Allow protocol to be expressed in octal or hex

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.6
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -100,6 +100,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Fri Jan 15 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.6-1
 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.6-0base
 * Tue Jan 12 2010 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Config.pm

@@ -330,7 +330,7 @@ sub initialize( $ ) {
 		    TC_SCRIPT => '',
 		    EXPORT => 0,
 		    UNTRACKED => 0,
-		    VERSION => "4.4.6",
+		    VERSION => "4.4.6.1",
 		    CAPVERSION => 40407 ,
 		  );
 

Shorewall/Perl/Shorewall/IPAddrs.pm

@@ -287,7 +287,12 @@ sub resolve_proto( $ ) {
     my $proto = $_[0];
     my $number;
 
-    $proto =~ /^(\d+)$/ ? $proto <= 65535 ? $proto : undef : defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto;
+    if ( $proto =~ /^\d+$/ || $proto =~ /^0x/ ) {
+	$number = numeric_value ( $proto );
+	defined $number && $number <= 65535 ? $number : undef;
+    } else {
+	defined( $number = $nametoproto{$proto} ) ? $number : scalar getprotobyname $proto;
+    }
 }
 
 sub proto_name( $ ) {
@@ -301,7 +306,7 @@ sub validate_port( $$ ) {
 
     my $value;
 
-    if ( $port =~ /^(\d+)$/ ) {
+    if ( $port =~ /^(\d+)$/ || $port =~ /^0x/ ) {
 	$port = numeric_value $port;
 	return $port if defined $port && $port && $port <= 65535;
     } else {
@@ -309,7 +314,7 @@ sub validate_port( $$ ) {
 	$value = getservbyname( $port, $proto );
     }
 
-    fatal_error "Invalid/Unknown $proto port/service ($port)" unless defined $value;
+    fatal_error "Invalid/Unknown $proto port/service ($_[1])" unless defined $value;
 
     $value;
 }

Shorewall/changelog.txt

@@ -1,3 +1,10 @@
+Changes in Shorewall 4.4.6.1
+
+1)  Do a proper job of parsing octal/hex numbers in the PORT and PROTO
+    columns
+
+2)  Install tcinterfaces and tcpri.
+
 Changes in Shorewall 4.4.6
 
 1)  Fix for rp_filter and kernel 2.6.31.

Shorewall/configfiles/tcinterfaces

@@ -0,0 +1,11 @@
+#
+# Shorewall version 4 - Tcinterfaces File
+#
+# For information about entries in this file, type "man shorewall-tcinterfaces"
+#
+# See http://shorewall.net/simple_traffic_shaping.htm for additional
+# information.
+#
+###############################################################################
+#INTERFACE		TYPE	IN-BANDWIDTH
+

Shorewall/configfiles/tcpri

@@ -0,0 +1,13 @@
+#
+# Shorewall version 4 - Tcpri File
+#
+# For information about entries in this file, type "man shorewall-tcpri"
+#
+# See http://shorewall.net/simple_traffic_shaping.htm for additional
+# information.
+#
+###############################################################################
+#BAND	PROTO	PORT(S)		ADDRESS		IN-INTERFACE	HELPER
+
+
+

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {
@@ -431,6 +431,26 @@ if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall/tcrules ]; then
     echo "TC Rules file installed as ${PREFIX}/etc/shorewall/tcrules"
 fi
 
+#
+# Install the TC Interfaces file
+#
+run_install $OWNERSHIP -m 0644 configfiles/tcinterfaces ${PREFIX}/usr/share/shorewall/configfiles/tcinterfaces
+
+if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall/tcinterfaces ]; then
+    run_install $OWNERSHIP -m 0600 configfiles/tcinterfaces ${PREFIX}/etc/shorewall/tcinterfaces
+    echo "TC Interfaces file installed as ${PREFIX}/etc/shorewall/tcinterfaces"
+fi
+
+#
+# Install the TC Priority file
+#
+run_install $OWNERSHIP -m 0644 configfiles/tcpri ${PREFIX}/usr/share/shorewall/configfiles/tcpri
+
+if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall/tcpri ]; then
+    run_install $OWNERSHIP -m 0600 configfiles/tcpri ${PREFIX}/etc/shorewall/tcpri
+    echo "TC Priority file installed as ${PREFIX}/etc/shorewall/tcpri"
+fi
+
 #
 # Install the TOS file
 #

Shorewall/known_problems.txt

@@ -1 +1,7 @@
-There are no known problems in Shorewall 4.4.6
+1)  The tcinterfaces and tcpri files are not installed in
+    /etc/shorewall/.
+
+    To work around this problem, simply create the files if you want to
+    use them.
+
+    Fixed in Shorewall 4.4.6.1.

Shorewall/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 4.4.6
+Shorewall 4.4.6 Patch Release 1.
 
 ----------------------------------------------------------------------------
                R E L E A S E  4 . 4  H I G H L I G H T S
@@ -174,6 +174,16 @@ Shorewall 4.4.6
     now, if the zone has <interface>:0.0.0.0/0 (even with exclusions),
     then it may have no additional members in /etc/shorewall/hosts.
 
+----------------------------------------------------------------------------
+      P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 6 . 1
+----------------------------------------------------------------------------
+
+1)  Shorewall now properly handles octal and hex numbers in PORT and
+    PROTO columns.
+
+2)  The 'tcinterfaces' and 'tcpri' files are now installed in
+    /etc/shorewall/ and in /usr/share/shorewall/configfiles/.
+
 ----------------------------------------------------------------------------
         P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 6
 ----------------------------------------------------------------------------

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.6
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -106,6 +106,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples 
 
 %changelog
+* Fri Jan 15 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.6-1
 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.6-0base
 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.6
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -91,6 +91,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
+* Fri Jan 15 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.6-1
 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.6-0base
 * Tue Jan 12 2010 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall6/fallback.sh

@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {
@@ -371,6 +371,26 @@ if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcrules ]; then
     echo "TC Rules file installed as ${PREFIX}/etc/shorewall6/tcrules"
 fi
 
+#
+# Install the TC Interfaces file
+#
+run_install $OWNERSHIP -m 0644 tcinterfaces ${PREFIX}/usr/share/shorewall6/configfiles/tcinterfaces
+
+if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcinterfaces ]; then
+    run_install $OWNERSHIP -m 0600 tcinterfaces ${PREFIX}/etc/shorewall6/tcinterfaces
+    echo "TC Interfaces file installed as ${PREFIX}/etc/shorewall6/tcinterfaces"
+fi
+
+#
+# Install the TC Priority file
+#
+run_install $OWNERSHIP -m 0644 tcpri ${PREFIX}/usr/share/shorewall6/configfiles/tcpri
+
+if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall6/tcpri ]; then
+    run_install $OWNERSHIP -m 0600 tcpri ${PREFIX}/etc/shorewall6/tcpri
+    echo "TC Priority file installed as ${PREFIX}/etc/shorewall6/tcpri"
+fi
+
 #
 # Install the TOS file
 #

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.6
-%define release 0base
+%define release 1
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -95,6 +95,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
+* Fri Jan 15 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.6-1
 * Wed Jan 13 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.6-0base
 * Tue Jan 12 2010 Tom Eastep tom@shorewall.net

Shorewall6/tcinterfaces

@@ -0,0 +1,11 @@
+#
+# Shorewall6 version 4 - Tcinterfaces File
+#
+# For information about entries in this file, type "man shorewall6-tcinterfaces"
+#
+# See http://shorewall.net/simple_traffic_shaping.htm for additional
+# information.
+#
+###############################################################################
+#INTERFACE		TYPE	IN-BANDWIDTH
+

Shorewall6/tcpri

@@ -0,0 +1,13 @@
+#
+# Shorewall6 version 4 - Tcpri File
+#
+# For information about entries in this file, type "man shorewall6-tcpri"
+#
+# See http://shorewall.net/simple_traffic_shaping.htm for additional
+# information.
+#
+###############################################################################
+#BAND	PROTO	PORT(S)		ADDRESS		IN-INTERFACE	HELPER
+
+
+

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.6
+VERSION=4.4.6.1
 
 usage() # $1 = exit status
 {

manpages/shorewall-masq.xml

@@ -32,8 +32,10 @@
     </warning>
 
     <warning>
-      <para>If you have more than one ISP, adding entries to this file will
-      *not* force connections to go out through a particular ISP. You must use
+      <para>If you have more than one ISP link, adding entries to this file
+      will <emphasis role="bold">not</emphasis> force connections to go out
+      through a particular link. You must use entries in <ulink
+      url="shorewall-route_rules.html">shorewall-route_rules</ulink>(5) or
       PREROUTING entries in <ulink
       url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) to do
       that.</para>
@@ -72,8 +74,8 @@
 
           <para>Where <ulink
           url="http://www.shorewall.net/4.4/MultiISP.html#Shared">more that
-          one internet providers shares a single interface</ulink>, the
-          provider is specified by including the provider name or number in
+          one internet provider share a single interface</ulink>, the provider
+          is specified by including the provider name or number in
           parentheses:</para>
 
           <programlisting>        eth0(Avvanta)</programlisting>