forked from extern/shorewall_code
Compare commits
7 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
39a40e227e | ||
|
c5b2e6105c | ||
|
d7cde44a9e | ||
|
991bad7371 | ||
|
aceb834c0c | ||
|
8321d6ac4e | ||
|
b5b57d6f50 |
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall-lite
|
%define name shorewall-lite
|
||||||
%define version 4.4.3
|
%define version 4.4.3
|
||||||
%define release 0base
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -98,6 +98,8 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.3-1
|
||||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.3-0base
|
- Updated to 4.4.3-0base
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -327,7 +327,7 @@ sub initialize( $ ) {
|
|||||||
TC_SCRIPT => '',
|
TC_SCRIPT => '',
|
||||||
EXPORT => 0,
|
EXPORT => 0,
|
||||||
UNTRACKED => 0,
|
UNTRACKED => 0,
|
||||||
VERSION => "4.4.3",
|
VERSION => "4.4.3.1",
|
||||||
CAPVERSION => 40402 ,
|
CAPVERSION => 40402 ,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@ sub copy_table( $$$ ) {
|
|||||||
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
||||||
|
|
||||||
if ( $realm ) {
|
if ( $realm ) {
|
||||||
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | while read net route; do" )
|
||||||
} else {
|
} else {
|
||||||
emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
|
emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
|
||||||
}
|
}
|
||||||
@ -589,7 +589,7 @@ sub add_an_rtrule( ) {
|
|||||||
|
|
||||||
if ( $optional ) {
|
if ( $optional ) {
|
||||||
my $base = uc chain_base( $providers{$provider}{interface} );
|
my $base = uc chain_base( $providers{$provider}{interface} );
|
||||||
emit ( '', "if [ -n \$${base}_IS_USABLE ]; then" );
|
emit ( '', qq(if [ -n "\$${base}_IS_USABLE" ]; then) );
|
||||||
push_indent;
|
push_indent;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ our @deferred_rules;
|
|||||||
#
|
#
|
||||||
# TCDevices Table
|
# TCDevices Table
|
||||||
#
|
#
|
||||||
# %tcdevices { <interface> -> {in_bandwidth => <value> ,
|
# %tcdevices { <interface> => {in_bandwidth => <value> ,
|
||||||
# out_bandwidth => <value> ,
|
# out_bandwidth => <value> ,
|
||||||
# number => <number>,
|
# number => <number>,
|
||||||
# classify => 0|1
|
# classify => 0|1
|
||||||
@ -655,7 +655,7 @@ sub validate_tc_class( ) {
|
|||||||
if ( $classnumber ) {
|
if ( $classnumber ) {
|
||||||
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
|
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
|
||||||
} else {
|
} else {
|
||||||
$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : hex_value( $devnum . $markval );
|
$classnumber = $config{WIDE_TC_MARKS} ? $devref->{nextclass}++ : hex_value( $devnum . $markval );
|
||||||
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
|
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
Changes in Shorewall 4.4.3.1
|
||||||
|
|
||||||
|
1) Fix COPY handling in shared-provider case.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.3
|
Changes in Shorewall 4.4.3
|
||||||
|
|
||||||
1) Move Debian INITLOG initialization to /etc/default/shorewall
|
1) Move Debian INITLOG initialization to /etc/default/shorewall
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1 +1,41 @@
|
|||||||
There are no known problems in Shorewall version 4.4.3
|
1) In some simple one-interface configurations, the following Perl
|
||||||
|
run-time error messages is issued:
|
||||||
|
|
||||||
|
Generating Rule Matrix...
|
||||||
|
Use of uninitialized value in concatenation (.) or string at
|
||||||
|
/usr/share/shorewall/Shorewall/Chains.pm line 649.
|
||||||
|
Use of uninitialized value in concatenation (.) or string at
|
||||||
|
/usr/share/shorewall/Shorewall/Chains.pm line 649.
|
||||||
|
Creating iptables-restore input...
|
||||||
|
|
||||||
|
The messages are harmless and can be ignored.
|
||||||
|
|
||||||
|
2) The Shorewall operations log (specified by STARTUP_LOG) is not
|
||||||
|
secured 0600.
|
||||||
|
|
||||||
|
To work around the this issue, simply use chmod to change the
|
||||||
|
file's permissions.
|
||||||
|
|
||||||
|
3) The compiler generates an incorrect test for interface
|
||||||
|
availability in the generated code for adding route rules. The
|
||||||
|
result is that the rules are always added, regardless of the
|
||||||
|
state of the provider's interface.
|
||||||
|
|
||||||
|
Will be corrected in Shorewall 4.4.4.
|
||||||
|
|
||||||
|
4) When TC_WIDE_MARKS=Yes and class numbers are not explicitly
|
||||||
|
specified in /etc/shorewall/tcclasses, duplicate class numbers
|
||||||
|
result. A typical error message is:
|
||||||
|
|
||||||
|
ERROR: Command "tc class add dev eth3 parent 1:1 classid
|
||||||
|
1:1 htb rate 1024kbit ceil 100000kbit prio 1 quantum 1500"
|
||||||
|
Failed
|
||||||
|
|
||||||
|
Note that the class ID of the class being added is a duplicate of
|
||||||
|
the parent's class ID.
|
||||||
|
|
||||||
|
You can work around this problem by explicitly specifying class
|
||||||
|
numbers in the INTERFACE column (e.g., 'eth0:2' or '1:2').
|
||||||
|
|
||||||
|
Will be corrected in Shorewall 4.4.4.
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Shorewall 4.4.3
|
Shorewall 4.4.3 Patch release 1.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
R E L E A S E 4 . 4 H I G H L I G H T S
|
R E L E A S E 4 . 4 H I G H L I G H T S
|
||||||
@ -173,6 +173,27 @@ Shorewall 4.4.3
|
|||||||
default. If, for some reason, you don't want 'track' then specify
|
default. If, for some reason, you don't want 'track' then specify
|
||||||
'notrack' for the provider.
|
'notrack' for the provider.
|
||||||
|
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3 . 1
|
||||||
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
1) Previously, the compiler generated an incorrect test for interface
|
||||||
|
availability in the generated code for adding route rules. The
|
||||||
|
result was that the rules were always added, regardless of the
|
||||||
|
state of the provider's interface. Now, the rules are only added
|
||||||
|
when the interface is available.
|
||||||
|
|
||||||
|
2) When TC_WIDE_MARKS=Yes and class numbers are not explicitly
|
||||||
|
specified in /etc/shorewall/tcclasses, duplicate class numbers
|
||||||
|
result. A typical error message is:
|
||||||
|
|
||||||
|
ERROR: Command "tc class add dev eth3 parent 1:1 classid
|
||||||
|
1:1 htb rate 1024kbit ceil 100000kbit prio 1 quantum 1500"
|
||||||
|
Failed
|
||||||
|
|
||||||
|
Note that the class ID of the class being added is a duplicate of
|
||||||
|
the parent's class ID.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3
|
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 4.4.3
|
%define version 4.4.3
|
||||||
%define release 0base
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -104,6 +104,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.3-1
|
||||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.3-0base
|
- Updated to 4.4.3-0base
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall6-lite
|
%define name shorewall6-lite
|
||||||
%define version 4.4.3
|
%define version 4.4.3
|
||||||
%define release 0base
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -89,6 +89,8 @@ fi
|
|||||||
%doc COPYING changelog.txt releasenotes.txt
|
%doc COPYING changelog.txt releasenotes.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.3-1
|
||||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.3-0base
|
- Updated to 4.4.3-0base
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall6
|
%define name shorewall6
|
||||||
%define version 4.4.3
|
%define version 4.4.3
|
||||||
%define release 0base
|
%define release 1
|
||||||
|
|
||||||
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
@ -93,6 +93,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
|
||||||
|
- Updated to 4.4.3-1
|
||||||
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net
|
||||||
- Updated to 4.4.3-0base
|
- Updated to 4.4.3-0base
|
||||||
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Shorewall Firewall
|
# shown below. Simply run this script to remove Shorewall Firewall
|
||||||
|
|
||||||
VERSION=4.4.3
|
VERSION=4.4.3.1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -164,11 +164,6 @@
|
|||||||
hosts will be connecting to local servers through this
|
hosts will be connecting to local servers through this
|
||||||
provider.</para>
|
provider.</para>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.4.3, <option>track</option>
|
|
||||||
is the default. If, for some reason, you don't want
|
|
||||||
<option>track</option> then specify <option>notrack</option>
|
|
||||||
(see below).</para>
|
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.4.3, <option>track</option>
|
<para>Beginning with Shorewall 4.4.3, <option>track</option>
|
||||||
defaults to the setting of the TRACK_PROVIDERS option in
|
defaults to the setting of the TRACK_PROVIDERS option in
|
||||||
<ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5).
|
<ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5).
|
||||||
|
Loading…
Reference in New Issue
Block a user