
@@ -337,6 +338,7 @@ else
 	stop)
 	    [ $# -ne 1 ] && usage 2
 	    progress_message3 "Stopping $PRODUCT...."
+	    detect_configuration
 	    stop_firewall
 	    status=0
 	    [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
@@ -379,6 +381,7 @@ else
 		progress_message3 "Starting $PRODUCT...."
 	    fi
 
+	    detect_configuration
 	    define_firewall
 	    status=$?
 	    if [ -n "$SUBSYSLOCK" ]; then
@@ -390,6 +393,7 @@ else
 	    [ $# -ne 1 ] && usage 2
 	    if shorewall6_is_started; then
 		progress_message3 "Refreshing $PRODUCT...."
+		detect_configuration
 		define_firewall
 		status=$?
 		progress_message3 "done."
@@ -400,6 +404,7 @@ else
 	    ;;
 	restore)
 	    [ $# -ne 1 ] && usage 2
+	    detect_configuration
 	    define_firewall
 	    status=$?
 	    if [ -n "$SUBSYSLOCK" ]; then

Shorewall/changelog.txt

@@ -1,3 +1,23 @@
+Changes in Shorewall 4.4.2.4
+
+1)  Correct optional interfaces.
+
+Changes in Shorewall 4.4.2.3
+
+1)  Fix internal error with RETAIN_ALIASES=No.
+
+2)  Only detect IP configuration when needed.
+
+3)  Fix nested zones.
+
+Changes in Shorewall 4.4.2.2
+
+1)  Another fix for 'routeback' in routestopped.
+
+Changes in Shorewall 4.4.2.1
+
+1)  Fix 'routeback' in routestopped.
+
 Changes in Shorewall 4.4.2
 
 1)  BUGFIX: Correct detection of Persistent SNAT support

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -1 +1,39 @@
-There are no known problems in Shorewall version 4.4.2
+1)  'shorewall check' produces an internal error if 'routeback' appears
+    in /etc/shorewall/routestopped.
+
+    You can work around this problem by using 'source' rather than
+    'routeback'.
+
+    Corrected in Shorewall 4.4.2.1.
+
+2)  'routeback' appearing in /etc/shorewall/routestopped doesn't
+    work (routeback traffic is not allowed).
+
+    You can work around this problem by using 'source' rather than
+    'routeback'.
+
+    Corrected in Shorewall 4.4.2.2.
+
+3)  If an alias IP address was added and RETAIN_ALIASES=No in
+    shorewall.conf, a compiler internal error results.
+
+    You can work around this problem by setting RETAIN_ALIASES=Yes in
+    shorewall.conf.
+
+    Corrected in Shorewall 4.4.2.3.
+
+4)  Nested zones where the parent zone is defined by a wildcard in
+    /etc/shorewall/interfaces (interface names ends in +), don't always
+    work correctly.
+
+    Corrected in Shorewall 4.4.2.3.
+
+5)  Global IP configuration variables are not being set in IPv6
+    configurations. This could cause 'shorewall6 start' to fail.
+
+    Corrected in Shorewall 4.4.2.4.
+
+6)  Under certain circumstances, optional providers are not detected
+    as being usable.
+
+    Corrected in Shorewall 4.4.2.5.

Shorewall/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 4.4.2
+Shorewall 4.4.2 Patch Release 5.
 
 ----------------------------------------------------------------------------
                R E L E A S E  4 . 4  H I G H L I G H T S
@@ -169,6 +169,59 @@ Shorewall 4.4.2
     now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
     then it may have no additional members in /etc/shorewall/hosts.
 
+----------------------------------------------------------------------------
+        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2 . 5
+----------------------------------------------------------------------------
+
+1)  Under certain circumstances, optional providers were not detected
+    as being usable.
+
+    Additionally, messages issued when an optional provider was not
+    usable were confusing; the message intended to be issued when the
+    provider shared an interface ("WARNING: Gateway <gateway> is not
+    reachable -- Provider <name> (<number>) not Added") was being
+    issued when the provider did not share an interface. Similarly, the
+    message intended to be issued when the provider did not share an
+    interface ("WARNING: Interface <interface> is not usable --
+    Provider <name> (<number>) not Added") was being issued when the
+    provider did share an interface.
+
+----------------------------------------------------------------------------
+        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2 . 4
+----------------------------------------------------------------------------
+1)  Global IP configuration variables were not being set in IPv6
+    configurations. This could cause 'shorewall6 start' to fail.
+
+----------------------------------------------------------------------------
+        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2 . 3
+----------------------------------------------------------------------------
+
+1)  If aliases were added and RETAIN_ALIASES=No in shorewall.conf, then
+    an internal error was generated.
+
+2)  Previously, the generated script set its global IP configuration
+    variables, even when those variables were not required to execute the
+    requested command.  If detection of an IP address, route,
+    etc. failed, the command could needlessly fail. Now, these
+    variables are only set when their values are needed to correctly
+    execute the specified command.
+
+3)  Nested zones did not work correctly in some cases where the parent
+    zone was defined with a wild-card interface name (one ending in '+').
+
+----------------------------------------------------------------------------
+        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2 . 2
+----------------------------------------------------------------------------
+
+1)  'routeback' in /etc/shorewall/routestopped was ineffective.
+
+----------------------------------------------------------------------------
+        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2 . 1
+----------------------------------------------------------------------------
+
+1)  'shorewall check' produced an internal error if 'routeback' was
+    specified in /etc/shorewall/routestopped.
+
 ----------------------------------------------------------------------------
           P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 2
 ----------------------------------------------------------------------------
@@ -184,7 +237,7 @@ Shorewall 4.4.2
     /etc/shorewall/routestopped.
 
 4)  In earlier versions, if a file with the same name as a built-in
-    action were present in the CONFIG_PATH, then the compiler would
+    action was present in the CONFIG_PATH, then the compiler would
     process that file like it was an extension script.
 
     The compiler now ignores the presence of such files.
@@ -192,7 +245,7 @@ Shorewall 4.4.2
 5)  Several configuration issues which previously produced an error or
     warning are now handled differently.
 
-    a)  MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
+    a)  MAPOLDACTIONS=Yes and MAPOLDACTIONS= in shorewall.conf are now
         handled as they were by the old shell-based compiler. That is,
         they cause pre-3.0 built-in actions to be mapped automatically
         to the corresponding macro invocation.
@@ -207,8 +260,8 @@ Shorewall 4.4.2
         a warning.
 
 6)  Previously, it was not possible to specify an IP address range in
-    ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
-    for the patch.
+    the ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee
+    Shrieve for the patch.
 
 7)  The 'wait4ifup' script included for Debian compatibility now runs
     correctly with no PATH.

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.2
-%define release 0base
+%define release 5
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -104,6 +104,16 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 
 %changelog
+* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-5
+* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-4
+* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-3
+* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-2
+* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-1
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.2
-%define release 0base
+%define release 5
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -89,6 +89,16 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-5
+* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-4
+* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-3
+* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-2
+* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-1
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.2
-%define release 0base
+%define release 5
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -93,6 +93,16 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-5
+* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-4
+* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-3
+* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-2
+* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
+- Updated to 4.4.2-1
 * Sun Sep 06 2009 Tom Eastep tom@shorewall.net
 - Updated to 4.4.2-0base
 * Fri Sep 04 2009 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.2
+VERSION=4.4.2.5
 
 usage() # $1 = exit status
 {