forked from extern/shorewall_code
Compare commits
15 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
cf52c22717 | ||
|
cc7514e1a4 | ||
|
55b208ec96 | ||
|
6eeff97da2 | ||
|
3a9af915d5 | ||
|
c72a290e3f | ||
|
bdb34caf5c | ||
|
ebda83f4d2 | ||
|
29e9fbe515 | ||
|
b679cfdf24 | ||
|
f7a3eba73c | ||
|
5dd9c5705c | ||
|
1254dd23cf | ||
|
9eb85f51ef | ||
|
818379a8a6 |
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall-lite
|
%define name shorewall-lite
|
||||||
%define version 4.4.2
|
%define version 4.4.2
|
||||||
%define release 0base
|
%define release 5
|
||||||
|
|
||||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -98,6 +98,16 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-5
|
||||||
|
* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-4
|
||||||
|
* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-3
|
||||||
|
* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-2
|
||||||
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-1
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.2-0base
|
- Updated to 4.4.2-0base
|
||||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -230,14 +230,24 @@ sub generate_script_2() {
|
|||||||
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
|
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
|
||||||
);
|
);
|
||||||
|
|
||||||
my $global_variables = have_global_variables;
|
pop_indent;
|
||||||
|
|
||||||
|
emit "\n}\n"; # End of initialize()
|
||||||
|
|
||||||
if ( $global_variables ) {
|
|
||||||
emit( '' ,
|
emit( '' ,
|
||||||
'#' ,
|
'#' ,
|
||||||
'# Set global variables holding detected IP information' ,
|
'# Set global variables holding detected IP information' ,
|
||||||
'#' ,
|
'#' ,
|
||||||
'case $COMMAND in' );
|
'detect_configuration()',
|
||||||
|
'{' );
|
||||||
|
|
||||||
|
my $global_variables = have_global_variables;
|
||||||
|
|
||||||
|
push_indent;
|
||||||
|
|
||||||
|
if ( $global_variables ) {
|
||||||
|
|
||||||
|
emit( 'case $COMMAND in' );
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
@ -273,11 +283,13 @@ sub generate_script_2() {
|
|||||||
pop_indent;
|
pop_indent;
|
||||||
|
|
||||||
emit ( 'esac' ) ,
|
emit ( 'esac' ) ,
|
||||||
|
} else {
|
||||||
|
emit( 'true' ) unless handle_optional_interfaces;
|
||||||
}
|
}
|
||||||
|
|
||||||
pop_indent;
|
pop_indent;
|
||||||
|
|
||||||
emit "\n}\n"; # End of initialize()
|
emit "\n}\n"; # End of detect_configuration()
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -328,7 +328,7 @@ sub initialize( $ ) {
|
|||||||
TC_SCRIPT => '',
|
TC_SCRIPT => '',
|
||||||
EXPORT => 0,
|
EXPORT => 0,
|
||||||
UNTRACKED => 0,
|
UNTRACKED => 0,
|
||||||
VERSION => "4.4.2",
|
VERSION => "4.4.2.5",
|
||||||
CAPVERSION => 40402 ,
|
CAPVERSION => 40402 ,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -290,7 +290,6 @@ sub process_one_masq( )
|
|||||||
next if $addrs eq 'detect';
|
next if $addrs eq 'detect';
|
||||||
for my $addr ( ip_range_explicit $addrs ) {
|
for my $addr ( ip_range_explicit $addrs ) {
|
||||||
unless ( $addresses_to_add{$addr} ) {
|
unless ( $addresses_to_add{$addr} ) {
|
||||||
emit "del_ip_addr $addr $interface" unless $config{RETAIN_ALIASES};
|
|
||||||
$addresses_to_add{$addr} = 1;
|
$addresses_to_add{$addr} = 1;
|
||||||
if ( defined $alias ) {
|
if ( defined $alias ) {
|
||||||
push @addresses_to_add, $addr, "$interface:$alias";
|
push @addresses_to_add, $addr, "$interface:$alias";
|
||||||
|
@ -143,10 +143,12 @@ sub setup_route_marking() {
|
|||||||
sub copy_table( $$$ ) {
|
sub copy_table( $$$ ) {
|
||||||
my ( $duplicate, $number, $realm ) = @_;
|
my ( $duplicate, $number, $realm ) = @_;
|
||||||
|
|
||||||
|
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
||||||
|
|
||||||
if ( $realm ) {
|
if ( $realm ) {
|
||||||
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
||||||
} else {
|
} else {
|
||||||
emit ( "\$IP -$family route show table $duplicate | while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
|
||||||
}
|
}
|
||||||
|
|
||||||
emit ( ' case $net in',
|
emit ( ' case $net in',
|
||||||
@ -163,10 +165,12 @@ sub copy_table( $$$ ) {
|
|||||||
sub copy_and_edit_table( $$$$ ) {
|
sub copy_and_edit_table( $$$$ ) {
|
||||||
my ( $duplicate, $number, $copy, $realm) = @_;
|
my ( $duplicate, $number, $copy, $realm) = @_;
|
||||||
|
|
||||||
|
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
||||||
|
|
||||||
if ( $realm ) {
|
if ( $realm ) {
|
||||||
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
||||||
} else {
|
} else {
|
||||||
emit ( "\$IP -$family route show table $duplicate | while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
|
||||||
}
|
}
|
||||||
|
|
||||||
emit ( ' case $net in',
|
emit ( ' case $net in',
|
||||||
@ -819,6 +823,8 @@ sub handle_optional_interfaces() {
|
|||||||
" ${base}_IS_USABLE=" ,
|
" ${base}_IS_USABLE=" ,
|
||||||
'fi' );
|
'fi' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -330,6 +330,8 @@ sub process_routestopped() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
unless ( $options eq '-' ) {
|
unless ( $options eq '-' ) {
|
||||||
|
my $chainref = $filter_table->{FORWARD};
|
||||||
|
|
||||||
for my $option (split /,/, $options ) {
|
for my $option (split /,/, $options ) {
|
||||||
if ( $option eq 'routeback' ) {
|
if ( $option eq 'routeback' ) {
|
||||||
if ( $routeback ) {
|
if ( $routeback ) {
|
||||||
@ -341,7 +343,7 @@ sub process_routestopped() {
|
|||||||
my $source = match_source_net $host;
|
my $source = match_source_net $host;
|
||||||
my $dest = match_dest_net $host;
|
my $dest = match_dest_net $host;
|
||||||
|
|
||||||
emit "run_iptables -A FORWARD -i $interface -o $interface $source $dest -j ACCEPT";
|
add_rule $chainref , "-i $interface -o $interface $source $dest -j ACCEPT";
|
||||||
clearrule;
|
clearrule;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1576,6 +1578,9 @@ sub process_rules() {
|
|||||||
# Add jumps from the builtin chains to the interface-chains that are used by this configuration
|
# Add jumps from the builtin chains to the interface-chains that are used by this configuration
|
||||||
#
|
#
|
||||||
sub add_interface_jumps {
|
sub add_interface_jumps {
|
||||||
|
our %input_jump_added;
|
||||||
|
our %output_jump_added;
|
||||||
|
our %forward_jump_added;
|
||||||
#
|
#
|
||||||
# Add Nat jumps
|
# Add Nat jumps
|
||||||
#
|
#
|
||||||
@ -1596,10 +1601,10 @@ sub add_interface_jumps {
|
|||||||
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
|
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
|
||||||
#
|
#
|
||||||
for my $interface ( @_ ) {
|
for my $interface ( @_ ) {
|
||||||
add_jump( $filter_table->{FORWARD} , forward_chain $interface , 0, match_source_dev( $interface ) ) if use_forward_chain $interface;
|
add_jump( $filter_table->{FORWARD} , forward_chain $interface , 0, match_source_dev( $interface ) ) unless $forward_jump_added{$interface} || ! use_forward_chain $interface;
|
||||||
add_jump( $filter_table->{INPUT} , input_chain $interface , 0, match_source_dev( $interface ) ) if use_input_chain $interface;
|
add_jump( $filter_table->{INPUT} , input_chain $interface , 0, match_source_dev( $interface ) ) unless $input_jump_added{$interface} || ! use_input_chain $interface;
|
||||||
|
|
||||||
if ( use_output_chain $interface ) {
|
unless ( $output_jump_added{$interface} || ! use_output_chain $interface ) {
|
||||||
add_jump $filter_table->{OUTPUT} , output_chain $interface , 0, match_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
|
add_jump $filter_table->{OUTPUT} , output_chain $interface , 0, match_dest_dev( $interface ) unless get_interface_option( $interface, 'port' );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1666,6 +1671,9 @@ sub generate_matrix() {
|
|||||||
my $notrackref = $raw_table->{notrack_chain $fw};
|
my $notrackref = $raw_table->{notrack_chain $fw};
|
||||||
my @zones = non_firewall_zones;
|
my @zones = non_firewall_zones;
|
||||||
my $interface_jumps_added = 0;
|
my $interface_jumps_added = 0;
|
||||||
|
our %input_jump_added = ();
|
||||||
|
our %output_jump_added = ();
|
||||||
|
our %forward_jump_added = ();
|
||||||
|
|
||||||
#
|
#
|
||||||
# Special processing for complex configurations
|
# Special processing for complex configurations
|
||||||
@ -1687,6 +1695,7 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
if ( use_forward_chain( $interface ) ) {
|
if ( use_forward_chain( $interface ) ) {
|
||||||
$sourcechainref = $filter_table->{forward_chain $interface};
|
$sourcechainref = $filter_table->{forward_chain $interface};
|
||||||
|
add_jump $filter_table->{FORWARD} , $sourcechainref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
|
||||||
} else {
|
} else {
|
||||||
$sourcechainref = $filter_table->{FORWARD};
|
$sourcechainref = $filter_table->{FORWARD};
|
||||||
$interfacematch = match_source_dev $interface;
|
$interfacematch = match_source_dev $interface;
|
||||||
@ -1798,6 +1807,7 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
if ( use_output_chain $interface ) {
|
if ( use_output_chain $interface ) {
|
||||||
$outputref = $filter_table->{output_chain $interface};
|
$outputref = $filter_table->{output_chain $interface};
|
||||||
|
add_jump $filter_table->{OUTPUT}, $outputref, 0, match_dest_dev( $interface ) unless $output_jump_added{$interface}++;
|
||||||
} else {
|
} else {
|
||||||
$outputref = $filter_table->{OUTPUT};
|
$outputref = $filter_table->{OUTPUT};
|
||||||
$interfacematch = match_dest_dev $interface;
|
$interfacematch = match_dest_dev $interface;
|
||||||
@ -1846,6 +1856,7 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
if ( use_input_chain $interface ) {
|
if ( use_input_chain $interface ) {
|
||||||
$inputchainref = $filter_table->{input_chain $interface};
|
$inputchainref = $filter_table->{input_chain $interface};
|
||||||
|
add_jump $filter_table->{INPUT}, $inputchainref, 0, match_source_dev($interface) unless $input_jump_added{$interface}++;
|
||||||
} else {
|
} else {
|
||||||
$inputchainref = $filter_table->{INPUT};
|
$inputchainref = $filter_table->{INPUT};
|
||||||
$interfacematch = match_source_dev $interface;
|
$interfacematch = match_source_dev $interface;
|
||||||
@ -1859,7 +1870,9 @@ sub generate_matrix() {
|
|||||||
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {
|
if ( $frwd_ref && $hostref->{ipsec} ne 'ipsec' ) {
|
||||||
my $ref = source_exclusion( $exclusions, $frwd_ref );
|
my $ref = source_exclusion( $exclusions, $frwd_ref );
|
||||||
if ( use_forward_chain $interface ) {
|
if ( use_forward_chain $interface ) {
|
||||||
add_jump $filter_table->{forward_chain $interface} , $ref, 0, join( '', $source, $ipsec_in_match );
|
my $forwardref = $filter_table->{forward_chain $interface};
|
||||||
|
add_jump $forwardref , $ref, 0, join( '', $source, $ipsec_in_match );
|
||||||
|
add_jump $filter_table->{FORWARD} , $forwardref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
|
||||||
} else {
|
} else {
|
||||||
add_jump $filter_table->{FORWARD} , $ref, 0, join( '', match_source_dev( $interface ) , $source, $ipsec_in_match );
|
add_jump $filter_table->{FORWARD} , $ref, 0, join( '', match_source_dev( $interface ) , $source, $ipsec_in_match );
|
||||||
move_rules ( $filter_table->{forward_chain $interface} , $frwd_ref );
|
move_rules ( $filter_table->{forward_chain $interface} , $frwd_ref );
|
||||||
@ -1978,6 +1991,7 @@ sub generate_matrix() {
|
|||||||
|
|
||||||
if ( use_forward_chain $interface ) {
|
if ( use_forward_chain $interface ) {
|
||||||
$chain3ref = $filter_table->{forward_chain $interface};
|
$chain3ref = $filter_table->{forward_chain $interface};
|
||||||
|
add_jump $filter_table->{FORWARD} , $chain3ref, 0 , match_source_dev( $interface ) unless $forward_jump_added{$interface}++;
|
||||||
} else {
|
} else {
|
||||||
$chain3ref = $filter_table->{FORWARD};
|
$chain3ref = $filter_table->{FORWARD};
|
||||||
$match_source_dev = match_source_dev $interface;
|
$match_source_dev = match_source_dev $interface;
|
||||||
|
@ -362,6 +362,7 @@ case "$COMMAND" in
|
|||||||
status=0
|
status=0
|
||||||
else
|
else
|
||||||
progress_message3 "Starting $PRODUCT...."
|
progress_message3 "Starting $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
||||||
@ -371,6 +372,7 @@ case "$COMMAND" in
|
|||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
progress_message3 "Stopping $PRODUCT...."
|
progress_message3 "Stopping $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
stop_firewall
|
stop_firewall
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
@ -414,6 +416,7 @@ case "$COMMAND" in
|
|||||||
progress_message3 "Starting $PRODUCT...."
|
progress_message3 "Starting $PRODUCT...."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
@ -425,6 +428,7 @@ case "$COMMAND" in
|
|||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall_is_started; then
|
if shorewall_is_started; then
|
||||||
progress_message3 "Refreshing $PRODUCT...."
|
progress_message3 "Refreshing $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
@ -435,6 +439,7 @@ case "$COMMAND" in
|
|||||||
;;
|
;;
|
||||||
restore)
|
restore)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
|
@ -328,6 +328,7 @@ else
|
|||||||
status=0
|
status=0
|
||||||
else
|
else
|
||||||
progress_message3 "Starting $PRODUCT...."
|
progress_message3 "Starting $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
||||||
@ -337,6 +338,7 @@ else
|
|||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
progress_message3 "Stopping $PRODUCT...."
|
progress_message3 "Stopping $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
stop_firewall
|
stop_firewall
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
@ -379,6 +381,7 @@ else
|
|||||||
progress_message3 "Starting $PRODUCT...."
|
progress_message3 "Starting $PRODUCT...."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
@ -390,6 +393,7 @@ else
|
|||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall6_is_started; then
|
if shorewall6_is_started; then
|
||||||
progress_message3 "Refreshing $PRODUCT...."
|
progress_message3 "Refreshing $PRODUCT...."
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
@ -400,6 +404,7 @@ else
|
|||||||
;;
|
;;
|
||||||
restore)
|
restore)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
|
@ -1,3 +1,23 @@
|
|||||||
|
Changes in Shorewall 4.4.2.4
|
||||||
|
|
||||||
|
1) Correct optional interfaces.
|
||||||
|
|
||||||
|
Changes in Shorewall 4.4.2.3
|
||||||
|
|
||||||
|
1) Fix internal error with RETAIN_ALIASES=No.
|
||||||
|
|
||||||
|
2) Only detect IP configuration when needed.
|
||||||
|
|
||||||
|
3) Fix nested zones.
|
||||||
|
|
||||||
|
Changes in Shorewall 4.4.2.2
|
||||||
|
|
||||||
|
1) Another fix for 'routeback' in routestopped.
|
||||||
|
|
||||||
|
Changes in Shorewall 4.4.2.1
|
||||||
|
|
||||||
|
1) Fix 'routeback' in routestopped.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.2
|
Changes in Shorewall 4.4.2
|
||||||
|
|
||||||
1) BUGFIX: Correct detection of Persistent SNAT support
|
1) BUGFIX: Correct detection of Persistent SNAT support
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1 +1,39 @@
|
|||||||
There are no known problems in Shorewall version 4.4.2
|
1) 'shorewall check' produces an internal error if 'routeback' appears
|
||||||
|
in /etc/shorewall/routestopped.
|
||||||
|
|
||||||
|
You can work around this problem by using 'source' rather than
|
||||||
|
'routeback'.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.1.
|
||||||
|
|
||||||
|
2) 'routeback' appearing in /etc/shorewall/routestopped doesn't
|
||||||
|
work (routeback traffic is not allowed).
|
||||||
|
|
||||||
|
You can work around this problem by using 'source' rather than
|
||||||
|
'routeback'.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.2.
|
||||||
|
|
||||||
|
3) If an alias IP address was added and RETAIN_ALIASES=No in
|
||||||
|
shorewall.conf, a compiler internal error results.
|
||||||
|
|
||||||
|
You can work around this problem by setting RETAIN_ALIASES=Yes in
|
||||||
|
shorewall.conf.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.3.
|
||||||
|
|
||||||
|
4) Nested zones where the parent zone is defined by a wildcard in
|
||||||
|
/etc/shorewall/interfaces (interface names ends in +), don't always
|
||||||
|
work correctly.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.3.
|
||||||
|
|
||||||
|
5) Global IP configuration variables are not being set in IPv6
|
||||||
|
configurations. This could cause 'shorewall6 start' to fail.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.4.
|
||||||
|
|
||||||
|
6) Under certain circumstances, optional providers are not detected
|
||||||
|
as being usable.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.2.5.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Shorewall 4.4.2
|
Shorewall 4.4.2 Patch Release 5.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
R E L E A S E 4 . 4 H I G H L I G H T S
|
R E L E A S E 4 . 4 H I G H L I G H T S
|
||||||
@ -169,6 +169,59 @@ Shorewall 4.4.2
|
|||||||
now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
|
now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
|
||||||
then it may have no additional members in /etc/shorewall/hosts.
|
then it may have no additional members in /etc/shorewall/hosts.
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 . 5
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) Under certain circumstances, optional providers were not detected
|
||||||
|
as being usable.
|
||||||
|
|
||||||
|
Additionally, messages issued when an optional provider was not
|
||||||
|
usable were confusing; the message intended to be issued when the
|
||||||
|
provider shared an interface ("WARNING: Gateway <gateway> is not
|
||||||
|
reachable -- Provider <name> (<number>) not Added") was being
|
||||||
|
issued when the provider did not share an interface. Similarly, the
|
||||||
|
message intended to be issued when the provider did not share an
|
||||||
|
interface ("WARNING: Interface <interface> is not usable --
|
||||||
|
Provider <name> (<number>) not Added") was being issued when the
|
||||||
|
provider did share an interface.
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 . 4
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
1) Global IP configuration variables were not being set in IPv6
|
||||||
|
configurations. This could cause 'shorewall6 start' to fail.
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 . 3
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) If aliases were added and RETAIN_ALIASES=No in shorewall.conf, then
|
||||||
|
an internal error was generated.
|
||||||
|
|
||||||
|
2) Previously, the generated script set its global IP configuration
|
||||||
|
variables, even when those variables were not required to execute the
|
||||||
|
requested command. If detection of an IP address, route,
|
||||||
|
etc. failed, the command could needlessly fail. Now, these
|
||||||
|
variables are only set when their values are needed to correctly
|
||||||
|
execute the specified command.
|
||||||
|
|
||||||
|
3) Nested zones did not work correctly in some cases where the parent
|
||||||
|
zone was defined with a wild-card interface name (one ending in '+').
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 . 2
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) 'routeback' in /etc/shorewall/routestopped was ineffective.
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2 . 1
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) 'shorewall check' produced an internal error if 'routeback' was
|
||||||
|
specified in /etc/shorewall/routestopped.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
@ -184,7 +237,7 @@ Shorewall 4.4.2
|
|||||||
/etc/shorewall/routestopped.
|
/etc/shorewall/routestopped.
|
||||||
|
|
||||||
4) In earlier versions, if a file with the same name as a built-in
|
4) In earlier versions, if a file with the same name as a built-in
|
||||||
action were present in the CONFIG_PATH, then the compiler would
|
action was present in the CONFIG_PATH, then the compiler would
|
||||||
process that file like it was an extension script.
|
process that file like it was an extension script.
|
||||||
|
|
||||||
The compiler now ignores the presence of such files.
|
The compiler now ignores the presence of such files.
|
||||||
@ -192,7 +245,7 @@ Shorewall 4.4.2
|
|||||||
5) Several configuration issues which previously produced an error or
|
5) Several configuration issues which previously produced an error or
|
||||||
warning are now handled differently.
|
warning are now handled differently.
|
||||||
|
|
||||||
a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
|
a) MAPOLDACTIONS=Yes and MAPOLDACTIONS= in shorewall.conf are now
|
||||||
handled as they were by the old shell-based compiler. That is,
|
handled as they were by the old shell-based compiler. That is,
|
||||||
they cause pre-3.0 built-in actions to be mapped automatically
|
they cause pre-3.0 built-in actions to be mapped automatically
|
||||||
to the corresponding macro invocation.
|
to the corresponding macro invocation.
|
||||||
@ -207,8 +260,8 @@ Shorewall 4.4.2
|
|||||||
a warning.
|
a warning.
|
||||||
|
|
||||||
6) Previously, it was not possible to specify an IP address range in
|
6) Previously, it was not possible to specify an IP address range in
|
||||||
ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee Shrieve
|
the ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee
|
||||||
for the patch.
|
Shrieve for the patch.
|
||||||
|
|
||||||
7) The 'wait4ifup' script included for Debian compatibility now runs
|
7) The 'wait4ifup' script included for Debian compatibility now runs
|
||||||
correctly with no PATH.
|
correctly with no PATH.
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 4.4.2
|
%define version 4.4.2
|
||||||
%define release 0base
|
%define release 5
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -104,6 +104,16 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-5
|
||||||
|
* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-4
|
||||||
|
* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-3
|
||||||
|
* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-2
|
||||||
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-1
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.2-0base
|
- Updated to 4.4.2-0base
|
||||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall6-lite
|
%define name shorewall6-lite
|
||||||
%define version 4.4.2
|
%define version 4.4.2
|
||||||
%define release 0base
|
%define release 5
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -89,6 +89,16 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-5
|
||||||
|
* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-4
|
||||||
|
* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-3
|
||||||
|
* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-2
|
||||||
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-1
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.2-0base
|
- Updated to 4.4.2-0base
|
||||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall6
|
%define name shorewall6
|
||||||
%define version 4.4.2
|
%define version 4.4.2
|
||||||
%define release 0base
|
%define release 5
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -93,6 +93,16 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Oct 24 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-5
|
||||||
|
* Fri Oct 23 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-4
|
||||||
|
* Tue Oct 13 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-3
|
||||||
|
* Sat Oct 03 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-2
|
||||||
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.2-1
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.2-0base
|
- Updated to 4.4.2-0base
|
||||||
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
* Fri Sep 04 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.2
|
VERSION=4.4.2.5
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user