commit shorewall for openSUSE:Factory
Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2016-03-16 10:36:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shorewall (Old) and /work/SRC/openSUSE:Factory/.shorewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "shorewall" Changes: -------- --- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2015-09-17 09:21:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.shorewall.new/shorewall.changes 2016-03-16 10:36:12.000000000 +0100 @@ -1,0 +2,53 @@ +Sun Mar 6 11:14:41 UTC 2016 - bruno@ioda-net.ch + +- Update to last 4x bugfix version 4.6.13.4 + For details see changelog.txt and releasenotes.txt + + - 4.6.13.4 + * This release includes a couple of additional configure/install + fixes from Matt Darfeuille. + + * The DROP command was previously rejected in the mangle file. + That has been corrected. + + - 4.6.13.3 + * Previously, Shorewall6 rejected rules in which the SOURCE + contained both an interface name and a MAC address (in + Shorewall format). That defect has been corrected so that such + rules are now accepted. + + * A number of corrections have been made to the install, + uninstall and configure scripts (Matt Darfeuille). + + * Previously, optional interfaces were not enabled during 'start' + and 'restart' unless there was at least one entry in the + 'providers' file. This resulted in these interfaces not + appearing in the output of 'shorewall[6] status -i'. + + * The check for use of a circular kernel log buffer (as opposed + to a log file) has been improved. + + * Previously, if a circular log buffer was being used, the output + of various commands still displayed '/var/log/messages' as the + log file. Now, it is displayed as 'logread'. + + * When processing the 'dump' command, the CLI now uses 'netstat' + to print socket information when the 'ss' utility is not + installed. + + - 4.6.13.2 + * Previously, if statistical load balancing was used in the + providers file, the default route in the main table was not + deleted during firewall start/restart. That route is now + correctly deleted. + + - 4.6.13.1 + * Previously, the 'reset' command would fail if chain names were + included. Now, the command succeeds, provided that all of the + specified chains exist in the filter table. + + * The TCP meta-connection is now supported by the Tinc macro and + tunnel type. Previously, only the UDP data connection was + supported. + +------------------------------------------------------------------- Old: ---- shorewall-4.6.13.tar.bz2 shorewall-core-4.6.13.tar.bz2 shorewall-docs-html-4.6.13.tar.bz2 shorewall-init-4.6.13.tar.bz2 shorewall-lite-4.6.13.tar.bz2 shorewall6-4.6.13.tar.bz2 shorewall6-lite-4.6.13.tar.bz2 New: ---- shorewall-4.6.13.4.tar.bz2 shorewall-core-4.6.13.4.tar.bz2 shorewall-docs-html-4.6.13.4.tar.bz2 shorewall-init-4.6.13.4.tar.bz2 shorewall-lite-4.6.13.4.tar.bz2 shorewall6-4.6.13.4.tar.bz2 shorewall6-lite-4.6.13.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.DffBHm/_old 2016-03-16 10:36:14.000000000 +0100 +++ /var/tmp/diff_new_pack.DffBHm/_new 2016-03-16 10:36:14.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package shorewall # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define have_systemd 1 Name: shorewall -Version: 4.6.13 +Version: 4.6.13.4 Release: 0 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems License: GPL-2.0 ++++++ shorewall-4.6.13.tar.bz2 -> shorewall-4.6.13.4.tar.bz2 ++++++ ++++ 1647 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Macros/macro.Tinc new/shorewall-4.6.13.4/Macros/macro.Tinc --- old/shorewall-4.6.13/Macros/macro.Tinc 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-4.6.13.4/Macros/macro.Tinc 2016-01-02 22:14:52.000000000 +0100 @@ -9,3 +9,4 @@ #ACTION SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT(S) PORT(S) LIMIT GROUP PARAM - - udp 655 +PARAM - - tcp 655 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/Shorewall/Chains.pm new/shorewall-4.6.13.4/Perl/Shorewall/Chains.pm --- old/shorewall-4.6.13/Perl/Shorewall/Chains.pm 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/Shorewall/Chains.pm 2016-01-02 23:39:53.000000000 +0100 @@ -7029,7 +7029,7 @@ $inets = $2; } elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ || $source =~ /^(.+?):(!?\+.+)$/ || - $source =~ /^(.+?):(!?[&%].+)$/ || + $source =~ /^(.+?):(!?[&%~].+)$/ || $source =~ /^(.+?):(\[.+\]\/(?:\d+))\s*$/ ) { $iiface = $1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/Shorewall/Config.pm new/shorewall-4.6.13.4/Perl/Shorewall/Config.pm --- old/shorewall-4.6.13/Perl/Shorewall/Config.pm 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/Shorewall/Config.pm 2016-01-02 23:39:53.000000000 +0100 @@ -717,7 +717,7 @@ TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => "4.6.13", + VERSION => "4.6.13.4", CAPVERSION => 40609 , ); # @@ -5166,6 +5166,7 @@ # sub get_params( $ ) { my $export = $_[0]; + my $cygwin = ( $shorewallrc{HOST} eq 'cygwin' ); my $fn = find_file 'params'; @@ -5207,14 +5208,16 @@ $shell = BASH; for ( @params ) { - if ( /^declare -x (.*?)="(.*[^\\])"$/ ) { + chomp; + if ( $cygwin && /^declare -x (.*?)="(.*)"$/ ) { + $params{$1} = $2 unless $1 eq '_'; + } elsif ( /^declare -x (.*?)="(.*[^\\])"$/ ) { $params{$1} = $2 unless $1 eq '_'; } elsif ( /^declare -x (.*?)="(.*)$/ ) { $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n"; } elsif ( /^declare -x (.*)\s+$/ || /^declare -x (.*)=""$/ ) { $params{$1} = ''; } else { - chomp; if ($variable) { s/"$//; $params{$variable} .= $_; @@ -5235,14 +5238,16 @@ $shell = OLDBASH; for ( @params ) { - if ( /^export (.*?)="(.*[^\\])"$/ ) { + chomp; + if ( $cygwin && /^export (.*?)="(.*)"$/ ) { + $params{$1} = $2 unless $1 eq '_'; + } elsif ( /^export (.*?)="(.*[^\\])"$/ ) { $params{$1} = $2 unless $1 eq '_'; } elsif ( /^export (.*?)="(.*)$/ ) { $params{$variable=$1} = $2 eq '"' ? '' : "${2}\n"; } elsif ( /^export ([^\s=]+)\s*$/ || /^export (.*)=""$/ ) { $params{$1} = ''; } else { - chomp; if ($variable) { s/"$//; $params{$variable} .= $_; @@ -5262,6 +5267,7 @@ $shell = ASH; for ( @params ) { + chomp; if ( /^export (.*?)='(.*'"'"')$/ ) { $params{$variable=$1}="${2}\n"; } elsif ( /^export (.*?)='(.*)'$/ ) { @@ -5269,7 +5275,6 @@ } elsif ( /^export (.*?)='(.*)$/ ) { $params{$variable=$1}="${2}\n"; } else { - chomp; if ($variable) { s/'$//; $params{$variable} .= $_; @@ -5281,9 +5286,23 @@ } for ( keys %params ) { - unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) { - fatal_error "The variable name $_ is reserved and may not be set in the params file" - if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_}; + if ( /[^\w]/ ) { + # + # Useless variable with special characters in its name + # + delete $params{$_}; + } elsif ( /^(?:SHLVL|OLDPWD)$/ ) { + # + # The shell running getparams generates those + # + delete $params{$_}; + } else { + unless ( $_ eq 'SHOREWALL_INIT_SCRIPT' ) { + fatal_error "The variable name $_ is reserved and may not be set in the params file" + if /^SW_/ || /^SHOREWALL_/ || ( exists $config{$_} && ! exists $ENV{$_} ) || exists $reserved{$_}; + } + + $params{$_} = '' unless defined $params{$_}; } } @@ -5333,6 +5352,8 @@ next if exists $compiler_params{$param}; my $value = $params{$param}; + + chomp $value; # # Values in %params are generated from the output of 'export -p'. # The different shells have different conventions for delimiting @@ -5343,19 +5364,27 @@ $value =~ s/\\"/"/g; } elsif ( $shell == OLDBASH ) { $value =~ s/\\'/'/g; + $value =~ s/\\"/"/g; + $value =~ s/\\\\/\\/g; } else { $value =~ s/'"'"'/'/g; } # # Don't export pairs from %ENV # - next if defined $ENV{$param} && $value eq $ENV{$param}; + if ( defined $ENV{$param} ) { + next if $value eq $ENV{$param}; + } elsif ( exists $ENV{$param} ) { + next unless supplied $value; + } emit "#\n# From the params file\n#" unless $count++; # # We will use double quotes and escape embedded quotes with \. # - if ( $value =~ /[\s()['"]/ ) { + if ( $value =~ /^"[^"]*"$/ ) { + emit "$param=$value"; + } elsif ( $value =~ /[\s()['"]/ ) { $value =~ s/"/\\"/g; emit "$param='$value'"; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/Shorewall/Providers.pm new/shorewall-4.6.13.4/Perl/Shorewall/Providers.pm --- old/shorewall-4.6.13/Perl/Shorewall/Providers.pm 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/Shorewall/Providers.pm 2016-01-02 23:39:53.000000000 +0100 @@ -60,7 +60,6 @@ our %routemarked_interfaces; our @routemarked_interfaces; our %provider_interfaces; -our @load_providers; our @load_interfaces; our $balancing; @@ -98,7 +97,6 @@ %routemarked_interfaces = (); @routemarked_interfaces = (); %provider_interfaces = (); - @load_providers = (); @load_interfaces = (); $balancing = 0; $fallback = 0; @@ -697,7 +695,7 @@ if ( $track ) { if ( $routemarked_interfaces{$interface} ) { fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface} == ROUTEMARKED_UNSHARED; - fatal_error "Multiple providers through the same interface must their IP address specified in the INTERFACES" unless $shared; + fatal_error "Multiple providers through the same interface must have their IP address specified in the INTERFACES column" unless $shared; } else { $routemarked_interfaces{$interface} = $shared ? ROUTEMARKED_SHARED : ROUTEMARKED_UNSHARED; push @routemarked_interfaces, $interface; @@ -1380,15 +1378,32 @@ emit( 'fi', '' ); } else { + if ( ( $fallback || @load_interfaces ) && $config{USE_DEFAULT_RT} ) { + emit ( q(#), + q(# Delete any default routes in the 'main' table), + q(#), + "while qt \$IP -$family route del default table $main; do", + ' true', + 'done', + '' + ); + } else { + emit ( q(#), + q(# We don't have any 'balance'. 'load=' or 'fallback=' providers so we restore any default route that we've saved), + q(#), + qq(restore_default_route $config{USE_DEFAULT_RT}), + '' + ); + } + emit ( '#', - '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', - '#', - "restore_default_route $config{USE_DEFAULT_RT}" , + '# Delete any routes in the \'balance\' table', '#', - '# And delete any routes in the \'balance\' table', - '#', - "qt \$IP -$family route del default table $balance", - '' ); + "while qt \$IP -$family route del default table $balance; do", + ' true', + 'done', + '' + ); } if ( $fallback ) { @@ -1621,6 +1636,7 @@ sub setup_providers() { our $providers; + our $pseudoproviders; if ( $providers ) { if ( $maxload ) { @@ -1655,6 +1671,11 @@ push_indent; + if ( $pseudoproviders ) { + emit ''; + emit "start_$providers{$_}->{what}_$_" for @providers; + } + emit "\nundo_routing"; emit "restore_default_route $config{USE_DEFAULT_RT}"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/Shorewall/Tc.pm new/shorewall-4.6.13.4/Perl/Shorewall/Tc.pm --- old/shorewall-4.6.13/Perl/Shorewall/Tc.pm 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/Shorewall/Tc.pm 2016-01-02 23:39:54.000000000 +0100 @@ -452,6 +452,16 @@ }, }, + DROP => { + defaultchain => 0, + allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, + minparams => 0, + maxparams => 0, + function => sub() { + $target = 'DROP'; + } + }, + DSCP => { defaultchain => 0, allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/Shorewall/Tunnels.pm new/shorewall-4.6.13.4/Perl/Shorewall/Tunnels.pm --- old/shorewall-4.6.13/Perl/Shorewall/Tunnels.pm 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/Shorewall/Tunnels.pm 2016-01-02 23:39:54.000000000 +0100 @@ -137,6 +137,8 @@ add_tunnel_rule $inchainref, p => 'udp --dport 655', @$source; add_tunnel_rule $outchainref, p => 'udp --dport 655', @$dest; + add_tunnel_rule $inchainref, p => 'tcp --dport 655', @$source; + add_tunnel_rule $outchainref, p => 'tcp --dport 655', @$dest; } sub setup_one_openvpn { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/Perl/prog.footer new/shorewall-4.6.13.4/Perl/prog.footer --- old/shorewall-4.6.13/Perl/prog.footer 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-4.6.13.4/Perl/prog.footer 2016-01-02 22:14:52.000000000 +0100 @@ -267,7 +267,7 @@ status=0 for chain in $@; do if chain_exists $chain; then - if qt $g_tool-Z $chain; then + if qt $g_tool -Z $chain; then progress_message3 "Filter $chain Counters Reset" else error_message "ERROR: Reset of chain $chain failed" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/changelog.txt new/shorewall-4.6.13.4/changelog.txt --- old/shorewall-4.6.13/changelog.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/changelog.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,6 +1,50 @@ +Changes in 4.6.13.4 + +1) Update release documents. + +2) More install/uninstall/configure fixes from Matt Darfeuille. + +3) Support the DROP command in the mangle file. + +Changes in 4.6.13.3 + +1) Update release documents. + +2) Correct handling of MAC addresses in Shorewall6. + +3) Install/uninstall/configure fixes from Matt Darfeuille. + +4) Enable optional interfaces during 'start' and 'restart'. + +5) Improve check for circular log buffer. + +6) Correct display of log name when circular buffer is used. + +7) Use 'netstat' in dump when 'ss' isn't installed. + +Changes in 4.6.13.2 + +1) Update release documents. + +2) Delete default route in main table if load= or fallback= + +3) Backport Matt Darfeuille's fixes. + +4) Add OpenWRT support. + +Changes in 4.6.13.1 + +1) Update release documents. + +2) Correct 'reset' handling + +3) Add the TCP meta-connection to the Tinc macro and tunnel type. + Changes in 4.6.13 Final -1) Allow non-expoerts access to the user bits in the fw mark. +1) Update release documents. + +2) Allow non-expoerts access to the user bits in the fw mark. Changes in 4.6.13 RC 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/configure.pl new/shorewall-4.6.13.4/configure.pl --- old/shorewall-4.6.13/configure.pl 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/configure.pl 2016-01-02 23:39:53.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.13' + VERSION => '4.6.13.4' }; my %params; @@ -52,6 +52,9 @@ $params{$pn} = $pv; } +use File::Basename; +chdir dirname($0); + my $vendor = $params{HOST}; my $rcfile; my $rcfilename; @@ -81,12 +84,39 @@ } if ( defined $vendor ) { - $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; - die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename; + if ( $vendor eq 'debian' && -f '/etc/debian_version' ) { + if ( -l '/sbin/init' ) { + if ( readlink('/sbin/init') =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; + } + + unless ( -f $rcfilename ) { + die qq("ERROR: $vendor" is not a recognized host type); + } elsif ( $vendor eq 'default' ) { + $params{HOST} = $vendor = 'linux'; + } elsif ( $vendor =~ /^debian\./ ) { + $params{HOST} = $vendor = 'debian'; + } } else { if ( -f '/etc/debian_version' ) { $vendor = 'debian'; - $rcfilename = 'shorewallrc.debian.sysvinit'; + if ( -l '/sbin/init' ) { + if ( readlink( '/sbin/init' ) =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } } elsif ( -f '/etc/redhat-release' ){ $vendor = 'redhat'; $rcfilename = 'shorewallrc.redhat'; @@ -143,7 +173,8 @@ open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!"; -printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +print $outfile "# rc file: $rcfilename\n#\n"; print $outfile "# Input: @ARGV\n#\n" if @ARGV; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/install.sh new/shorewall-4.6.13.4/install.sh --- old/shorewall-4.6.13/install.sh 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/install.sh 2016-01-02 23:39:53.000000000 +0100 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.13 +VERSION=4.6.13.4 # # Change to the directory containing this script @@ -389,7 +389,7 @@ fi install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0755 -[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/${PRODUCT} +[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/${PRODUCT} echo "$PRODUCT control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT" # @@ -439,31 +439,33 @@ echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service" fi -# -# These use absolute path names since the files that they are removing existed -# prior to the use of directory variables -# -delete_file ${DESTDIR}/usr/share/$PRODUCT/compiler -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.accounting -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.actions -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.dynamiczones -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.maclist -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.nat -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.providers -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.proxyarp -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tc -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tcrules -delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tunnels +if [ -z "$first_install" ]; then + # + # These use absolute path names since the files that they are removing existed + # prior to the use of directory variables + # + delete_file ${DESTDIR}/usr/share/$PRODUCT/compiler + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.accounting + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.actions + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.dynamiczones + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.maclist + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.nat + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.providers + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.proxyarp + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tc + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tcrules + delete_file ${DESTDIR}/usr/share/$PRODUCT/lib.tunnels + + if [ $PRODUCT = shorewall6 ]; then + delete_file ${DESTDIR}/usr/share/shorewall6/lib.cli + delete_file ${DESTDIR}/usr/share/shorewall6/lib.common + delete_file ${DESTDIR}/usr/share/shorewall6/wait4ifup + fi -if [ $PRODUCT = shorewall6 ]; then - delete_file ${DESTDIR}/usr/share/shorewall6/lib.cli - delete_file ${DESTDIR}/usr/share/shorewall6/lib.common - delete_file ${DESTDIR}/usr/share/shorewall6/wait4ifup + delete_file ${DESTDIR}/usr/share/$PRODUCT/prog.header6 + delete_file ${DESTDIR}/usr/share/$PRODUCT/prog.footer6 fi -delete_file ${DESTDIR}/usr/share/$PRODUCT/prog.header6 -delete_file ${DESTDIR}/usr/share/$PRODUCT/prog.footer6 - # # Install the Modules file # @@ -507,7 +509,7 @@ run_install $OWNERSHIP -m 0644 $PRODUCT.conf.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/ if [ ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf ]; then - run_install $OWNERSHIP -m 0644 ${PRODUCT}.conf${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf + run_install $OWNERSHIP -m 0600 ${PRODUCT}.conf${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/$PRODUCT.conf if [ "$SHAREDIR" != /usr/share -o "$CONFDIR" != /etc ]; then if [ $PRODUCT = shorewall ]; then @@ -546,7 +548,7 @@ run_install $OWNERSHIP -m 0644 zones.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/ if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/zones ]; then - run_install $OWNERSHIP -m 0644 zones${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/zones + run_install $OWNERSHIP -m 0600 zones${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/zones echo "Zones file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/zones" fi @@ -624,7 +626,7 @@ if [ -f ${DESTDIR}${CONFDIR}/$PRODUCT/params ]; then chmod 0644 ${DESTDIR}${CONFDIR}/$PRODUCT/params else - run_install $OWNERSHIP -m 0644 params${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/params + run_install $OWNERSHIP -m 0600 params${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/params echo "Parameter file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/params" fi @@ -1018,7 +1020,7 @@ run_install $OWNERSHIP -m 0644 actions.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/ if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/actions ]; then - run_install $OWNERSHIP -m 0644 actions${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/actions + run_install $OWNERSHIP -m 0600 actions${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/actions echo "Actions file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/actions" fi @@ -1029,7 +1031,7 @@ run_install $OWNERSHIP -m 0644 routes.annotated ${DESTDIR}${SHAREDIR}/$PRODUCT/configfiles/ if [ -z "$SPARSE" -a ! -f ${DESTDIR}${CONFDIR}/$PRODUCT/routes ]; then - run_install $OWNERSHIP -m 0644 routes${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/routes + run_install $OWNERSHIP -m 0600 routes${suffix} ${DESTDIR}${CONFDIR}/$PRODUCT/routes echo "Routes file installed as ${DESTDIR}${CONFDIR}/$PRODUCT/routes" fi @@ -1076,7 +1078,7 @@ # Symbolically link 'functions' to lib.base # ln -sf lib.base ${DESTDIR}${SHAREDIR}/$PRODUCT/functions - [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base + [ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base fi if [ -d Perl ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/known_problems.txt new/shorewall-4.6.13.4/known_problems.txt --- old/shorewall-4.6.13/known_problems.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/known_problems.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,2 +1,25 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. + +2) When one or more chain names are given in a 'reset' command, the + command fails. + + Corrected in Shorewall 4.6.13.1 + +3) The Tinc macro and tinc entries in the tunnels file only enable the + UDP data connection; they do not enable the TCP meta-connection. + + Corrected in Shorewall 4.6.13.1 + +4) If statistical load balancing is used in the providers file, the + default route in the main table is not deleted during firewall + firewall start/restart. This prevents providers whose default + routes were not in the main table from being able to recover from + the disabled state. + + Corrected in Shorewall 4.6.13.2 + +5) The compiler flags DROP as an error in the mangle file. + + Corrected in Shorewall 4.6.13.4. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/lib.cli-std new/shorewall-4.6.13.4/lib.cli-std --- old/shorewall-4.6.13/lib.cli-std 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-4.6.13.4/lib.cli-std 2016-01-02 22:14:52.000000000 +0100 @@ -70,15 +70,7 @@ # This block is avoided for compile for export and when the user isn't root # if [ "$3" = Yes ]; then - if [ -n "$LOGFILE" ]; then - if [ -n "$(syslog_circular_buffer)" ]; then - g_logread="logread | tac" - elif [ -r $LOGFILE ]; then - g_logread="tac $LOGFILE" - else - fatal_error "LOGFILE ($LOGFILE) does not exist!" - fi - fi + setup_logread fi if [ $g_family -eq 4 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-accounting.5 new/shorewall-4.6.13.4/manpages/shorewall-accounting.5 --- old/shorewall-4.6.13/manpages/shorewall-accounting.5 2015-09-08 20:10:35.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-accounting.5 2016-01-02 23:39:55.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-accounting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACCOUNTIN" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACCOUNTIN" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-actions.5 new/shorewall-4.6.13.4/manpages/shorewall-actions.5 --- old/shorewall-4.6.13/manpages/shorewall-actions.5 2015-09-08 20:10:36.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-actions.5 2016-01-02 23:39:56.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-actions .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACTIONS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACTIONS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-arprules.5 new/shorewall-4.6.13.4/manpages/shorewall-arprules.5 --- old/shorewall-4.6.13/manpages/shorewall-arprules.5 2015-09-08 20:10:37.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-arprules.5 2016-01-02 23:39:57.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-arprules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ARPRULES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ARPRULES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-blacklist.5 new/shorewall-4.6.13.4/manpages/shorewall-blacklist.5 --- old/shorewall-4.6.13/manpages/shorewall-blacklist.5 2015-09-08 20:10:38.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-blacklist.5 2016-01-02 23:39:58.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-blacklist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLACKLIST" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLACKLIST" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-blrules.5 new/shorewall-4.6.13.4/manpages/shorewall-blrules.5 --- old/shorewall-4.6.13/manpages/shorewall-blrules.5 2015-09-08 20:10:39.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-blrules.5 2016-01-02 23:39:59.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-blrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLRULES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLRULES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-conntrack.5 new/shorewall-4.6.13.4/manpages/shorewall-conntrack.5 --- old/shorewall-4.6.13/manpages/shorewall-conntrack.5 2015-09-08 20:10:46.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-conntrack.5 2016-01-02 23:40:05.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall6-conntrack .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL6\-CONNTRAC" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL6\-CONNTRAC" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-ecn.5 new/shorewall-4.6.13.4/manpages/shorewall-ecn.5 --- old/shorewall-4.6.13/manpages/shorewall-ecn.5 2015-09-08 20:10:47.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-ecn.5 2016-01-02 23:40:06.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-ecn .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ECN" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ECN" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-exclusion.5 new/shorewall-4.6.13.4/manpages/shorewall-exclusion.5 --- old/shorewall-4.6.13/manpages/shorewall-exclusion.5 2015-09-08 20:10:48.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-exclusion.5 2016-01-02 23:40:07.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-exclusion .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-EXCLUSION" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-EXCLUSION" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-hosts.5 new/shorewall-4.6.13.4/manpages/shorewall-hosts.5 --- old/shorewall-4.6.13/manpages/shorewall-hosts.5 2015-09-08 20:10:49.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-hosts.5 2016-01-02 23:40:08.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-hosts .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-HOSTS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-HOSTS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-init.8 new/shorewall-4.6.13.4/manpages/shorewall-init.8 --- old/shorewall-4.6.13/manpages/shorewall-init.8 2015-09-08 20:10:50.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-init.8 2016-01-02 23:40:09.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-init .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-INIT" "8" "09/08/2015" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-INIT" "8" "01/02/2016" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-interfaces.5 new/shorewall-4.6.13.4/manpages/shorewall-interfaces.5 --- old/shorewall-4.6.13/manpages/shorewall-interfaces.5 2015-09-08 20:10:51.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-interfaces.5 2016-01-02 23:40:11.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-interfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-INTERFACE" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-INTERFACE" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-ipsets.5 new/shorewall-4.6.13.4/manpages/shorewall-ipsets.5 --- old/shorewall-4.6.13/manpages/shorewall-ipsets.5 2015-09-08 20:10:52.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-ipsets.5 2016-01-02 23:40:12.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-ipsets .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-IPSETS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-IPSETS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-maclist.5 new/shorewall-4.6.13.4/manpages/shorewall-maclist.5 --- old/shorewall-4.6.13/manpages/shorewall-maclist.5 2015-09-08 20:10:53.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-maclist.5 2016-01-02 23:40:13.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-maclist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MACLIST" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MACLIST" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-mangle.5 new/shorewall-4.6.13.4/manpages/shorewall-mangle.5 --- old/shorewall-4.6.13/manpages/shorewall-mangle.5 2015-09-08 20:10:55.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-mangle.5 2016-01-02 23:40:14.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MANGLE" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-masq.5 new/shorewall-4.6.13.4/manpages/shorewall-masq.5 --- old/shorewall-4.6.13/manpages/shorewall-masq.5 2015-09-08 20:10:56.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-masq.5 2016-01-02 23:40:15.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-masq .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MASQ" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MASQ" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-modules.5 new/shorewall-4.6.13.4/manpages/shorewall-modules.5 --- old/shorewall-4.6.13/manpages/shorewall-modules.5 2015-09-08 20:10:57.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-modules.5 2016-01-02 23:40:16.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-modules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MODULES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MODULES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-nat.5 new/shorewall-4.6.13.4/manpages/shorewall-nat.5 --- old/shorewall-4.6.13/manpages/shorewall-nat.5 2015-09-08 20:10:58.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-nat.5 2016-01-02 23:40:17.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-nat .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NAT" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NAT" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-nesting.5 new/shorewall-4.6.13.4/manpages/shorewall-nesting.5 --- old/shorewall-4.6.13/manpages/shorewall-nesting.5 2015-09-08 20:10:59.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-nesting.5 2016-01-02 23:40:18.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-nesting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NESTING" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NESTING" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-netmap.5 new/shorewall-4.6.13.4/manpages/shorewall-netmap.5 --- old/shorewall-4.6.13/manpages/shorewall-netmap.5 2015-09-08 20:11:00.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-netmap.5 2016-01-02 23:40:19.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-netmap .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NETMAP" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NETMAP" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-params.5 new/shorewall-4.6.13.4/manpages/shorewall-params.5 --- old/shorewall-4.6.13/manpages/shorewall-params.5 2015-09-08 20:11:01.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-params.5 2016-01-02 23:40:20.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-params .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PARAMS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PARAMS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-policy.5 new/shorewall-4.6.13.4/manpages/shorewall-policy.5 --- old/shorewall-4.6.13/manpages/shorewall-policy.5 2015-09-08 20:11:02.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-policy.5 2016-01-02 23:40:21.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-policy .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-POLICY" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-POLICY" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-providers.5 new/shorewall-4.6.13.4/manpages/shorewall-providers.5 --- old/shorewall-4.6.13/manpages/shorewall-providers.5 2015-09-08 20:11:03.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-providers.5 2016-01-02 23:40:22.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-providers .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROVIDERS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROVIDERS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-proxyarp.5 new/shorewall-4.6.13.4/manpages/shorewall-proxyarp.5 --- old/shorewall-4.6.13/manpages/shorewall-proxyarp.5 2015-09-08 20:11:04.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-proxyarp.5 2016-01-02 23:40:23.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-proxyarp .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROXYARP" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROXYARP" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-routes.5 new/shorewall-4.6.13.4/manpages/shorewall-routes.5 --- old/shorewall-4.6.13/manpages/shorewall-routes.5 2015-09-08 20:11:06.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-routes.5 2016-01-02 23:40:25.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-routes .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-routestopped.5 new/shorewall-4.6.13.4/manpages/shorewall-routestopped.5 --- old/shorewall-4.6.13/manpages/shorewall-routestopped.5 2015-09-08 20:11:05.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-routestopped.5 2016-01-02 23:40:24.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTESTOP" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTESTOP" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-rtrules.5 new/shorewall-4.6.13.4/manpages/shorewall-rtrules.5 --- old/shorewall-4.6.13/manpages/shorewall-rtrules.5 2015-09-08 20:11:07.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-rtrules.5 2016-01-02 23:40:26.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-rtrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RTRULES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RTRULES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-rules.5 new/shorewall-4.6.13.4/manpages/shorewall-rules.5 --- old/shorewall-4.6.13/manpages/shorewall-rules.5 2015-09-08 20:11:10.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-rules.5 2016-01-02 23:40:29.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-rules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RULES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RULES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-secmarks.5 new/shorewall-4.6.13.4/manpages/shorewall-secmarks.5 --- old/shorewall-4.6.13/manpages/shorewall-secmarks.5 2015-09-08 20:11:11.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-secmarks.5 2016-01-02 23:40:30.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-secmarks .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-SECMARKS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-SECMARKS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-stoppedrules.5 new/shorewall-4.6.13.4/manpages/shorewall-stoppedrules.5 --- old/shorewall-4.6.13/manpages/shorewall-stoppedrules.5 2015-09-08 20:11:12.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-stoppedrules.5 2016-01-02 23:40:31.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-stoppedrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-STOPPEDRU" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-STOPPEDRU" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcclasses.5 new/shorewall-4.6.13.4/manpages/shorewall-tcclasses.5 --- old/shorewall-4.6.13/manpages/shorewall-tcclasses.5 2015-09-08 20:11:13.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcclasses.5 2016-01-02 23:40:32.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcclasses .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCCLASSES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCCLASSES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcdevices.5 new/shorewall-4.6.13.4/manpages/shorewall-tcdevices.5 --- old/shorewall-4.6.13/manpages/shorewall-tcdevices.5 2015-09-08 20:11:14.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcdevices.5 2016-01-02 23:40:33.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcdevices .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCDEVICES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCDEVICES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcfilters.5 new/shorewall-4.6.13.4/manpages/shorewall-tcfilters.5 --- old/shorewall-4.6.13/manpages/shorewall-tcfilters.5 2015-09-08 20:11:15.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcfilters.5 2016-01-02 23:40:34.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcfilters .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCFILTERS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCFILTERS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcinterfaces.5 new/shorewall-4.6.13.4/manpages/shorewall-tcinterfaces.5 --- old/shorewall-4.6.13/manpages/shorewall-tcinterfaces.5 2015-09-08 20:11:16.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcinterfaces.5 2016-01-02 23:40:35.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcinterfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCINTERFA" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCINTERFA" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcpri.5 new/shorewall-4.6.13.4/manpages/shorewall-tcpri.5 --- old/shorewall-4.6.13/manpages/shorewall-tcpri.5 2015-09-08 20:11:17.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcpri.5 2016-01-02 23:40:36.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcpri .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCPRI" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCPRI" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tcrules.5 new/shorewall-4.6.13.4/manpages/shorewall-tcrules.5 --- old/shorewall-4.6.13/manpages/shorewall-tcrules.5 2015-09-08 20:11:18.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tcrules.5 2016-01-02 23:40:38.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MANGLE" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tos.5 new/shorewall-4.6.13.4/manpages/shorewall-tos.5 --- old/shorewall-4.6.13/manpages/shorewall-tos.5 2015-09-08 20:11:19.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tos.5 2016-01-02 23:40:39.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tos .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TOS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TOS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-tunnels.5 new/shorewall-4.6.13.4/manpages/shorewall-tunnels.5 --- old/shorewall-4.6.13/manpages/shorewall-tunnels.5 2015-09-08 20:11:21.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-tunnels.5 2016-01-02 23:40:40.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-tunnels .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TUNNELS" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TUNNELS" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-vardir.5 new/shorewall-4.6.13.4/manpages/shorewall-vardir.5 --- old/shorewall-4.6.13/manpages/shorewall-vardir.5 2015-09-08 20:11:22.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-vardir.5 2016-01-02 23:40:41.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-VARDIR" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-VARDIR" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall-zones.5 new/shorewall-4.6.13.4/manpages/shorewall-zones.5 --- old/shorewall-4.6.13/manpages/shorewall-zones.5 2015-09-08 20:11:27.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall-zones.5 2016-01-02 23:40:46.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-zones .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ZONES" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ZONES" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall.8 new/shorewall-4.6.13.4/manpages/shorewall.8 --- old/shorewall-4.6.13/manpages/shorewall.8 2015-09-08 20:11:26.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall.8 2016-01-02 23:40:45.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "09/08/2015" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "01/02/2016" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/manpages/shorewall.conf.5 new/shorewall-4.6.13.4/manpages/shorewall.conf.5 --- old/shorewall-4.6.13/manpages/shorewall.conf.5 2015-09-08 20:10:44.000000000 +0200 +++ new/shorewall-4.6.13.4/manpages/shorewall.conf.5 2016-01-02 23:40:04.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\&.CONF" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\&.CONF" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/releasenotes.txt new/shorewall-4.6.13.4/releasenotes.txt --- old/shorewall-4.6.13/releasenotes.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/releasenotes.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 1 3 + S H O R E W A L L 4 . 6 . 1 3 . 4 ------------------------------ - S e p t e m b e r 0 9 , 2 0 1 5 + J a n u a r y 0 2 , 2 0 1 6 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -22,6 +22,57 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.4 + +1) This release includes a couple of additional configure/install + fixes from Matt Darfeuille. + +2) The DROP command was previously rejected in the mangle file. That + has been corrected. + +4.6.13.3 + +1) Previously, Shorewall6 rejected rules in which the SOURCE contained + both an interface name and a MAC address (in Shorewall + format). That defect has been corrected so that such rules are now + accepted. + +2) A number of corrections have been made to the install, uninstall + and configure scripts (Matt Darfeuille). + +3) Previously, optional interfaces were not enabled during 'start' and + 'restart' unless there was at least one entry in the 'providers' + file. This resulted in these interfaces not appearing in the + output of 'shorewall[6] status -i'. + +4) The check for use of a circular kernel log buffer (as opposed to a + log file) has been improved. + +5) Previously, if a circular log buffer was being used, the output of + various commands still displayed '/var/log/messages' as the log + file. Now, it is displayed as 'logread'. + +6) When processing the 'dump' command, the CLI now uses 'netstat' to + print socket information when the 'ss' utility is not installed. + +4.6.13.2 + +1) Previously, if statistical load balancing was used in the providers + file, the default route in the main table was not deleted during + firewall start/restart. That route is now correctly deleted. + +4.6.13.1 + +1) Previously, the 'reset' command would fail if chain names were + included. Now, the command succeeds, provided that all of the + specified chains exist in the filter table. + +2) The TCP meta-connection is now supported by the Tinc macro and + tunnel type. Previously, only the UDP data connection was + supported. + +4.6.13 Final + 1) The 'rules' file manpages have been corrected regarding the packets that are processed by rules in the NEW section. @@ -67,6 +118,30 @@ I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.3 + +1) Support for OpenWRT versions BB and later has been added. Included + in this support are: + + - The log display commands (show log, logwatch, etc.) no longer + depend on the 'tac' utility (although it will be used if it is + installed). + + - Shorewall-core's 'configure' script detects OpenWRT and accepts + HOST=openwrt as an argument. + + - Shorewall-core, Shorewall-lite and Shoreawll6-lite installers + support openwrt. Additionally, those installers no longer depend + on the 'install' utility. + + - Shorewall[6]-lite will use OpenWRT's 'lock' utility to create the + LOCKFILE. + + A special thanks to Matt Darfeuille for his help in making this + support possible. + +4.6.13 + 1) 'update -t' now converts both the tcrules and tos files. 2) 'second' and 'minute' are now allowed in the LOGLIMIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/shorewall.spec new/shorewall-4.6.13.4/shorewall.spec --- old/shorewall-4.6.13/shorewall.spec 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/shorewall.spec 2016-01-02 23:39:53.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall %define version 4.6.13 -%define release 0base +%define release 4 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -132,6 +132,14 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Sat Jan 02 2016 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-4 +* Tue Dec 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-3 +* Fri Sep 18 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-2 +* Tue Sep 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-1 * Mon Sep 07 2015 Tom Eastep tom@shorewall.net - Updated to 4.6.13-0base * Sun Aug 30 2015 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/shorewallrc.openwrt new/shorewall-4.6.13.4/shorewallrc.openwrt --- old/shorewall-4.6.13/shorewallrc.openwrt 1970-01-01 01:00:00.000000000 +0100 +++ new/shorewall-4.6.13.4/shorewallrc.openwrt 2016-01-02 23:39:53.000000000 +0100 @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 5.0.2-RC1 configure - Fri, Nov 06, 2015 10:02:03 AM +# +# Input: host=openwrt +# +HOST=openwrt +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/shorewall-4.6.13/uninstall.sh new/shorewall-4.6.13.4/uninstall.sh --- old/shorewall-4.6.13/uninstall.sh 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-4.6.13.4/uninstall.sh 2016-01-02 23:39:53.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.13 +VERSION=4.6.13.4 PRODUCT=shorewall usage() # $1 = exit status @@ -168,8 +168,8 @@ rm -f ${SBINDIR}/shorewall -if [ -L ${SHAREDIR}/shorewall6/init ]; then - FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall6/init) +if [ -L ${SHAREDIR}/shorewall/init ]; then + FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall/init) elif [ -n "$INITFILE" ]; then FIREWALL=${INITDIR}/${INITFILE} fi @@ -188,17 +188,19 @@ remove_file $FIREWALL fi -if [ -n "$SYSTEMD" ]; then +if [ -z "${SERVICEDIR}" ]; then + SERVICEDIR="$SYSTEMD" +fi +if [ -n "$SERVICEDIR" ]; then [ $configure -eq 1 ] && systemctl disable ${PRODUCT} - rm -f $SYSTEMD/shorewall.service + rm -f $SERVICEDIR/shorewall.service fi rm -rf ${SHAREDIR}/shorewall/version rm -rf ${CONFDIR}/shorewall if [ -n "$SYSCONFDIR" ]; then - [ -n "$SYSCONFFILE" ] || SYSCONFFILE=${PRODUCT}; - rm -f ${SYSCONFDIR}/${SYSCONFFILE} + [ -n "$SYSCONFFILE" ] && rm -f ${SYSCONFDIR}/${PRODUCT} fi rm -rf ${VARDIR}/shorewall ++++++ shorewall-core-4.6.13.tar.bz2 -> shorewall-core-4.6.13.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/changelog.txt new/shorewall-core-4.6.13.4/changelog.txt --- old/shorewall-core-4.6.13/changelog.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/changelog.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,6 +1,50 @@ +Changes in 4.6.13.4 + +1) Update release documents. + +2) More install/uninstall/configure fixes from Matt Darfeuille. + +3) Support the DROP command in the mangle file. + +Changes in 4.6.13.3 + +1) Update release documents. + +2) Correct handling of MAC addresses in Shorewall6. + +3) Install/uninstall/configure fixes from Matt Darfeuille. + +4) Enable optional interfaces during 'start' and 'restart'. + +5) Improve check for circular log buffer. + +6) Correct display of log name when circular buffer is used. + +7) Use 'netstat' in dump when 'ss' isn't installed. + +Changes in 4.6.13.2 + +1) Update release documents. + +2) Delete default route in main table if load= or fallback= + +3) Backport Matt Darfeuille's fixes. + +4) Add OpenWRT support. + +Changes in 4.6.13.1 + +1) Update release documents. + +2) Correct 'reset' handling + +3) Add the TCP meta-connection to the Tinc macro and tunnel type. + Changes in 4.6.13 Final -1) Allow non-expoerts access to the user bits in the fw mark. +1) Update release documents. + +2) Allow non-expoerts access to the user bits in the fw mark. Changes in 4.6.13 RC 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/configure new/shorewall-core-4.6.13.4/configure --- old/shorewall-core-4.6.13/configure 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/configure 2016-01-02 23:39:53.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.13 +VERSION=4.6.13.4 case "$BASH_VERSION" in [4-9].*) @@ -91,6 +91,8 @@ fi done +cd $(dirname $0) + vendor=${params[HOST]} if [ -z "$vendor" ]; then @@ -102,7 +104,7 @@ vendor=redhat ;; debian|ubuntu) - ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit + vendor=debian ;; opensuse) vendor=suse @@ -122,7 +124,6 @@ params[HOST]=apple rcfile=shorewallrc.apple ;; - cygwin*|CYGWIN*) params[HOST]=cygwin rcfile=shorewallrc.cygwin @@ -130,7 +131,7 @@ *) if [ -f /etc/debian_version ]; then params[HOST]=debian - rcfile=shorewallrc.debian.sysvinit + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit elif [ -f /etc/redhat-release ]; then params[HOST]=redhat rcfile=shorewallrc.redhat @@ -143,28 +144,41 @@ elif [ -f /etc/arch-release ] ; then params[HOST]=archlinux rcfile=shorewallrc.archlinux + elif [ -f /etc/openwrt_release ]; then + params[HOST]=openwrt + rcfile=shorewallrc.openwrt else params[HOST]=linux rcfile=shorewallrc.default fi ;; esac - vendor=${params[HOST]} -elif [ $vendor = linux ]; then - rcfile=shorewallrc.default; else - rcfile=shorewallrc.$vendor + if [ $vendor = linux ]; then + rcfile=shorewallrc.default; + elif [ $vendor = debian -a -f /etc/debian_version ]; then + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit + else + rcfile=shorewallrc.$vendor + fi + if [ ! -f $rcfile ]; then echo "ERROR: $vendor is not a recognized host type" >&2 exit 1 + elif [ $vendor = default ]; then + params[HOST]=linux + vendor=linux + elif [[ $vendor == debian.* ]]; then + params[HOST]=debian + vendor=debian fi fi if [ $vendor = linux ]; then echo "INFO: Creating a generic Linux installation - " `date`; else - echo "INFO: Creating a ${vendor}-specific installation - " `date`; + echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`; fi echo @@ -177,6 +191,7 @@ echo '#' > shorewallrc echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc +echo "# rc file: $rcfile" >> shorewallrc echo '#' >> shorewallrc if [ $# -gt 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/configure.pl new/shorewall-core-4.6.13.4/configure.pl --- old/shorewall-core-4.6.13/configure.pl 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/configure.pl 2016-01-02 23:39:53.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.13' + VERSION => '4.6.13.4' }; my %params; @@ -52,6 +52,9 @@ $params{$pn} = $pv; } +use File::Basename; +chdir dirname($0); + my $vendor = $params{HOST}; my $rcfile; my $rcfilename; @@ -81,12 +84,39 @@ } if ( defined $vendor ) { - $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; - die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename; + if ( $vendor eq 'debian' && -f '/etc/debian_version' ) { + if ( -l '/sbin/init' ) { + if ( readlink('/sbin/init') =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; + } + + unless ( -f $rcfilename ) { + die qq("ERROR: $vendor" is not a recognized host type); + } elsif ( $vendor eq 'default' ) { + $params{HOST} = $vendor = 'linux'; + } elsif ( $vendor =~ /^debian\./ ) { + $params{HOST} = $vendor = 'debian'; + } } else { if ( -f '/etc/debian_version' ) { $vendor = 'debian'; - $rcfilename = 'shorewallrc.debian.sysvinit'; + if ( -l '/sbin/init' ) { + if ( readlink( '/sbin/init' ) =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } } elsif ( -f '/etc/redhat-release' ){ $vendor = 'redhat'; $rcfilename = 'shorewallrc.redhat'; @@ -143,7 +173,8 @@ open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!"; -printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +print $outfile "# rc file: $rcfilename\n#\n"; print $outfile "# Input: @ARGV\n#\n" if @ARGV; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/install.sh new/shorewall-core-4.6.13.4/install.sh --- old/shorewall-core-4.6.13/install.sh 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/install.sh 2016-01-02 23:39:53.000000000 +0100 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.13 +VERSION=4.6.13.4 usage() # $1 = exit status { @@ -66,15 +66,6 @@ return 2 } -run_install() -{ - if ! install $*; then - echo - echo "ERROR: Failed to install $*" >&2 - exit 1 - fi -} - cant_autostart() { echo @@ -88,7 +79,20 @@ install_file() # $1 = source $2 = target $3 = mode { - run_install $T $OWNERSHIP -m $3 $1 ${2} + if cp -f $1 $2; then + if chmod $3 $2; then + if [ -n "$OWNER" ]; then + if chown $OWNER:$GROUP $2; then + return + fi + else + return 0 + fi + fi + fi + + echo "ERROR: Failed to install $2" >&2 + exit 1 } require() @@ -181,10 +185,6 @@ [ "${INITFILE}" != 'none/' ] && require INITSOURCE && require INITDIR -T="-T" - -INSTALLD='-D' - if [ -z "$BUILD" ]; then case $(uname) in cygwin*|CYGWIN*) @@ -226,6 +226,8 @@ BUILD=suse elif [ -f /etc/arch-release ] ; then BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ] ; then + BUILD=openwrt else BUILD=linux fi @@ -252,17 +254,15 @@ [ -z "$OWNER" ] && OWNER=root [ -z "$GROUP" ] && GROUP=wheel - INSTALLD= - T= ;; *) - [ -z "$OWNER" ] && OWNER=root - [ -z "$GROUP" ] && GROUP=root + if [ $(id -u) -eq 0 ]; then + [ -z "$OWNER" ] && OWNER=root + [ -z "$GROUP" ] && GROUP=root + fi ;; esac -OWNERSHIP="-o $OWNER -g $GROUP" - # # Determine where to install the firewall script # @@ -276,7 +276,7 @@ apple) echo "Installing Mac-specific configuration..."; ;; - debian|gentoo|redhat|slackware|archlinux|linux|suse) + debian|gentoo|redhat|slackware|archlinux|linux|suse|openwrt) ;; *) echo "ERROR: Unknown HOST \"$HOST\"" >&2 @@ -305,7 +305,6 @@ if [ $BUILD != cygwin ]; then if [ `id -u` != 0 ] ; then echo "Not setting file owner/group permissions, not running as root." - OWNERSHIP="" fi fi fi @@ -407,9 +406,9 @@ if [ ${SHAREDIR} != /usr/share ]; then for f in lib.*; do if [ $BUILD != apple ]; then - eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f + eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f else - eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/shorewall/$f + eval sed -i \'\' -e \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/shorewall/$f fi done fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/known_problems.txt new/shorewall-core-4.6.13.4/known_problems.txt --- old/shorewall-core-4.6.13/known_problems.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/known_problems.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,2 +1,25 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. + +2) When one or more chain names are given in a 'reset' command, the + command fails. + + Corrected in Shorewall 4.6.13.1 + +3) The Tinc macro and tinc entries in the tunnels file only enable the + UDP data connection; they do not enable the TCP meta-connection. + + Corrected in Shorewall 4.6.13.1 + +4) If statistical load balancing is used in the providers file, the + default route in the main table is not deleted during firewall + firewall start/restart. This prevents providers whose default + routes were not in the main table from being able to recover from + the disabled state. + + Corrected in Shorewall 4.6.13.2 + +5) The compiler flags DROP as an error in the mangle file. + + Corrected in Shorewall 4.6.13.4. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/lib.cli new/shorewall-core-4.6.13.4/lib.cli --- old/shorewall-core-4.6.13/lib.cli 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-core-4.6.13.4/lib.cli 2016-01-02 22:14:52.000000000 +0100 @@ -143,29 +143,63 @@ } # -# Determine if 'syslog -C' is running +# Determine if 'syslogd -C' or logd -S is running # syslog_circular_buffer() { local pid local tty local flags - local cputime + local time local path local args local arg - ps ax 2> /dev/null | while read pid tty flags cputime path args; do - case $path in - syslogd|*/syslogd) - for arg in $args; do - if [ x$arg = x-C ]; then - echo Yes - return - fi - done - ;; - esac - done + ps w 2> /dev/null | ( + while read pid tty stat time path args; do + case $path in + syslogd|*/syslogd) + for arg in $args; do + case $arg in + -C*) + return 0 + ;; + esac + done + ;; + logd|*/logd) + for arg in $args; do + case $arg in + -S*) + return 0 + ;; + esac + done + ;; + esac + done + + return 1 ) +} + +setup_logread() { + [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages + + if syslog_circular_buffer; then + LOGFILE=logread + if qt mywhich tac; then + g_logread="logread | tac" + else + g_logread="logread" + fi + elif [ -r $LOGFILE ]; then + if qt mywhich tac; then + g_logread="tac $LOGFILE" + else + g_logread="cat $LOGFILE" + fi + else + fatal_error "LOGFILE ($LOGFILE) does not exist or is not readable!" + fi } # @@ -173,31 +207,59 @@ # packet_log() # $1 = number of messages { - if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then - if [ $g_family -eq 4 ]; then - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + if qt mywhich tac; then + if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then + if [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi + elif [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ else - $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ fi - elif [ $g_family -eq 4 ]; then - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | head -n$1 | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ else - $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | head -n$1 | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ - fi + if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then + if [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi + elif [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | tail -n$1 | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*:.*DST=' | tail -n$1 | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi + fi } search_log() # $1 = IP address to search for { - if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then - if [ $g_family -eq 4 ]; then - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + if qt mywhich tac; then + if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then + if [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi + elif [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ else - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ fi - elif [ $g_family -eq 4 ]; then - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ else - $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then + if [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi + elif [ $g_family -eq 4 ]; then + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/ + else + $g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | sed -r 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] //; s/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | sed s/" $host $LOGFORMAT"/" "/ + fi fi } @@ -280,17 +342,7 @@ logwatch() # $1 = timeout -- if negative, prompt each time that # an 'interesting' packet count changes { - if [ -z "$LOGFILE" ]; then - LOGFILE=/var/log/messages - - if [ -n "$(syslog_circular_buffer)" ]; then - g_logread="logread | tac" - elif [ -r $LOGFILE ]; then - g_logread="tac $LOGFILE" - else - fatal_error "LOGFILE ($LOGFILE) does not exist!" - fi - fi + setup_logread host=$(echo $g_hostname | sed 's/\..*$//') oldrejects=$($g_tool -L -v -n | grep 'LOG') @@ -1081,17 +1133,7 @@ log) [ $# -gt 2 ] && usage 1 - if [ -z "$LOGFILE" ]; then - LOGFILE=/var/log/messages - - if [ -n "$(syslog_circular_buffer)" ]; then - g_logread="logread | tac" - elif [ -r $LOGFILE ]; then - g_logread="tac $LOGFILE" - else - fatal_error "LOGFILE ($LOGFILE) does not exist!" - fi - fi + setup_logread echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)" echo @@ -1470,17 +1512,7 @@ esac done - if [ -z "$LOGFILE" ]; then - LOGFILE=/var/log/messages - - if [ -n "$(syslog_circular_buffer)" ]; then - g_logread="logread | tac" - elif [ -r $LOGFILE ]; then - g_logread="tac $LOGFILE" - else - fatal_error "LOGFILE ($LOGFILE) does not exist! - See http://www.shorewall.net/shorewall_logging.html" - fi - fi + setup_logread g_ipt_options="$g_ipt_options $g_ipt_options1" @@ -1635,7 +1667,7 @@ echo - ss -${g_family}tunap + qt mywhich ss && ss -${g_family}tunap || { qt mywhich netstat && netatat -tunap; } if [ -n "$TC_ENABLED" ]; then heading "Traffic Control" @@ -3563,15 +3595,7 @@ [ -n "$PATH" ] || PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin - [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages - - if ( ps ax 2> /dev/null | grep -v grep | qt grep 'syslogd.*-C' ) ; then - g_logread="logread | tac" - elif [ -r $LOGFILE ]; then - g_logread="tac $LOGFILE" - else - fatal_error "LOGFILE ($LOGFILE) does not exist!" - fi + setup_logread # # See if we have a real version of "tail" -- use separate redirection so # that ash (aka /bin/sh on LRP) doesn't crap @@ -3633,7 +3657,13 @@ VERBOSITY=2 fi - g_hostname=$(hostname 2> /dev/null) + if qt mywhich hostname; then + g_hostname=$(hostname 2> /dev/null) + elif qt mywhich uname; then + g_hostname=$(uname -n 2> /dev/null) + else + g_hostname=localhost + fi if [ -n "$IPSET" ]; then case "$IPSET" in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/lib.common new/shorewall-core-4.6.13.4/lib.common --- old/shorewall-core-4.6.13/lib.common 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-core-4.6.13.4/lib.common 2016-01-02 22:14:52.000000000 +0100 @@ -33,7 +33,7 @@ echo " ERROR: $@: Firewall state not changed" >&2 if [ $LOG_VERBOSITY -ge 0 ]; then - timestamp="$(date +'%_b %d %T') " + timestamp="$(date +'%b %d %T') " echo "${timestamp} ERROR: $@" >> $STARTUP_LOG fi @@ -50,7 +50,7 @@ esac if [ $LOG_VERBOSITY -ge 0 ]; then - timestamp="$(date +'%_b %d %T') " + timestamp="$(date +'%b %d %T') " case $COMMAND in start) @@ -572,9 +572,9 @@ # # Query NetFilter about the existence of a filter chain # -chain_exists() # $1 = chain name +chain_exists() # $1 = chain name, $2 = table name (optional) { - qt1 $g_tool -L $1 -n + qt1 $g_tool -t ${2:-filter} -L $1 -n } # @@ -782,12 +782,15 @@ local lockf lockf=${LOCKFILE:=${VARDIR}/lock} local lockpid + local lockd MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60} if [ $MUTEX_TIMEOUT -gt 0 ]; then - [ -d ${VARDIR} ] || mkdir -p ${VARDIR} + lockd=$(dirname $LOCKFILE) + + [ -d "$lockd" ] || mkdir -p "$lockd" if [ -f $lockf ]; then lockpid=`cat ${lockf} 2> /dev/null` @@ -807,6 +810,11 @@ chmod u+w ${lockf} echo $$ > ${lockf} chmod u-w ${lockf} + elif qt mywhich lock; then + lock -${MUTEX_TIMEOUT} -r1 ${lockf} + chmod u+w ${lockf} + echo $$ > ${lockf} + chmod u-w ${lockf} else while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do sleep 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/releasenotes.txt new/shorewall-core-4.6.13.4/releasenotes.txt --- old/shorewall-core-4.6.13/releasenotes.txt 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/releasenotes.txt 2016-01-02 23:39:53.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 1 3 + S H O R E W A L L 4 . 6 . 1 3 . 4 ------------------------------ - S e p t e m b e r 0 9 , 2 0 1 5 + J a n u a r y 0 2 , 2 0 1 6 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -22,6 +22,57 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.4 + +1) This release includes a couple of additional configure/install + fixes from Matt Darfeuille. + +2) The DROP command was previously rejected in the mangle file. That + has been corrected. + +4.6.13.3 + +1) Previously, Shorewall6 rejected rules in which the SOURCE contained + both an interface name and a MAC address (in Shorewall + format). That defect has been corrected so that such rules are now + accepted. + +2) A number of corrections have been made to the install, uninstall + and configure scripts (Matt Darfeuille). + +3) Previously, optional interfaces were not enabled during 'start' and + 'restart' unless there was at least one entry in the 'providers' + file. This resulted in these interfaces not appearing in the + output of 'shorewall[6] status -i'. + +4) The check for use of a circular kernel log buffer (as opposed to a + log file) has been improved. + +5) Previously, if a circular log buffer was being used, the output of + various commands still displayed '/var/log/messages' as the log + file. Now, it is displayed as 'logread'. + +6) When processing the 'dump' command, the CLI now uses 'netstat' to + print socket information when the 'ss' utility is not installed. + +4.6.13.2 + +1) Previously, if statistical load balancing was used in the providers + file, the default route in the main table was not deleted during + firewall start/restart. That route is now correctly deleted. + +4.6.13.1 + +1) Previously, the 'reset' command would fail if chain names were + included. Now, the command succeeds, provided that all of the + specified chains exist in the filter table. + +2) The TCP meta-connection is now supported by the Tinc macro and + tunnel type. Previously, only the UDP data connection was + supported. + +4.6.13 Final + 1) The 'rules' file manpages have been corrected regarding the packets that are processed by rules in the NEW section. @@ -67,6 +118,30 @@ I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.3 + +1) Support for OpenWRT versions BB and later has been added. Included + in this support are: + + - The log display commands (show log, logwatch, etc.) no longer + depend on the 'tac' utility (although it will be used if it is + installed). + + - Shorewall-core's 'configure' script detects OpenWRT and accepts + HOST=openwrt as an argument. + + - Shorewall-core, Shorewall-lite and Shoreawll6-lite installers + support openwrt. Additionally, those installers no longer depend + on the 'install' utility. + + - Shorewall[6]-lite will use OpenWRT's 'lock' utility to create the + LOCKFILE. + + A special thanks to Matt Darfeuille for his help in making this + support possible. + +4.6.13 + 1) 'update -t' now converts both the tcrules and tos files. 2) 'second' and 'minute' are now allowed in the LOGLIMIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/shorewall-core.spec new/shorewall-core-4.6.13.4/shorewall-core.spec --- old/shorewall-core-4.6.13/shorewall-core.spec 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/shorewall-core.spec 2016-01-02 23:39:53.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-core %define version 4.6.13 -%define release 0base +%define release 4 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -63,6 +63,14 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt %changelog +* Sat Jan 02 2016 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-4 +* Tue Dec 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-3 +* Fri Sep 18 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-2 +* Tue Sep 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-1 * Mon Sep 07 2015 Tom Eastep tom@shorewall.net - Updated to 4.6.13-0base * Sun Aug 30 2015 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/shorewallrc.openwrt new/shorewall-core-4.6.13.4/shorewallrc.openwrt --- old/shorewall-core-4.6.13/shorewallrc.openwrt 1970-01-01 01:00:00.000000000 +0100 +++ new/shorewall-core-4.6.13.4/shorewallrc.openwrt 2016-01-02 22:14:52.000000000 +0100 @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 5.0.2-RC1 configure - Fri, Nov 06, 2015 10:02:03 AM +# +# Input: host=openwrt +# +HOST=openwrt +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.13/uninstall.sh new/shorewall-core-4.6.13.4/uninstall.sh --- old/shorewall-core-4.6.13/uninstall.sh 2015-09-08 20:10:31.000000000 +0200 +++ new/shorewall-core-4.6.13.4/uninstall.sh 2016-01-02 23:39:53.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.13 +VERSION=4.6.13.4 usage() # $1 = exit status { ++++++ shorewall-docs-html-4.6.13.tar.bz2 -> shorewall-docs-html-4.6.13.4.tar.bz2 ++++++ ++++ 6698 lines of diff (skipped) ++++++ shorewall-init-4.6.13.tar.bz2 -> shorewall-init-4.6.13.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/changelog.txt new/shorewall-init-4.6.13.4/changelog.txt --- old/shorewall-init-4.6.13/changelog.txt 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/changelog.txt 2016-01-02 23:39:54.000000000 +0100 @@ -1,6 +1,50 @@ +Changes in 4.6.13.4 + +1) Update release documents. + +2) More install/uninstall/configure fixes from Matt Darfeuille. + +3) Support the DROP command in the mangle file. + +Changes in 4.6.13.3 + +1) Update release documents. + +2) Correct handling of MAC addresses in Shorewall6. + +3) Install/uninstall/configure fixes from Matt Darfeuille. + +4) Enable optional interfaces during 'start' and 'restart'. + +5) Improve check for circular log buffer. + +6) Correct display of log name when circular buffer is used. + +7) Use 'netstat' in dump when 'ss' isn't installed. + +Changes in 4.6.13.2 + +1) Update release documents. + +2) Delete default route in main table if load= or fallback= + +3) Backport Matt Darfeuille's fixes. + +4) Add OpenWRT support. + +Changes in 4.6.13.1 + +1) Update release documents. + +2) Correct 'reset' handling + +3) Add the TCP meta-connection to the Tinc macro and tunnel type. + Changes in 4.6.13 Final -1) Allow non-expoerts access to the user bits in the fw mark. +1) Update release documents. + +2) Allow non-expoerts access to the user bits in the fw mark. Changes in 4.6.13 RC 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/configure new/shorewall-init-4.6.13.4/configure --- old/shorewall-init-4.6.13/configure 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/configure 2016-01-02 23:39:54.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.13 +VERSION=4.6.13.4 case "$BASH_VERSION" in [4-9].*) @@ -91,6 +91,8 @@ fi done +cd $(dirname $0) + vendor=${params[HOST]} if [ -z "$vendor" ]; then @@ -102,7 +104,7 @@ vendor=redhat ;; debian|ubuntu) - ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit + vendor=debian ;; opensuse) vendor=suse @@ -122,7 +124,6 @@ params[HOST]=apple rcfile=shorewallrc.apple ;; - cygwin*|CYGWIN*) params[HOST]=cygwin rcfile=shorewallrc.cygwin @@ -130,7 +131,7 @@ *) if [ -f /etc/debian_version ]; then params[HOST]=debian - rcfile=shorewallrc.debian.sysvinit + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit elif [ -f /etc/redhat-release ]; then params[HOST]=redhat rcfile=shorewallrc.redhat @@ -143,28 +144,41 @@ elif [ -f /etc/arch-release ] ; then params[HOST]=archlinux rcfile=shorewallrc.archlinux + elif [ -f /etc/openwrt_release ]; then + params[HOST]=openwrt + rcfile=shorewallrc.openwrt else params[HOST]=linux rcfile=shorewallrc.default fi ;; esac - vendor=${params[HOST]} -elif [ $vendor = linux ]; then - rcfile=shorewallrc.default; else - rcfile=shorewallrc.$vendor + if [ $vendor = linux ]; then + rcfile=shorewallrc.default; + elif [ $vendor = debian -a -f /etc/debian_version ]; then + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit + else + rcfile=shorewallrc.$vendor + fi + if [ ! -f $rcfile ]; then echo "ERROR: $vendor is not a recognized host type" >&2 exit 1 + elif [ $vendor = default ]; then + params[HOST]=linux + vendor=linux + elif [[ $vendor == debian.* ]]; then + params[HOST]=debian + vendor=debian fi fi if [ $vendor = linux ]; then echo "INFO: Creating a generic Linux installation - " `date`; else - echo "INFO: Creating a ${vendor}-specific installation - " `date`; + echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`; fi echo @@ -177,6 +191,7 @@ echo '#' > shorewallrc echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc +echo "# rc file: $rcfile" >> shorewallrc echo '#' >> shorewallrc if [ $# -gt 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/configure.pl new/shorewall-init-4.6.13.4/configure.pl --- old/shorewall-init-4.6.13/configure.pl 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/configure.pl 2016-01-02 23:39:54.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.13' + VERSION => '4.6.13.4' }; my %params; @@ -52,6 +52,9 @@ $params{$pn} = $pv; } +use File::Basename; +chdir dirname($0); + my $vendor = $params{HOST}; my $rcfile; my $rcfilename; @@ -81,12 +84,39 @@ } if ( defined $vendor ) { - $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; - die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename; + if ( $vendor eq 'debian' && -f '/etc/debian_version' ) { + if ( -l '/sbin/init' ) { + if ( readlink('/sbin/init') =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; + } + + unless ( -f $rcfilename ) { + die qq("ERROR: $vendor" is not a recognized host type); + } elsif ( $vendor eq 'default' ) { + $params{HOST} = $vendor = 'linux'; + } elsif ( $vendor =~ /^debian\./ ) { + $params{HOST} = $vendor = 'debian'; + } } else { if ( -f '/etc/debian_version' ) { $vendor = 'debian'; - $rcfilename = 'shorewallrc.debian.sysvinit'; + if ( -l '/sbin/init' ) { + if ( readlink( '/sbin/init' ) =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } } elsif ( -f '/etc/redhat-release' ){ $vendor = 'redhat'; $rcfilename = 'shorewallrc.redhat'; @@ -143,7 +173,8 @@ open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!"; -printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +print $outfile "# rc file: $rcfilename\n#\n"; print $outfile "# Input: @ARGV\n#\n" if @ARGV; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/install.sh new/shorewall-init-4.6.13.4/install.sh --- old/shorewall-init-4.6.13/install.sh 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/install.sh 2016-01-02 23:39:54.000000000 +0100 @@ -27,7 +27,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.6.13 +VERSION=4.6.13.4 usage() # $1 = exit status { @@ -397,6 +397,7 @@ [ $configure -eq 1 ] || mkdir -p ${DESTDIR}${CONFDIR}/default install_file sysconfig ${DESTDIR}${ETC}/default/shorewall-init 0644 + echo "sysconfig file installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" fi IFUPDOWN=ifupdown.debian.sh @@ -490,7 +491,11 @@ if [ -z "$DESTDIR" ]; then if [ $configure -eq 1 -a -n "$first_install" ]; then if [ $HOST = debian ]; then - if mywhich insserv; then + if [ -n "$SERVICEDIR" ]; then + if systemctl enable ${PRODUCT}.service; then + echo "Shorewall Init will start automatically at boot" + fi + elif mywhich insserv; then if insserv ${INITDIR}/shorewall-init; then echo "Shorewall Init will start automatically at boot" else @@ -554,7 +559,7 @@ [ -z "${DESTDIR}" ] && [ ! -f ~/.shorewallrc ] && cp ${SHAREDIR}/shorewall/shorewallrc . -if [ -f ${DESTDIR}/etc/ppp ]; then +if [ -d ${DESTDIR}/etc/ppp ]; then case $HOST in debian|suse) for directory in ip-up.d ip-down.d ipv6-up.d ipv6-down.d; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/releasenotes.txt new/shorewall-init-4.6.13.4/releasenotes.txt --- old/shorewall-init-4.6.13/releasenotes.txt 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/releasenotes.txt 2016-01-02 23:39:54.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 1 3 + S H O R E W A L L 4 . 6 . 1 3 . 4 ------------------------------ - S e p t e m b e r 0 9 , 2 0 1 5 + J a n u a r y 0 2 , 2 0 1 6 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -22,6 +22,57 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.4 + +1) This release includes a couple of additional configure/install + fixes from Matt Darfeuille. + +2) The DROP command was previously rejected in the mangle file. That + has been corrected. + +4.6.13.3 + +1) Previously, Shorewall6 rejected rules in which the SOURCE contained + both an interface name and a MAC address (in Shorewall + format). That defect has been corrected so that such rules are now + accepted. + +2) A number of corrections have been made to the install, uninstall + and configure scripts (Matt Darfeuille). + +3) Previously, optional interfaces were not enabled during 'start' and + 'restart' unless there was at least one entry in the 'providers' + file. This resulted in these interfaces not appearing in the + output of 'shorewall[6] status -i'. + +4) The check for use of a circular kernel log buffer (as opposed to a + log file) has been improved. + +5) Previously, if a circular log buffer was being used, the output of + various commands still displayed '/var/log/messages' as the log + file. Now, it is displayed as 'logread'. + +6) When processing the 'dump' command, the CLI now uses 'netstat' to + print socket information when the 'ss' utility is not installed. + +4.6.13.2 + +1) Previously, if statistical load balancing was used in the providers + file, the default route in the main table was not deleted during + firewall start/restart. That route is now correctly deleted. + +4.6.13.1 + +1) Previously, the 'reset' command would fail if chain names were + included. Now, the command succeeds, provided that all of the + specified chains exist in the filter table. + +2) The TCP meta-connection is now supported by the Tinc macro and + tunnel type. Previously, only the UDP data connection was + supported. + +4.6.13 Final + 1) The 'rules' file manpages have been corrected regarding the packets that are processed by rules in the NEW section. @@ -67,6 +118,30 @@ I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.3 + +1) Support for OpenWRT versions BB and later has been added. Included + in this support are: + + - The log display commands (show log, logwatch, etc.) no longer + depend on the 'tac' utility (although it will be used if it is + installed). + + - Shorewall-core's 'configure' script detects OpenWRT and accepts + HOST=openwrt as an argument. + + - Shorewall-core, Shorewall-lite and Shoreawll6-lite installers + support openwrt. Additionally, those installers no longer depend + on the 'install' utility. + + - Shorewall[6]-lite will use OpenWRT's 'lock' utility to create the + LOCKFILE. + + A special thanks to Matt Darfeuille for his help in making this + support possible. + +4.6.13 + 1) 'update -t' now converts both the tcrules and tos files. 2) 'second' and 'minute' are now allowed in the LOGLIMIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/shorewall-init.service.debian new/shorewall-init-4.6.13.4/shorewall-init.service.debian --- old/shorewall-init-4.6.13/shorewall-init.service.debian 2015-09-07 20:35:47.000000000 +0200 +++ new/shorewall-init-4.6.13.4/shorewall-init.service.debian 2016-01-02 22:14:52.000000000 +0100 @@ -6,7 +6,6 @@ # [Unit] Description=Shorewall firewall (bootup security) -Wants=network.target Before=network.target [Service] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/shorewall-init.spec new/shorewall-init-4.6.13.4/shorewall-init.spec --- old/shorewall-init-4.6.13/shorewall-init.spec 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/shorewall-init.spec 2016-01-02 23:39:54.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.6.13 -%define release 0base +%define release 4 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -126,6 +126,14 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Jan 02 2016 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-4 +* Tue Dec 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-3 +* Fri Sep 18 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-2 +* Tue Sep 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-1 * Mon Sep 07 2015 Tom Eastep tom@shorewall.net - Updated to 4.6.13-0base * Sun Aug 30 2015 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/shorewallrc.openwrt new/shorewall-init-4.6.13.4/shorewallrc.openwrt --- old/shorewall-init-4.6.13/shorewallrc.openwrt 1970-01-01 01:00:00.000000000 +0100 +++ new/shorewall-init-4.6.13.4/shorewallrc.openwrt 2016-01-02 23:39:54.000000000 +0100 @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 5.0.2-RC1 configure - Fri, Nov 06, 2015 10:02:03 AM +# +# Input: host=openwrt +# +HOST=openwrt +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.13/uninstall.sh new/shorewall-init-4.6.13.4/uninstall.sh --- old/shorewall-init-4.6.13/uninstall.sh 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-init-4.6.13.4/uninstall.sh 2016-01-02 23:39:54.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.13 +VERSION=4.6.13.4 usage() # $1 = exit status { @@ -174,9 +174,13 @@ remove_file $INITSCRIPT fi -if [ -n "$SYSTEMD" ]; then +if [ -z "${SERVICEDIR}" ]; then + SERVICEDIR="$SYSTEMD" +fi + +if [ -n "$SERVICEDIR" ]; then [ $configure -eq 1 ] && systemctl disable shorewall-init.service - rm -f $SYSTEMD/shorewall-init.service + rm -f $SERVICEDIR/shorewall-init.service fi [ "$(readlink -m -q ${SBINDIR}/ifup-local)" = ${SHAREDIR}/shorewall-init ] && remove_file ${SBINDIR}/ifup-local @@ -202,8 +206,10 @@ done for file in if-up.local if-down.local; do - if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then - remove_file ${CONFDIR}/ppp/$FILE + if [ -f ${CONFDIR}/ppp/$file ]; then + if grep -qF Shorewall-based ${CONFDIR}/ppp/$FILE; then + remove_file ${CONFDIR}/ppp/$FILE + fi fi done fi ++++++ shorewall-lite-4.6.13.tar.bz2 -> shorewall-lite-4.6.13.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/changelog.txt new/shorewall-lite-4.6.13.4/changelog.txt --- old/shorewall-lite-4.6.13/changelog.txt 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/changelog.txt 2016-01-02 23:39:54.000000000 +0100 @@ -1,6 +1,50 @@ +Changes in 4.6.13.4 + +1) Update release documents. + +2) More install/uninstall/configure fixes from Matt Darfeuille. + +3) Support the DROP command in the mangle file. + +Changes in 4.6.13.3 + +1) Update release documents. + +2) Correct handling of MAC addresses in Shorewall6. + +3) Install/uninstall/configure fixes from Matt Darfeuille. + +4) Enable optional interfaces during 'start' and 'restart'. + +5) Improve check for circular log buffer. + +6) Correct display of log name when circular buffer is used. + +7) Use 'netstat' in dump when 'ss' isn't installed. + +Changes in 4.6.13.2 + +1) Update release documents. + +2) Delete default route in main table if load= or fallback= + +3) Backport Matt Darfeuille's fixes. + +4) Add OpenWRT support. + +Changes in 4.6.13.1 + +1) Update release documents. + +2) Correct 'reset' handling + +3) Add the TCP meta-connection to the Tinc macro and tunnel type. + Changes in 4.6.13 Final -1) Allow non-expoerts access to the user bits in the fw mark. +1) Update release documents. + +2) Allow non-expoerts access to the user bits in the fw mark. Changes in 4.6.13 RC 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/configure new/shorewall-lite-4.6.13.4/configure --- old/shorewall-lite-4.6.13/configure 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/configure 2016-01-02 23:39:54.000000000 +0100 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.13 +VERSION=4.6.13.4 case "$BASH_VERSION" in [4-9].*) @@ -91,6 +91,8 @@ fi done +cd $(dirname $0) + vendor=${params[HOST]} if [ -z "$vendor" ]; then @@ -102,7 +104,7 @@ vendor=redhat ;; debian|ubuntu) - ls -l /sbin/init |fgrep -q systemd | vendor=debian.systemd | vendor=debian.sysvinit + vendor=debian ;; opensuse) vendor=suse @@ -122,7 +124,6 @@ params[HOST]=apple rcfile=shorewallrc.apple ;; - cygwin*|CYGWIN*) params[HOST]=cygwin rcfile=shorewallrc.cygwin @@ -130,7 +131,7 @@ *) if [ -f /etc/debian_version ]; then params[HOST]=debian - rcfile=shorewallrc.debian.sysvinit + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit elif [ -f /etc/redhat-release ]; then params[HOST]=redhat rcfile=shorewallrc.redhat @@ -143,28 +144,41 @@ elif [ -f /etc/arch-release ] ; then params[HOST]=archlinux rcfile=shorewallrc.archlinux + elif [ -f /etc/openwrt_release ]; then + params[HOST]=openwrt + rcfile=shorewallrc.openwrt else params[HOST]=linux rcfile=shorewallrc.default fi ;; esac - vendor=${params[HOST]} -elif [ $vendor = linux ]; then - rcfile=shorewallrc.default; else - rcfile=shorewallrc.$vendor + if [ $vendor = linux ]; then + rcfile=shorewallrc.default; + elif [ $vendor = debian -a -f /etc/debian_version ]; then + ls -l /sbin/init | fgrep -q systemd && rcfile=shorewallrc.debian.systemd || rcfile=shorewallrc.debian.sysvinit + else + rcfile=shorewallrc.$vendor + fi + if [ ! -f $rcfile ]; then echo "ERROR: $vendor is not a recognized host type" >&2 exit 1 + elif [ $vendor = default ]; then + params[HOST]=linux + vendor=linux + elif [[ $vendor == debian.* ]]; then + params[HOST]=debian + vendor=debian fi fi if [ $vendor = linux ]; then echo "INFO: Creating a generic Linux installation - " `date`; else - echo "INFO: Creating a ${vendor}-specific installation - " `date`; + echo "INFO: Creating a ${params[HOST]}-specific installation - " `date`; fi echo @@ -177,6 +191,7 @@ echo '#' > shorewallrc echo "# Created by Shorewall Core version $VERSION configure - " `date` >> shorewallrc +echo "# rc file: $rcfile" >> shorewallrc echo '#' >> shorewallrc if [ $# -gt 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/configure.pl new/shorewall-lite-4.6.13.4/configure.pl --- old/shorewall-lite-4.6.13/configure.pl 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/configure.pl 2016-01-02 23:39:54.000000000 +0100 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.13' + VERSION => '4.6.13.4' }; my %params; @@ -52,6 +52,9 @@ $params{$pn} = $pv; } +use File::Basename; +chdir dirname($0); + my $vendor = $params{HOST}; my $rcfile; my $rcfilename; @@ -81,12 +84,39 @@ } if ( defined $vendor ) { - $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; - die qq("ERROR: $vendor" is not a recognized host type) unless -f $rcfilename; + if ( $vendor eq 'debian' && -f '/etc/debian_version' ) { + if ( -l '/sbin/init' ) { + if ( readlink('/sbin/init') =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = $vendor eq 'linux' ? 'shorewallrc.default' : 'shorewallrc.' . $vendor; + } + + unless ( -f $rcfilename ) { + die qq("ERROR: $vendor" is not a recognized host type); + } elsif ( $vendor eq 'default' ) { + $params{HOST} = $vendor = 'linux'; + } elsif ( $vendor =~ /^debian\./ ) { + $params{HOST} = $vendor = 'debian'; + } } else { if ( -f '/etc/debian_version' ) { $vendor = 'debian'; - $rcfilename = 'shorewallrc.debian.sysvinit'; + if ( -l '/sbin/init' ) { + if ( readlink( '/sbin/init' ) =~ /systemd/ ) { + $rcfilename = 'shorewallrc.debian.systemd'; + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } + } else { + $rcfilename = 'shorewallrc.debian.sysvinit'; + } } elsif ( -f '/etc/redhat-release' ){ $vendor = 'redhat'; $rcfilename = 'shorewallrc.redhat'; @@ -143,7 +173,8 @@ open $outfile, '>', 'shorewallrc' or die "Can't open 'shorewallrc' for output: $!"; -printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n#\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +printf $outfile "#\n# Created by Shorewall Core version %s configure.pl - %s %2d %04d %02d:%02d:%02d\n", VERSION, $abbr[$localtime[4]], $localtime[3], 1900 + $localtime[5] , @localtime[2,1,0]; +print $outfile "# rc file: $rcfilename\n#\n"; print $outfile "# Input: @ARGV\n#\n" if @ARGV; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/install.sh new/shorewall-lite-4.6.13.4/install.sh --- old/shorewall-lite-4.6.13/install.sh 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/install.sh 2016-01-02 23:39:54.000000000 +0100 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.13 +VERSION=4.6.13.4 usage() # $1 = exit status { @@ -67,15 +67,6 @@ return 2 } -run_install() -{ - if ! install $*; then - echo - echo "ERROR: Failed to install $*" >&2 - exit 1 - fi -} - cant_autostart() { echo @@ -89,7 +80,28 @@ install_file() # $1 = source $2 = target $3 = mode { - run_install $T $OWNERSHIP -m $3 $1 ${2} + if cp -f $1 $2; then + if chmod $3 $2; then + if [ -n "$OWNER" ]; then + if chown $OWNER:$GROUP $2; then + return + fi + else + return 0 + fi + fi + fi + + echo "ERROR: Failed to install $2" >&2 + exit 1 +} + +make_directory() # $1 = directory , $2 = mode +{ + mkdir -p $1 + chmod 755 $1 + [ -n "$OWNERSHIP" ] && chown $OWNERSHIP $1 + } require() @@ -187,7 +199,7 @@ VARDIR=${VARLIB}/${PRODUCT} fi -for var in SHAREDIR LIBEXECDIRDIRDIR CONFDIR SBINDIR VARLIB VARDIR; do +for var in SHAREDIR LIBEXECDIR CONFDIR SBINDIR VARLIB VARDIR; do require $var done @@ -201,8 +213,6 @@ # Determine where to install the firewall script # cygwin= -INSTALLD='-D' -T='-T' if [ -z "$BUILD" ]; then case $(uname) in @@ -245,6 +255,8 @@ BUILD=slackware elif [ -f ${CONFDIR}/arch-release ] ; then BUILD=archlinux + elif [ -f ${CONFDIR}/openwrt_release ]; then + BUILD=openwrt else BUILD=linux fi @@ -260,16 +272,16 @@ apple) [ -z "$OWNER" ] && OWNER=root [ -z "$GROUP" ] && GROUP=wheel - INSTALLD= - T= ;; *) - [ -z "$OWNER" ] && OWNER=root - [ -z "$GROUP" ] && GROUP=root + if [ $(id -u) -eq 0 ]; then + [ -z "$OWNER" ] && OWNER=root + [ -z "$GROUP" ] && GROUP=root + fi ;; esac -OWNERSHIP="-o $OWNER -g $GROUP" +[ -n "$OWNER" ] && OWNERSHIP="$OWNER:$GROUP" [ -n "$HOST" ] || HOST=$BUILD @@ -300,6 +312,9 @@ suse) echo "Installing Suse-specific configuration..." ;; + openwrt) + echo "Installing OpenWRT-specific configuration..." + ;; linux) ;; *) @@ -316,8 +331,9 @@ OWNERSHIP="" fi - install -d $OWNERSHIP -m 755 ${DESTDIR}/${SBINDIR} - install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} + make_directory ${DESTDIR}${SBINDIR} 755 + make_directory ${DESTDIR}${INITDIR} 755 + else if [ ! -f ${SHAREDIR}/shorewall/coreversion ]; then echo "$PRODUCT $VERSION requires Shorewall Core which does not appear to be installed" >&2 @@ -357,7 +373,7 @@ delete_file ${DESTDIR}/usr/share/$PRODUCT/xmodules install_file $PRODUCT ${DESTDIR}${SBINDIR}/$PRODUCT 0544 -[ -n "${INITFILE}" ] && install -d $OWNERSHIP -m 755 ${DESTDIR}${INITDIR} +[ -n "${INITFILE}" ] && make_directory ${DESTDIR}${INITDIR} 755 echo "$Product control program installed in ${DESTDIR}${SBINDIR}/$PRODUCT" @@ -399,7 +415,7 @@ if [ -n "$SERVICEDIR" ]; then mkdir -p ${DESTDIR}${SERVICEDIR} [ -z "$SERVICEFILE" ] && SERVICEFILE=$PRODUCT.service - run_install $OWNERSHIP -m 644 $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service + install_file $SERVICEFILE ${DESTDIR}${SERVICEDIR}/$PRODUCT.service 644 [ ${SBINDIR} != /sbin ] && eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${SERVICEDIR}/$PRODUCT.service echo "Service file $SERVICEFILE installed as ${DESTDIR}${SERVICEDIR}/$PRODUCT.service" fi @@ -421,9 +437,9 @@ # # Install the Makefile # -run_install $OWNERSHIP -m 0600 Makefile ${DESTDIR}${CONFDIR}/$PRODUCT -[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile -[ $SBINDIR = /sbin ] || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}/${CONFDIR}/$PRODUCT/Makefile +install_file Makefile ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile 0600 +[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile +[ $SBINDIR = /sbin ] || eval sed -i \'s\|/sbin/\|${SBINDIR}/\|\' ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile echo "Makefile installed as ${DESTDIR}${CONFDIR}/$PRODUCT/Makefile" # @@ -438,7 +454,7 @@ for f in lib.* ; do if [ -f $f ]; then install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644 - echo "Library ${f#*.} file installed as ${DESTDIR}/${SHAREDIR}/$PRODUCT/$f" + echo "Library ${f#*.} file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f" fi done @@ -451,7 +467,7 @@ # install_file shorecap ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap 0755 -[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${LIBEXECDIR}/$PRODUCT/shorecap +[ $SHAREDIR = /usr/share ] || eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap echo echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shorecap" @@ -461,17 +477,17 @@ # if [ -f modules ]; then - run_install $OWNERSHIP -m 0600 modules ${DESTDIR}${SHAREDIR}/$PRODUCT + install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600 echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules" fi if [ -f helpers ]; then - run_install $OWNERSHIP -m 0600 helpers ${DESTDIR}${SHAREDIR}/$PRODUCT + install_file helpers ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers 600 echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers" fi for f in modules.*; do - run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f + install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 644 echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f" done @@ -482,17 +498,17 @@ if [ -d manpages ]; then cd manpages - [ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/ + mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/ for f in *.5; do gzip -c $f > $f.gz - run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz + install_file $f.gz ${DESTDIR}${MANDIR}/man5/$f.gz 644 echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man5/$f.gz" done for f in *.8; do gzip -c $f > $f.gz - run_install $T $INSTALLD $OWNERSHIP -m 0644 $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz + install_file $f.gz ${DESTDIR}${MANDIR}/man8/$f.gz 644 echo "Man page $f.gz installed to ${DESTDIR}${MANDIR}/man8/$f.gz" done @@ -502,7 +518,7 @@ fi if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then - run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT + install_file logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT 644 echo "Logrotate file installed as ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT" fi @@ -533,13 +549,13 @@ chmod 755 ${DESTDIR}${SYSCONFDIR} fi - run_install $OWNERSHIP -m 0644 ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} + install_file ${SYSCONFFILE} ${DESTDIR}${SYSCONFDIR}/${PRODUCT} 0640 echo "$SYSCONFFILE installed in ${DESTDIR}${SYSCONFDIR}/${PRODUCT}" fi if [ ${SHAREDIR} != /usr/share ]; then - eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SHAREDIR}/${PRODUCT}/lib.base - eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}/${SBINDIR}/$PRODUCT + eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SHAREDIR}/${PRODUCT}/lib.base + eval sed -i \'s\|/usr/share/\|${SHAREDIR}/\|\' ${DESTDIR}${SBINDIR}/$PRODUCT fi if [ $configure -eq 1 -a -z "$DESTDIR" -a -n "$first_install" -a -z "${cygwin}${mac}" ]; then @@ -587,6 +603,13 @@ else cant_autostart fi + elif [ $HOST = openwrt -a -f ${CONFDIR}/rc.common ]; then + /etc/init.d/$PRODUCT enable + if /etc/init.d/$PRODUCT enabled; then + echo "$PRODUCT will start automatically at boot" + else + cant_autostart + fi elif [ "$INITFILE" != rc.${PRODUCT} ]; then #Slackware starts this automatically cant_autostart fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/manpages/shorewall-lite-vardir.5 new/shorewall-lite-4.6.13.4/manpages/shorewall-lite-vardir.5 --- old/shorewall-lite-4.6.13/manpages/shorewall-lite-vardir.5 2015-09-08 20:13:20.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/manpages/shorewall-lite-vardir.5 2016-01-02 23:42:38.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\-VAR" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\-VAR" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/manpages/shorewall-lite.8 new/shorewall-lite-4.6.13.4/manpages/shorewall-lite.8 --- old/shorewall-lite-4.6.13/manpages/shorewall-lite.8 2015-09-08 20:13:21.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/manpages/shorewall-lite.8 2016-01-02 23:42:40.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-LITE" "8" "09/08/2015" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-LITE" "8" "01/02/2016" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/manpages/shorewall-lite.conf.5 new/shorewall-lite-4.6.13.4/manpages/shorewall-lite.conf.5 --- old/shorewall-lite-4.6.13/manpages/shorewall-lite.conf.5 2015-09-08 20:13:19.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/manpages/shorewall-lite.conf.5 2016-01-02 23:42:37.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 http://docbook.sf.net/ -.\" Date: 09/08/2015 +.\" Date: 01/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\&.CO" "5" "09/08/2015" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\&.CO" "5" "01/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/releasenotes.txt new/shorewall-lite-4.6.13.4/releasenotes.txt --- old/shorewall-lite-4.6.13/releasenotes.txt 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/releasenotes.txt 2016-01-02 23:39:54.000000000 +0100 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 1 3 + S H O R E W A L L 4 . 6 . 1 3 . 4 ------------------------------ - S e p t e m b e r 0 9 , 2 0 1 5 + J a n u a r y 0 2 , 2 0 1 6 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -22,6 +22,57 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.4 + +1) This release includes a couple of additional configure/install + fixes from Matt Darfeuille. + +2) The DROP command was previously rejected in the mangle file. That + has been corrected. + +4.6.13.3 + +1) Previously, Shorewall6 rejected rules in which the SOURCE contained + both an interface name and a MAC address (in Shorewall + format). That defect has been corrected so that such rules are now + accepted. + +2) A number of corrections have been made to the install, uninstall + and configure scripts (Matt Darfeuille). + +3) Previously, optional interfaces were not enabled during 'start' and + 'restart' unless there was at least one entry in the 'providers' + file. This resulted in these interfaces not appearing in the + output of 'shorewall[6] status -i'. + +4) The check for use of a circular kernel log buffer (as opposed to a + log file) has been improved. + +5) Previously, if a circular log buffer was being used, the output of + various commands still displayed '/var/log/messages' as the log + file. Now, it is displayed as 'logread'. + +6) When processing the 'dump' command, the CLI now uses 'netstat' to + print socket information when the 'ss' utility is not installed. + +4.6.13.2 + +1) Previously, if statistical load balancing was used in the providers + file, the default route in the main table was not deleted during + firewall start/restart. That route is now correctly deleted. + +4.6.13.1 + +1) Previously, the 'reset' command would fail if chain names were + included. Now, the command succeeds, provided that all of the + specified chains exist in the filter table. + +2) The TCP meta-connection is now supported by the Tinc macro and + tunnel type. Previously, only the UDP data connection was + supported. + +4.6.13 Final + 1) The 'rules' file manpages have been corrected regarding the packets that are processed by rules in the NEW section. @@ -67,6 +118,30 @@ I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.13.3 + +1) Support for OpenWRT versions BB and later has been added. Included + in this support are: + + - The log display commands (show log, logwatch, etc.) no longer + depend on the 'tac' utility (although it will be used if it is + installed). + + - Shorewall-core's 'configure' script detects OpenWRT and accepts + HOST=openwrt as an argument. + + - Shorewall-core, Shorewall-lite and Shoreawll6-lite installers + support openwrt. Additionally, those installers no longer depend + on the 'install' utility. + + - Shorewall[6]-lite will use OpenWRT's 'lock' utility to create the + LOCKFILE. + + A special thanks to Matt Darfeuille for his help in making this + support possible. + +4.6.13 + 1) 'update -t' now converts both the tcrules and tos files. 2) 'second' and 'minute' are now allowed in the LOGLIMIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/shorewall-lite.spec new/shorewall-lite-4.6.13.4/shorewall-lite.spec --- old/shorewall-lite-4.6.13/shorewall-lite.spec 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/shorewall-lite.spec 2016-01-02 23:39:54.000000000 +0100 @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.6.13 -%define release 0base +%define release 4 %define initdir /etc/init.d Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -106,6 +106,14 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat Jan 02 2016 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-4 +* Tue Dec 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-3 +* Fri Sep 18 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-2 +* Tue Sep 08 2015 Tom Eastep tom@shorewall.net +- Updated to 4.6.13-1 * Mon Sep 07 2015 Tom Eastep tom@shorewall.net - Updated to 4.6.13-0base * Sun Aug 30 2015 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/shorewallrc.openwrt new/shorewall-lite-4.6.13.4/shorewallrc.openwrt --- old/shorewall-lite-4.6.13/shorewallrc.openwrt 1970-01-01 01:00:00.000000000 +0100 +++ new/shorewall-lite-4.6.13.4/shorewallrc.openwrt 2016-01-02 23:39:54.000000000 +0100 @@ -0,0 +1,26 @@ +# +# Created by Shorewall Core version 5.0.2-RC1 configure - Fri, Nov 06, 2015 10:02:03 AM +# +# Input: host=openwrt +# +HOST=openwrt +PREFIX=/usr +SHAREDIR=${PREFIX}/share +LIBEXECDIR=${PREFIX}/share +PERLLIBDIR=${PREFIX}/share/shorewall +CONFDIR=/etc +SBINDIR=/sbin +MANDIR=${PREFIX}/man +INITDIR=/etc/init.d +INITSOURCE=init.openwrt.sh +INITFILE=$PRODUCT +AUXINITSOURCE= +AUXINITFILE= +SERVICEDIR= +SERVICEFILE= +SYSCONFFILE=default.openwrt +SYSCONFDIR=${CONFDIR}/sysconfig +SPARSE= +ANNOTATED= +VARLIB=/lib +VARDIR=${VARLIB}/$PRODUCT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.13/uninstall.sh new/shorewall-lite-4.6.13.4/uninstall.sh --- old/shorewall-lite-4.6.13/uninstall.sh 2015-09-08 20:10:32.000000000 +0200 +++ new/shorewall-lite-4.6.13.4/uninstall.sh 2016-01-02 23:39:54.000000000 +0100 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.13 +VERSION=4.6.13.4 PRODUCT=shorewall-lite usage() # $1 = exit status @@ -168,7 +168,15 @@ fi if [ -L ${SHAREDIR}/shorewall-lite/init ]; then - FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init) + if [ $HOST = openwrt ]; then + if [ $configure -eq 1 ] && /etc/init.d/shorewall-lite enabled; then + /etc/init.d/shorewall-lite disable + fi + + FIREWALL=$(readlink ${SHAREDIR}/shorewall-lite/init) + else + FIREWALL=$(readlink -m -q ${SHAREDIR}/shorewall-lite/init) + fi elif [ -n "$INITFILE" ]; then FIREWALL=${INITDIR}/${INITFILE} fi @@ -187,9 +195,11 @@ remove_file $FIREWALL fi -if [ -n "$SYSTEMD" ]; then +[ -z "$SERVICEDIR" ] && SERVICEDIR="$SYSTEMD" + +if [ -n "$SERVICEDIR" ]; then [ $configure -eq 1 ] && systemctl disable ${PRODUCT} - rm -f $SYSTEMD/shorewall-lite.service + rm -f $SERVICEDIR/shorewall-lite.service fi rm -f ${SBINDIR}/shorewall-lite @@ -199,6 +209,7 @@ rm -rf ${SHAREDIR}/shorewall-lite rm -rf ${LIBEXECDIR}/shorewall-lite rm -f ${CONFDIR}/logrotate.d/shorewall-lite +rm -f ${SYSCONFDIR}/shorewall-lite rm -f ${MANDIR}/man5/shorewall-lite* rm -f ${MANDIR}/man8/shorewall-lite* ++++++ shorewall-4.6.13.tar.bz2 -> shorewall6-4.6.13.4.tar.bz2 ++++++ ++++ 130141 lines of diff (skipped) ++++++ shorewall-lite-4.6.13.tar.bz2 -> shorewall6-lite-4.6.13.4.tar.bz2 ++++++ ++++ 9554 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de