Compare commits

...

7 Commits

Author SHA1 Message Date
Tom Eastep
39a40e227e Fix formatting error 2009-11-20 12:38:49 -08:00
Tom Eastep
c5b2e6105c Fix class number assignment when WIDE_TC_MARKS=Yes 2009-11-20 12:37:03 -08:00
Tom Eastep
d7cde44a9e Update the known problems list 2009-11-17 12:41:50 -08:00
Tom Eastep
991bad7371 Don't add route rules when interface is down 2009-11-16 11:01:37 -08:00
Tom Eastep
aceb834c0c Fix COPY handling in shared-provider case. 2009-11-12 17:29:10 -08:00
Tom Eastep
8321d6ac4e Fix providers manpage 2009-11-10 15:49:39 -08:00
Tom Eastep
b5b57d6f50 Prepare for 4.4.3.1 in case it is needed 2009-11-01 08:03:16 -08:00
22 changed files with 95 additions and 27 deletions

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -1,6 +1,6 @@
%define name shorewall-lite %define name shorewall-lite
%define version 4.4.3 %define version 4.4.3
%define release 0base %define release 1
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -98,6 +98,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-1
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-0base - Updated to 4.4.3-0base
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net * Sun Sep 06 2009 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -327,7 +327,7 @@ sub initialize( $ ) {
TC_SCRIPT => '', TC_SCRIPT => '',
EXPORT => 0, EXPORT => 0,
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.4.3", VERSION => "4.4.3.1",
CAPVERSION => 40402 , CAPVERSION => 40402 ,
); );

View File

@ -148,7 +148,7 @@ sub copy_table( $$$ ) {
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : ''; my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
if ( $realm ) { if ( $realm ) {
emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" ) emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | while read net route; do" )
} else { } else {
emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" ) emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" )
} }
@ -589,7 +589,7 @@ sub add_an_rtrule( ) {
if ( $optional ) { if ( $optional ) {
my $base = uc chain_base( $providers{$provider}{interface} ); my $base = uc chain_base( $providers{$provider}{interface} );
emit ( '', "if [ -n \$${base}_IS_USABLE ]; then" ); emit ( '', qq(if [ -n "\$${base}_IS_USABLE" ]; then) );
push_indent; push_indent;
} }

View File

@ -153,7 +153,7 @@ our @deferred_rules;
# #
# TCDevices Table # TCDevices Table
# #
# %tcdevices { <interface> -> {in_bandwidth => <value> , # %tcdevices { <interface> => {in_bandwidth => <value> ,
# out_bandwidth => <value> , # out_bandwidth => <value> ,
# number => <number>, # number => <number>,
# classify => 0|1 # classify => 0|1
@ -655,7 +655,7 @@ sub validate_tc_class( ) {
if ( $classnumber ) { if ( $classnumber ) {
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber}; fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
} else { } else {
$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : hex_value( $devnum . $markval ); $classnumber = $config{WIDE_TC_MARKS} ? $devref->{nextclass}++ : hex_value( $devnum . $markval );
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
} }
} }

View File

@ -1,3 +1,7 @@
Changes in Shorewall 4.4.3.1
1) Fix COPY handling in shared-provider case.
Changes in Shorewall 4.4.3 Changes in Shorewall 4.4.3
1) Move Debian INITLOG initialization to /etc/default/shorewall 1) Move Debian INITLOG initialization to /etc/default/shorewall

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -1 +1,41 @@
There are no known problems in Shorewall version 4.4.3 1) In some simple one-interface configurations, the following Perl
run-time error messages is issued:
Generating Rule Matrix...
Use of uninitialized value in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Chains.pm line 649.
Use of uninitialized value in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Chains.pm line 649.
Creating iptables-restore input...
The messages are harmless and can be ignored.
2) The Shorewall operations log (specified by STARTUP_LOG) is not
secured 0600.
To work around the this issue, simply use chmod to change the
file's permissions.
3) The compiler generates an incorrect test for interface
availability in the generated code for adding route rules. The
result is that the rules are always added, regardless of the
state of the provider's interface.
Will be corrected in Shorewall 4.4.4.
4) When TC_WIDE_MARKS=Yes and class numbers are not explicitly
specified in /etc/shorewall/tcclasses, duplicate class numbers
result. A typical error message is:
ERROR: Command "tc class add dev eth3 parent 1:1 classid
1:1 htb rate 1024kbit ceil 100000kbit prio 1 quantum 1500"
Failed
Note that the class ID of the class being added is a duplicate of
the parent's class ID.
You can work around this problem by explicitly specifying class
numbers in the INTERFACE column (e.g., 'eth0:2' or '1:2').
Will be corrected in Shorewall 4.4.4.

View File

@ -1,4 +1,4 @@
Shorewall 4.4.3 Shorewall 4.4.3 Patch release 1.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
R E L E A S E 4 . 4 H I G H L I G H T S R E L E A S E 4 . 4 H I G H L I G H T S
@ -173,6 +173,27 @@ Shorewall 4.4.3
default. If, for some reason, you don't want 'track' then specify default. If, for some reason, you don't want 'track' then specify
'notrack' for the provider. 'notrack' for the provider.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3 . 1
----------------------------------------------------------------------------
1) Previously, the compiler generated an incorrect test for interface
availability in the generated code for adding route rules. The
result was that the rules were always added, regardless of the
state of the provider's interface. Now, the rules are only added
when the interface is available.
2) When TC_WIDE_MARKS=Yes and class numbers are not explicitly
specified in /etc/shorewall/tcclasses, duplicate class numbers
result. A typical error message is:
ERROR: Command "tc class add dev eth3 parent 1:1 classid
1:1 htb rate 1024kbit ceil 100000kbit prio 1 quantum 1500"
Failed
Note that the class ID of the class being added is a duplicate of
the parent's class ID.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 3 P R O B L E M S C O R R E C T E D I N 4 . 4 . 3
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

View File

@ -1,6 +1,6 @@
%define name shorewall %define name shorewall
%define version 4.4.3 %define version 4.4.3
%define release 0base %define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -104,6 +104,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog %changelog
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-1
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-0base - Updated to 4.4.3-0base
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net * Sun Sep 06 2009 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -1,6 +1,6 @@
%define name shorewall6-lite %define name shorewall6-lite
%define version 4.4.3 %define version 4.4.3
%define release 0base %define release 1
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -89,6 +89,8 @@ fi
%doc COPYING changelog.txt releasenotes.txt %doc COPYING changelog.txt releasenotes.txt
%changelog %changelog
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-1
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-0base - Updated to 4.4.3-0base
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net * Sun Sep 06 2009 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of # shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall. # Shoreline Firewall.
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# #
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -1,6 +1,6 @@
%define name shorewall6 %define name shorewall6
%define version 4.4.3 %define version 4.4.3
%define release 0base %define release 1
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems. Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
Name: %{name} Name: %{name}
@ -93,6 +93,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog %changelog
* Sun Nov 01 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-1
* Fri Oct 02 2009 Tom Eastep tom@shorewall.net * Fri Oct 02 2009 Tom Eastep tom@shorewall.net
- Updated to 4.4.3-0base - Updated to 4.4.3-0base
* Sun Sep 06 2009 Tom Eastep tom@shorewall.net * Sun Sep 06 2009 Tom Eastep tom@shorewall.net

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version # You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall # shown below. Simply run this script to remove Shorewall Firewall
VERSION=4.4.3 VERSION=4.4.3.1
usage() # $1 = exit status usage() # $1 = exit status
{ {

View File

@ -164,11 +164,6 @@
hosts will be connecting to local servers through this hosts will be connecting to local servers through this
provider.</para> provider.</para>
<para>Beginning with Shorewall 4.4.3, <option>track</option>
is the default. If, for some reason, you don't want
<option>track</option> then specify <option>notrack</option>
(see below).</para>
<para>Beginning with Shorewall 4.4.3, <option>track</option> <para>Beginning with Shorewall 4.4.3, <option>track</option>
defaults to the setting of the TRACK_PROVIDERS option in defaults to the setting of the TRACK_PROVIDERS option in
<ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5). <ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5).