Hello community,
here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory
checked in at Sat Jul 11 02:18:49 CEST 2009.
--------
--- SuSEfirewall2/SuSEfirewall2.changes 2009-06-09 16:23:08.000000000 +0200
+++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes 2009-07-09 15:51:22.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Jul 9 13:50:47 UTC 2009 - lnussel@suse.de
+
+- add note about use as bridging firewall
+- allow to set FW_ZONE_DEFAULT via config file
+- deprecate fw_custom_before_antispoofing and
+ fw_custom_after_antispoofing, use fw_custom_after_chain_creation
+ instead
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
SuSEfirewall2-3.6_SVNr214.tar.bz2
New:
----
SuSEfirewall2-3.6_SVNr219.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ SuSEfirewall2.spec ++++++
--- /var/tmp/diff_new_pack.vR863z/_old 2009-07-11 02:18:44.000000000 +0200
+++ /var/tmp/diff_new_pack.vR863z/_new 2009-07-11 02:18:44.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package SuSEfirewall2 (Version 3.6_SVNr214)
+# spec file for package SuSEfirewall2 (Version 3.6_SVNr219)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -20,7 +20,7 @@
Name: SuSEfirewall2
-Version: 3.6_SVNr214
+Version: 3.6_SVNr219
Release: 1
License: GPL v2 or later
Group: Productivity/Networking/Security
++++++ SuSEfirewall2-3.6_SVNr214.tar.bz2 -> SuSEfirewall2-3.6_SVNr219.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6_SVNr214/Makefile new/SuSEfirewall2-3.6_SVNr219/Makefile
--- old/SuSEfirewall2-3.6_SVNr214/Makefile 2009-06-09 16:15:29.000000000 +0200
+++ new/SuSEfirewall2-3.6_SVNr219/Makefile 2009-07-09 15:49:12.000000000 +0200
@@ -65,8 +65,8 @@
install -m 644 $$i $(DESTDIR)/etc/sysconfig/scripts; \
done
install -m 755 SuSEfirewall2_ifup $(DESTDIR)/etc/sysconfig/network/scripts/SuSEfirewall2
- ln -s /etc/sysconfig/network/scripts/SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/if-up.d
- ln -s SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/scripts/firewall
+ ln -sf /etc/sysconfig/network/scripts/SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/if-up.d
+ ln -sf SuSEfirewall2 $(DESTDIR)/etc/sysconfig/network/scripts/firewall
install -m 755 SuSEfirewall2-custom.sysconfig $(DESTDIR)/etc/sysconfig/scripts/SuSEfirewall2-custom
install -m 644 SuSEfirewall2.service.TEMPLATE $(DESTDIR)/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6_SVNr214/SuSEfirewall2 new/SuSEfirewall2-3.6_SVNr219/SuSEfirewall2
--- old/SuSEfirewall2-3.6_SVNr214/SuSEfirewall2 2009-06-09 16:15:29.000000000 +0200
+++ new/SuSEfirewall2-3.6_SVNr219/SuSEfirewall2 2009-07-09 15:49:12.000000000 +0200
@@ -255,6 +255,10 @@
esac
fi
+if [ "$FW_ZONE_DEFAULT" = 'yes' -o "$FW_ZONE_DEFAULT" = 'auto' ]; then
+ FW_ZONE_DEFAULT=''
+fi
+
if [ -n "$USE_IPTABLES_BATCH" -a "$USE_IPTABLES_BATCH" != 'no' ]; then
need batch
check_iptables_batch
@@ -805,6 +809,7 @@
##
# Provide empty functions for transparent hook support for customised rules
+fw_custom_after_chain_creation() { true; }
fw_custom_before_antispoofing() { true; }
fw_custom_after_antispoofing() { true; }
fw_custom_before_port_handling() { true; }
@@ -887,14 +892,16 @@
if [ -n "$z" ]; then
if eval [ -n "\"\$zone_$z\"" ]; then
eval FW_DEV_$z="\"\$FW_DEV_$z \$d\""
+ #" fix vim syntax
eval iface_$d=$z
else
error "invalid zone '$z' specified for interface '$d'"
fi
- elif [ -n "$FW_ZONE_DEFAULT" ]; then
+ elif [ -n "$FW_ZONE_DEFAULT" -a "$FW_ZONE_DEFAULT" != 'no' ]; then
message "using default zone '$FW_ZONE_DEFAULT' for interface $d"
z="$FW_ZONE_DEFAULT"
eval FW_DEV_$z="\"\$FW_DEV_$z \$d\""
+ #" fix vim syntax
eval iface_$d=$z
else
warning "no firewall zone defined for interface $d"
@@ -1261,7 +1268,7 @@
$iptables -A INPUT -j input_$zone -i $dev
done
done
- if [ -n "$FW_ZONE_DEFAULT" ]; then
+ if [ -n "$FW_ZONE_DEFAULT" -a "$FW_ZONE_DEFAULT" != 'no' ]; then
$iptables -A INPUT -j "input_$FW_ZONE_DEFAULT"
fi
if [ "$FW_ROUTE" = yes ]; then
@@ -2218,9 +2225,12 @@
create_chains
# HOOK
+fw_custom_after_chain_creation
+
+# HOOK, deprecated
fw_custom_before_antispoofing
-# HOOK
+# HOOK, deprecated
fw_custom_after_antispoofing
protect_from_internal
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6_SVNr214/SuSEfirewall2-custom.sysconfig new/SuSEfirewall2-3.6_SVNr219/SuSEfirewall2-custom.sysconfig
--- old/SuSEfirewall2-3.6_SVNr214/SuSEfirewall2-custom.sysconfig 2005-06-28 10:02:27.000000000 +0200
+++ new/SuSEfirewall2-3.6_SVNr219/SuSEfirewall2-custom.sysconfig 2009-07-09 15:49:12.000000000 +0200
@@ -1,5 +1,5 @@
#
-# Authors: Marc Heuse