commit shorewall for openSUSE:Factory

Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2014-05-27 18:31:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shorewall (Old) and /work/SRC/openSUSE:Factory/.shorewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "shorewall" Changes: -------- --- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2014-05-21 16:30:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.shorewall.new/shorewall.changes 2014-05-27 18:31:24.000000000 +0200 @@ -1,0 +2,22 @@ +Tue May 27 10:42:42 UTC 2014 - toganm@opensuse.org + +- Update to version 4.6.0.2 For more details see changelog.txt and + releasenotes.txt + + * The 'upgrade -A' command now converts the tcrules file to a + mangle file. Previously, that didn't happen. + * The install components now support RHEL7. + * Whitespace issues in the skeleton configuration files have been + corrected (Tuomo Soini). + * FAQ 2e has been added which describes additional steps required + to achieve hairpin NAT on a bridge where the modified packets are + to go out the same bridge port as they entered. + * shorewall-masq(5) has been corrected to include the word SOURCE + on the description of that column. Previously, the description + read '(formerly called SUBNET)'. + * The output of 'shorewall show filters' once again shows ingress + (policing) filters. This works around undocumented changes to + the behavior of the 'tc' utility. + +- removed backported CHECKSUM.patch +------------------------------------------------------------------- Old: ---- shorewall-4.6.0.tar.bz2 shorewall-core-4.6.0.tar.bz2 shorewall-docs-html-4.6.0.tar.bz2 shorewall-init-4.6.0.tar.bz2 shorewall-lite-4.6.0.tar.bz2 shorewall6-4.6.0.tar.bz2 shorewall6-lite-4.6.0.tar.bz2 New: ---- shorewall-4.6.0.2.tar.bz2 shorewall-core-4.6.0.2.tar.bz2 shorewall-docs-html-4.6.0.2.tar.bz2 shorewall-init-4.6.0.2.tar.bz2 shorewall-lite-4.6.0.2.tar.bz2 shorewall6-4.6.0.2.tar.bz2 shorewall6-lite-4.6.0.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.kDXfa6/_old 2014-05-27 18:31:30.000000000 +0200 +++ /var/tmp/diff_new_pack.kDXfa6/_new 2014-05-27 18:31:30.000000000 +0200 @@ -20,7 +20,7 @@ %define have_systemd 1 Name: shorewall -Version: 4.6.0 +Version: 4.6.0.2 Release: 0 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems License: GPL-2.0 @@ -41,8 +41,6 @@ Patch1: 0001-fillup-install.patch # PATCH-FIX-UPSTREAM toganm@opensuse.org Shorewall-init init.suse.sh Required Start Patch2: 0001-remote_fs.patch -# PATCH-FIX-UPSTSREAM backported from git version -Patch3: CHECKSUM.patch %if 0%{?suse_version} >= 1210 || 0%{?fedora_version} BuildRequires: systemd %{?systemd_requires} @@ -309,7 +307,6 @@ # apply patches to shorewall pushd %name-%version -%patch3 -p2 popd # apply patches to shorewall-lite pushd %name-lite-%version ++++++ shorewall-4.6.0.tar.bz2 -> shorewall-4.6.0.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Perl/Shorewall/Compiler.pm new/shorewall-4.6.0.2/Perl/Shorewall/Compiler.pm --- old/shorewall-4.6.0/Perl/Shorewall/Compiler.pm 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/Perl/Shorewall/Compiler.pm 2014-05-23 18:31:41.000000000 +0200 @@ -730,7 +730,7 @@ # # Do all of the zone-independent stuff (mostly /proc) # - add_common_rules( $convert ); + add_common_rules( $convert, $tcrules ); # # More /proc # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Perl/Shorewall/Config.pm new/shorewall-4.6.0.2/Perl/Shorewall/Config.pm --- old/shorewall-4.6.0/Perl/Shorewall/Config.pm 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/Perl/Shorewall/Config.pm 2014-05-23 18:31:41.000000000 +0200 @@ -709,7 +709,7 @@ TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => "4.6.0", + VERSION => "4.6.0.2", CAPVERSION => 40600 , ); # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Perl/Shorewall/Misc.pm new/shorewall-4.6.0.2/Perl/Shorewall/Misc.pm --- old/shorewall-4.6.0/Perl/Shorewall/Misc.pm 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/Perl/Shorewall/Misc.pm 2014-05-23 18:31:41.000000000 +0200 @@ -775,8 +775,8 @@ sub setup_mss(); -sub add_common_rules ( $ ) { - my $upgrade = shift; +sub add_common_rules ( $$ ) { + my ( $upgrade_blacklist, $upgrade_tcrules ) = @_; my $interface; my $chainref; my $target; @@ -929,8 +929,8 @@ run_user_exit1 'initdone'; - if ( $upgrade ) { - exit 0 unless convert_blacklist; + if ( $upgrade_blacklist ) { + exit 0 unless convert_blacklist || $upgrade_tcrules; } else { setup_blacklist; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Perl/Shorewall/Tc.pm new/shorewall-4.6.0.2/Perl/Shorewall/Tc.pm --- old/shorewall-4.6.0/Perl/Shorewall/Tc.pm 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/Perl/Shorewall/Tc.pm 2014-05-23 18:31:41.000000000 +0200 @@ -338,7 +338,7 @@ minparams => 0, maxparams => 0 , function => sub() { - $target = 'CHECKSUM'; + $target = 'CHECKSUM --checksum-fill'; }, }, @@ -693,7 +693,9 @@ ( $cmd, $designator ) = split_action( $action ); if ( supplied $designator ) { - fatal_error "Invalid chain designator ( $designator )" unless $designator = $designators{$designator}; + my $temp = $designators{$designator}; + fatal_error "Invalid chain designator ( $designator )" unless $temp; + $designator = $temp; } ( $cmd , $params ) = get_target_param1( $cmd ); @@ -710,11 +712,11 @@ if ( $source ne '-' ) { if ( $source eq $fw ) { - fatal_error 'Rules with SOURCE $FW must use the OUTPUT chain' if $designator && $designator ne OUTPUT; + fatal_error 'Rules with SOURCE $FW must use the OUTPUT chain' if $designator && $designator != OUTPUT; $chain = OUTPUT; $source = '-'; } elsif ( $source =~ s/^($fw):// ) { - fatal_error 'Rules with SOURCE $FW must use the OUTPUT chain' if $designator && $designator ne OUTPUT; + fatal_error 'Rules with SOURCE $FW must use the OUTPUT chain' if $designator && $designator != OUTPUT; $chain = OUTPUT; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Samples/three-interfaces/masq.annotated new/shorewall-4.6.0.2/Samples/three-interfaces/masq.annotated --- old/shorewall-4.6.0/Samples/three-interfaces/masq.annotated 2014-05-15 17:23:52.000000000 +0200 +++ new/shorewall-4.6.0.2/Samples/three-interfaces/masq.annotated 2014-05-23 18:33:14.000000000 +0200 @@ -101,7 +101,7 @@ # # See example 8 below. # -# (Formerly called SUBNET) - {interface|address[,address][exclusion]} +# SOURCE (Formerly called SUBNET) - {interface|address[,address][exclusion]} # # Set of hosts that you wish to masquerade. You can specify this as an # address (net or host) or as an interface (use of an interface is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/Samples/two-interfaces/masq.annotated new/shorewall-4.6.0.2/Samples/two-interfaces/masq.annotated --- old/shorewall-4.6.0/Samples/two-interfaces/masq.annotated 2014-05-15 17:23:57.000000000 +0200 +++ new/shorewall-4.6.0.2/Samples/two-interfaces/masq.annotated 2014-05-23 18:33:19.000000000 +0200 @@ -101,7 +101,7 @@ # # See example 8 below. # -# (Formerly called SUBNET) - {interface|address[,address][exclusion]} +# SOURCE (Formerly called SUBNET) - {interface|address[,address][exclusion]} # # Set of hosts that you wish to masquerade. You can specify this as an # address (net or host) or as an interface (use of an interface is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/changelog.txt new/shorewall-4.6.0.2/changelog.txt --- old/shorewall-4.6.0/changelog.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/changelog.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,3 +1,29 @@ +Changes in 4.6.0.2 + +1) Update release documents. + +2) Correct handling of tcrules upgrade with 'upgrade -A'. + +3) Apply Tuomo Soini's whitespace patch. + +4) Extend Orion Poplawski's RHEL7 patch. + +5) Add FAQ 2e. + +6) Update Support article. + +7) Fix shorewall-masq SOURCE description + +Changes in 4.6.0.1 + +1) Update release documents. + +2) Correct CHECKSUM handling. + +3) Apply Simon Mater's cosmetic changes to 'mangle' file. + +4) Correct chain designator editing. + Changes in 4.6.0 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/blrules new/shorewall-4.6.0.2/configfiles/blrules --- old/shorewall-4.6.0/configfiles/blrules 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/blrules 2014-05-23 18:26:12.000000000 +0200 @@ -6,7 +6,7 @@ # Please see http://shorewall.net/blacklisting_support.htm for additional # information. # -################################################################################################################################################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH +################################################################################################################################################################################################ +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH # PORT PORT(S) DEST LIMIT GROUP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/blrules.annotated new/shorewall-4.6.0.2/configfiles/blrules.annotated --- old/shorewall-4.6.0/configfiles/blrules.annotated 2014-05-15 17:23:29.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/blrules.annotated 2014-05-23 18:32:50.000000000 +0200 @@ -6,7 +6,7 @@ # Please see http://shorewall.net/blacklisting_support.htm for additional # information. # -################################################################################################################################################################################################### +################################################################################################################################################################################################ # # This file is used to perform blacklisting and whitelisting. # @@ -155,6 +155,6 @@ # # WHITELIST net:[2001:DB8::/64] all # -################################################################################################################################################################################################### -#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH +################################################################################################################################################################################################ +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH # PORT PORT(S) DEST LIMIT GROUP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/clear new/shorewall-4.6.0.2/configfiles/clear --- old/shorewall-4.6.0/configfiles/clear 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/clear 2014-05-23 18:26:12.000000000 +0200 @@ -3,8 +3,8 @@ # # /etc/shorewall/clear # -# Add commands below that you want to be executed after Shorewall -# has processed the 'clear' command. +# Add commands below that you want to be executed after Shorewall has +# processed the 'clear' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/findgw new/shorewall-4.6.0.2/configfiles/findgw --- old/shorewall-4.6.0/configfiles/findgw 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/findgw 2014-05-23 18:26:12.000000000 +0200 @@ -3,12 +3,12 @@ # # /etc/shorewall/findgw # -# The code in this file is executed when Shorewall is trying to detect the -# gateway through an interface in /etc/shorewall/providers that has GATEWAY -# specified as 'detect'. +# The code in this file is executed when Shorewall is trying to detect the +# gateway through an interface in /etc/shorewall/providers that has GATEWAY +# specified as 'detect'. # -# The function should echo the IP address of the gateway if it knows what -# it is; the name of the interface is in $1. +# The function should echo the IP address of the gateway if it knows what +# it is; the name of the interface is in $1. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/lib.private new/shorewall-4.6.0.2/configfiles/lib.private --- old/shorewall-4.6.0/configfiles/lib.private 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/lib.private 2014-05-23 18:26:12.000000000 +0200 @@ -3,9 +3,9 @@ # # /etc/shorewall/lib.private # -# Use this file to declare shell functions to be called in the other -# run-time extension scripts. The file will be copied into the generated -# firewall script. +# Use this file to declare shell functions to be called in the other +# run-time extension scripts. The file will be copied into the generated +# firewall script. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/mangle new/shorewall-4.6.0.2/configfiles/mangle --- old/shorewall-4.6.0/configfiles/mangle 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/mangle 2014-05-23 18:26:12.000000000 +0200 @@ -1,7 +1,7 @@ # # Shorewall version 4 - Mangle File # -# For information about entries in this file, type "man shorewall-tcrules" +# For information about entries in this file, type "man shorewall-mangle" # # See http://shorewall.net/traffic_shaping.htm for additional information. # For usage in selecting among multiple ISPs, see @@ -9,7 +9,6 @@ # # See http://shorewall.net/PacketMarking.html for a detailed description of # the Netfilter/Shorewall packet marking mechanism. -################################################################################################################################################## -#ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP +#################################################################################################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP # PORT(S) PORT(S) - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/mangle.annotated new/shorewall-4.6.0.2/configfiles/mangle.annotated --- old/shorewall-4.6.0/configfiles/mangle.annotated 2014-05-15 17:23:33.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/mangle.annotated 2014-05-23 18:32:55.000000000 +0200 @@ -1,7 +1,7 @@ # # Shorewall version 4 - Mangle File # -# For information about entries in this file, type "man shorewall-tcrules" +# For information about entries in this file, type "man shorewall-mangle" # # See http://shorewall.net/traffic_shaping.htm for additional information. # For usage in selecting among multiple ISPs, see @@ -9,7 +9,7 @@ # # See http://shorewall.net/PacketMarking.html for a detailed description of # the Netfilter/Shorewall packet marking mechanism. -################################################################################################################################################## +#################################################################################################################################################### # # This file was introduced in Shorewall 4.6.0 and is intended to replace # shorewall-rules(5). This file is only processed by the compiler if: @@ -734,6 +734,6 @@ # eth0 192.168.1.0/24 1.1.1.3 ; mark=2:C # eth0 192.168.1.0/24 1.1.1.4 ; mark=3:C # -################################################################################################################################################## -#ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP +#################################################################################################################################################### +#ACTION SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP # PORT(S) PORT(S) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/masq.annotated new/shorewall-4.6.0.2/configfiles/masq.annotated --- old/shorewall-4.6.0/configfiles/masq.annotated 2014-05-15 17:23:34.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/masq.annotated 2014-05-23 18:32:55.000000000 +0200 @@ -97,7 +97,7 @@ # # See example 8 below. # -# (Formerly called SUBNET) - {interface|address[,address][exclusion]} +# SOURCE (Formerly called SUBNET) - {interface|address[,address][exclusion]} # # Set of hosts that you wish to masquerade. You can specify this as an # address (net or host) or as an interface (use of an interface is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/refresh new/shorewall-4.6.0.2/configfiles/refresh --- old/shorewall-4.6.0/configfiles/refresh 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/refresh 2014-05-23 18:26:12.000000000 +0200 @@ -3,8 +3,8 @@ # # /etc/shorewall/refresh # -# Add commands below that you want to be executed before Shorewall -# has processed the 'refresh' command. +# Add commands below that you want to be executed before Shorewall +# has processed the 'refresh' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/refreshed new/shorewall-4.6.0.2/configfiles/refreshed --- old/shorewall-4.6.0/configfiles/refreshed 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/refreshed 2014-05-23 18:26:12.000000000 +0200 @@ -3,8 +3,8 @@ # # /etc/shorewall/refreshed # -# Add commands below that you want to be executed after Shorewall -# has processed the 'refresh' command. +# Add commands below that you want to be executed after Shorewall has +# processed the 'refresh' command. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/scfilter new/shorewall-4.6.0.2/configfiles/scfilter --- old/shorewall-4.6.0/configfiles/scfilter 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/scfilter 2014-05-23 18:26:12.000000000 +0200 @@ -3,8 +3,8 @@ # # /etc/shorewall/scfilter # -# Replace the 'cat' command below to filter the output of -# 'show connections. +# Replace the 'cat' command below to filter the output of +# 'show connections'. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/shorewall.conf new/shorewall-4.6.0.2/configfiles/shorewall.conf --- old/shorewall-4.6.0/configfiles/shorewall.conf 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/shorewall.conf 2014-05-23 18:26:12.000000000 +0200 @@ -12,13 +12,13 @@ STARTUP_ENABLED=No ############################################################################### -# V E R B O S I T Y +# V E R B O S I T Y ############################################################################### VERBOSITY=1 ############################################################################### -# L O G G I N G +# L O G G I N G ############################################################################### BLACKLIST_LOG_LEVEL= @@ -100,7 +100,7 @@ REJECT_DEFAULT=Reject ############################################################################### -# R S H / R C P C O M M A N D S +# R S H / R C P C O M M A N D S ############################################################################### RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' @@ -271,8 +271,8 @@ ZONE_BITS=0 ################################################################################ -# L E G A C Y O P T I O N -# D O N O T D E L E T E O R A L T E R +# L E G A C Y O P T I O N +# D O N O T D E L E T E O R A L T E R ################################################################################ IPSECFILE=zones diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/shorewall.conf.annotated new/shorewall-4.6.0.2/configfiles/shorewall.conf.annotated --- old/shorewall-4.6.0/configfiles/shorewall.conf.annotated 2014-05-15 17:23:41.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/shorewall.conf.annotated 2014-05-23 18:33:03.000000000 +0200 @@ -62,7 +62,7 @@ # started before it has been configured. # ############################################################################### -# V E R B O S I T Y +# V E R B O S I T Y ############################################################################### VERBOSITY=1 # @@ -80,7 +80,7 @@ # If not specified, then 2 is assumed. # ############################################################################### -# L O G G I N G +# L O G G I N G ############################################################################### BLACKLIST_LOG_LEVEL= # @@ -516,7 +516,7 @@ # action or body that does not already have a log level. # ############################################################################### -# R S H / R C P C O M M A N D S +# R S H / R C P C O M M A N D S ############################################################################### RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' # @@ -1788,8 +1788,8 @@ # to be used for the zone mark. Default value is 0. # ################################################################################ -# L E G A C Y O P T I O N -# D O N O T D E L E T E O R A L T E R +# L E G A C Y O P T I O N +# D O N O T D E L E T E O R A L T E R ################################################################################ IPSECFILE=zones # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/tcclasses new/shorewall-4.6.0.2/configfiles/tcclasses --- old/shorewall-4.6.0/configfiles/tcclasses 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/tcclasses 2014-05-23 18:26:12.000000000 +0200 @@ -7,4 +7,4 @@ # ############################################################################### #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS -# DMAX:UMAX +# DMAX:UMAX diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/tcclasses.annotated new/shorewall-4.6.0.2/configfiles/tcclasses.annotated --- old/shorewall-4.6.0/configfiles/tcclasses.annotated 2014-05-15 17:23:43.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/tcclasses.annotated 2014-05-23 18:33:04.000000000 +0200 @@ -438,4 +438,4 @@ # ############################################################################### #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS -# DMAX:UMAX +# DMAX:UMAX diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/tcclear new/shorewall-4.6.0.2/configfiles/tcclear --- old/shorewall-4.6.0/configfiles/tcclear 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/tcclear 2014-05-23 18:26:12.000000000 +0200 @@ -3,8 +3,8 @@ # # /etc/shorewall/tcclear # -# Add commands below that you want to be executed before Shorewall -# clears the traffic shaping configuration. +# Add commands below that you want to be executed before Shorewall clears +# the traffic shaping configuration. # # See http://shorewall.net/shorewall_extension_scripts.htm for additional # information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/tcfilters new/shorewall-4.6.0.2/configfiles/tcfilters --- old/shorewall-4.6.0/configfiles/tcfilters 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/tcfilters 2014-05-23 18:26:12.000000000 +0200 @@ -6,5 +6,5 @@ # See http://shorewall.net/traffic_shaping.htm for additional information. # ######################################################################################################## -#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY +#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY #CLASS PORT(S) PORT(S) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configfiles/tcfilters.annotated new/shorewall-4.6.0.2/configfiles/tcfilters.annotated --- old/shorewall-4.6.0/configfiles/tcfilters.annotated 2014-05-15 17:23:44.000000000 +0200 +++ new/shorewall-4.6.0.2/configfiles/tcfilters.annotated 2014-05-23 18:33:06.000000000 +0200 @@ -166,5 +166,5 @@ # 1:10 0.0.0.0/0 0.0.0.0/0 icmp echo-reply 10 # ######################################################################################################## -#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY +#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY #CLASS PORT(S) PORT(S) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configure new/shorewall-4.6.0.2/configure --- old/shorewall-4.6.0/configure 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/configure 2014-05-23 18:31:41.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0 +VERSION=4.6.0.2 case "$BASH_VERSION" in [4-9].*) @@ -98,7 +98,7 @@ eval $(cat /etc/os-release | grep ^ID=) case $ID in - fedora) + fedora|rhel) vendor=redhat ;; debian|ubuntu) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/configure.pl new/shorewall-4.6.0.2/configure.pl --- old/shorewall-4.6.0/configure.pl 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/configure.pl 2014-05-23 18:31:41.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0' + VERSION => '4.6.0.2' }; my %params; @@ -64,7 +64,7 @@ $id =~ s/ID=//; - if ( $id eq 'fedora' ) { + if ( $id eq 'fedora' || $id eq 'rhel' ) { $vendor = 'redhat'; } elsif ( $id eq 'opensuse' ) { $vendor = 'suse'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/install.sh new/shorewall-4.6.0.2/install.sh --- old/shorewall-4.6.0/install.sh 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/install.sh 2014-05-23 18:31:41.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=4.6.0 +VERSION=4.6.0.2 # # Change to the directory containing this script @@ -216,7 +216,7 @@ eval $(cat /etc/os-release | grep ^ID) case $ID in - fedora) + fedora|rhel) BUILD=redhat ;; debian) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/known_problems.txt new/shorewall-4.6.0.2/known_problems.txt --- old/shorewall-4.6.0/known_problems.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/known_problems.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,109 +1,31 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. -2) The Shorewall Init installer (install.sh) fails on Gentoo systems. +2) The CHECKSUM target in the tcrules and mangle files is broken and + results in this error diagnostic: - Corrected in Shorewall 4.5.21.1. + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input -3) The installers (install.sh) fail to start the products at boot time - on Debian and derivatives. This problem was introduced in Shorewall - 4.5.21. + Corrected in 4.6.0.1 - Corrected in Shorewall 4.5.21.1. +3) The 'update -A' command does not convert an existing tcrules file + into the equivalent mangle file. A separate 'update -t' step is + required. -4) Multiple ICMP/ICMP6 types listed in a rule result in a Perl runtime - error on the compiler. + Corrected in 4.6.0.2 - Corrected in Shorewall 4.5.21.1. +4) The 'update 't' command results in a Perl segfault when run on + RHEL5-based systems and the tcrules file contains '?FORMAT 2' -5) An attempt to specify RAS or Q.931 in the HELPER column is rejected - with an error. + Workaround: Replace '?FORMAT 2' by 'FORMAT 2'. - Corrected in Shorewall 4.5.21.1. -6) The 'nohostroute' provider option does not suppress the addition of - a host route in the default routing table when USE_DEFAULT_RT=Yes. - - Corrected in Shorewall 4.5.21.1. - -7) The AutoBL action fails if the kernel and iptables does not support - the Recent Match '--reap' option. - - Corrected in Shorewall 4.5.21.2. - -8) The Shorewall-core installer reports an error from 'cp' - stating that it can not stat the shorewallrc file. - - Workaround: Run the installer a second time. - - Corrected in Shorewall 4.5.21.2. - -9) When a non-root user attempts to execute 'version -a', the CLI - attempts to get the version of the compiled firewall resulting in - the following diagnostic when run by non-root: - - /sbin/shorewall: /var/lib/shorewall/firewall: Permission denied - - Corrected in Shorewall 4.5.21.2. - -10) Shorewall uses 'fgrep' making it unusable on on systems without - that utility. - - Corrected in Shorewall 4.5.21.2. - -11) Placing |<mark> in the ACTION column of the tcrules file raises a - fatal compilation error. - - Corrected in Shorewall 4.5.21.2. - -12) The Shorewall-core installer fails when run on Ubuntu Raring. - - Corrected in Shorewall 4.5.21.2. - -13) The Shorewall-init installer fails when run on Ubuntu Raring. - - Workaround: Run as follows: - - BUILD=debian ./install.sh - - Corrected in Shorewall 4.5.21.3. - -14) The tarball installers don't run update-rc.d on Debian-based - systems without insserv. - - Corrected in Shorewall 4.5.21.3. - -15) If an HFSC class is specified with dmax but not umax, then - the firewall fails to start with the messages: - - Nov 14 13:42:42 Setting up Traffic Control... - HFSC: Illegal "umax" - HFSC: Illegal "sc" - ERROR: Command "tc class add dev eth1 parent 1:1 classid 1:110 hfsc sc - umax b dmax 150ms rate 1575kbit ul rate 3150kbit" Failed - - Workaround: Specify a umax value equal to the device MTU. - - Corrected in Shorewall 4.5.21.4. - -16) The 'add' command previously fails if 'IPSET=' appears in the - shorewall.conf file. - - Workaround: Specify the correct pathname in the IPSET= entry. - - Corrected in Shorewall 4.5.21.5. - -16) When a non-terminating target specifies logging, the compiler - erroneously generates a 'goto' (-g) iptables command rather than a - 'jump' (-j) command. This causes the wrong set of rules to be - traversed, usually the catchall 'REJECT' rule at the end of the - INPUT or FORWARD chain. - - Corrected in Shorewall 4.5.21.6 - -17) Existing connections are not blocked when ADMINISABSENTMINDED=No - and the firewall is stopped. - - Corrected in Shorewall 4.5.21.7 (but read the release notes - carefully). + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-accounting.5 new/shorewall-4.6.0.2/manpages/shorewall-accounting.5 --- old/shorewall-4.6.0/manpages/shorewall-accounting.5 2014-05-15 17:22:23.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-accounting.5 2014-05-23 18:31:45.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-accounting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACCOUNTIN" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACCOUNTIN" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-actions.5 new/shorewall-4.6.0.2/manpages/shorewall-actions.5 --- old/shorewall-4.6.0/manpages/shorewall-actions.5 2014-05-15 17:22:24.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-actions.5 2014-05-23 18:31:46.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-actions .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACTIONS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACTIONS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-arprules.5 new/shorewall-4.6.0.2/manpages/shorewall-arprules.5 --- old/shorewall-4.6.0/manpages/shorewall-arprules.5 2014-05-15 17:22:25.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-arprules.5 2014-05-23 18:31:47.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-arprules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ARPRULES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ARPRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-blacklist.5 new/shorewall-4.6.0.2/manpages/shorewall-blacklist.5 --- old/shorewall-4.6.0/manpages/shorewall-blacklist.5 2014-05-15 17:22:27.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-blacklist.5 2014-05-23 18:31:49.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-blacklist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLACKLIST" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLACKLIST" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-blrules.5 new/shorewall-4.6.0.2/manpages/shorewall-blrules.5 --- old/shorewall-4.6.0/manpages/shorewall-blrules.5 2014-05-15 17:22:28.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-blrules.5 2014-05-23 18:31:50.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-blrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLRULES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-conntrack.5 new/shorewall-4.6.0.2/manpages/shorewall-conntrack.5 --- old/shorewall-4.6.0/manpages/shorewall-conntrack.5 2014-05-15 17:22:34.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-conntrack.5 2014-05-23 18:31:57.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall6-conntrack .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL6\-CONNTRAC" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL6\-CONNTRAC" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-ecn.5 new/shorewall-4.6.0.2/manpages/shorewall-ecn.5 --- old/shorewall-4.6.0/manpages/shorewall-ecn.5 2014-05-15 17:22:36.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-ecn.5 2014-05-23 18:31:58.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-ecn .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ECN" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ECN" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-exclusion.5 new/shorewall-4.6.0.2/manpages/shorewall-exclusion.5 --- old/shorewall-4.6.0/manpages/shorewall-exclusion.5 2014-05-15 17:22:37.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-exclusion.5 2014-05-23 18:31:59.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-exclusion .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-EXCLUSION" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-EXCLUSION" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-hosts.5 new/shorewall-4.6.0.2/manpages/shorewall-hosts.5 --- old/shorewall-4.6.0/manpages/shorewall-hosts.5 2014-05-15 17:22:38.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-hosts.5 2014-05-23 18:32:01.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-hosts .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-HOSTS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-HOSTS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-init.8 new/shorewall-4.6.0.2/manpages/shorewall-init.8 --- old/shorewall-4.6.0/manpages/shorewall-init.8 2014-05-15 17:22:40.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-init.8 2014-05-23 18:32:02.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-init .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-INIT" "8" "05/15/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-INIT" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-interfaces.5 new/shorewall-4.6.0.2/manpages/shorewall-interfaces.5 --- old/shorewall-4.6.0/manpages/shorewall-interfaces.5 2014-05-15 17:22:41.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-interfaces.5 2014-05-23 18:32:04.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-interfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-INTERFACE" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-INTERFACE" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-ipsets.5 new/shorewall-4.6.0.2/manpages/shorewall-ipsets.5 --- old/shorewall-4.6.0/manpages/shorewall-ipsets.5 2014-05-15 17:22:43.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-ipsets.5 2014-05-23 18:32:05.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-ipsets .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-IPSETS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-IPSETS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-maclist.5 new/shorewall-4.6.0.2/manpages/shorewall-maclist.5 --- old/shorewall-4.6.0/manpages/shorewall-maclist.5 2014-05-15 17:22:44.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-maclist.5 2014-05-23 18:32:07.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-maclist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MACLIST" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MACLIST" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-mangle.5 new/shorewall-4.6.0.2/manpages/shorewall-mangle.5 --- old/shorewall-4.6.0/manpages/shorewall-mangle.5 2014-05-15 17:22:46.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-mangle.5 2014-05-23 18:32:08.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MANGLE" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-masq.5 new/shorewall-4.6.0.2/manpages/shorewall-masq.5 --- old/shorewall-4.6.0/manpages/shorewall-masq.5 2014-05-15 17:22:48.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-masq.5 2014-05-23 18:32:10.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-masq .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MASQ" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MASQ" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -176,7 +176,7 @@ See example 8 below\&. .RE .PP -(Formerly called SUBNET) \- {\fIinterface\fR|\fIaddress\fR[\fB,\fR\fIaddress\fR][\fIexclusion\fR]} +\fBSOURCE\fR (Formerly called SUBNET) \- {\fIinterface\fR|\fIaddress\fR[\fB,\fR\fIaddress\fR][\fIexclusion\fR]} .RS 4 Set of hosts that you wish to masquerade\&. You can specify this as an \fIaddress\fR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-modules.5 new/shorewall-4.6.0.2/manpages/shorewall-modules.5 --- old/shorewall-4.6.0/manpages/shorewall-modules.5 2014-05-15 17:22:49.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-modules.5 2014-05-23 18:32:11.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-modules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MODULES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MODULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-nat.5 new/shorewall-4.6.0.2/manpages/shorewall-nat.5 --- old/shorewall-4.6.0/manpages/shorewall-nat.5 2014-05-15 17:22:50.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-nat.5 2014-05-23 18:32:13.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-nat .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NAT" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NAT" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-nesting.5 new/shorewall-4.6.0.2/manpages/shorewall-nesting.5 --- old/shorewall-4.6.0/manpages/shorewall-nesting.5 2014-05-15 17:22:52.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-nesting.5 2014-05-23 18:32:14.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-nesting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NESTING" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NESTING" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-netmap.5 new/shorewall-4.6.0.2/manpages/shorewall-netmap.5 --- old/shorewall-4.6.0/manpages/shorewall-netmap.5 2014-05-15 17:22:53.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-netmap.5 2014-05-23 18:32:15.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-netmap .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NETMAP" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NETMAP" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-params.5 new/shorewall-4.6.0.2/manpages/shorewall-params.5 --- old/shorewall-4.6.0/manpages/shorewall-params.5 2014-05-15 17:22:54.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-params.5 2014-05-23 18:32:17.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-params .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PARAMS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PARAMS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-policy.5 new/shorewall-4.6.0.2/manpages/shorewall-policy.5 --- old/shorewall-4.6.0/manpages/shorewall-policy.5 2014-05-15 17:22:56.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-policy.5 2014-05-23 18:32:18.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-policy .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-POLICY" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-POLICY" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-providers.5 new/shorewall-4.6.0.2/manpages/shorewall-providers.5 --- old/shorewall-4.6.0/manpages/shorewall-providers.5 2014-05-15 17:22:57.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-providers.5 2014-05-23 18:32:20.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-providers .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROVIDERS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROVIDERS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-proxyarp.5 new/shorewall-4.6.0.2/manpages/shorewall-proxyarp.5 --- old/shorewall-4.6.0/manpages/shorewall-proxyarp.5 2014-05-15 17:22:58.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-proxyarp.5 2014-05-23 18:32:21.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-proxyarp .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROXYARP" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROXYARP" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-routes.5 new/shorewall-4.6.0.2/manpages/shorewall-routes.5 --- old/shorewall-4.6.0/manpages/shorewall-routes.5 2014-05-15 17:23:01.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-routes.5 2014-05-23 18:32:24.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-routes .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-routestopped.5 new/shorewall-4.6.0.2/manpages/shorewall-routestopped.5 --- old/shorewall-4.6.0/manpages/shorewall-routestopped.5 2014-05-15 17:23:00.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-routestopped.5 2014-05-23 18:32:22.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTESTOP" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTESTOP" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-rtrules.5 new/shorewall-4.6.0.2/manpages/shorewall-rtrules.5 --- old/shorewall-4.6.0/manpages/shorewall-rtrules.5 2014-05-15 17:23:02.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-rtrules.5 2014-05-23 18:32:25.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-rtrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RTRULES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RTRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-rules.5 new/shorewall-4.6.0.2/manpages/shorewall-rules.5 --- old/shorewall-4.6.0/manpages/shorewall-rules.5 2014-05-15 17:23:05.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-rules.5 2014-05-23 18:32:28.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-rules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RULES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-secmarks.5 new/shorewall-4.6.0.2/manpages/shorewall-secmarks.5 --- old/shorewall-4.6.0/manpages/shorewall-secmarks.5 2014-05-15 17:23:06.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-secmarks.5 2014-05-23 18:32:29.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-secmarks .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-SECMARKS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-SECMARKS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-stoppedrules.5 new/shorewall-4.6.0.2/manpages/shorewall-stoppedrules.5 --- old/shorewall-4.6.0/manpages/shorewall-stoppedrules.5 2014-05-15 17:23:08.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-stoppedrules.5 2014-05-23 18:32:30.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-stoppedrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-STOPPEDRU" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-STOPPEDRU" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcclasses.5 new/shorewall-4.6.0.2/manpages/shorewall-tcclasses.5 --- old/shorewall-4.6.0/manpages/shorewall-tcclasses.5 2014-05-15 17:23:09.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcclasses.5 2014-05-23 18:32:32.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcclasses .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCCLASSES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCCLASSES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcdevices.5 new/shorewall-4.6.0.2/manpages/shorewall-tcdevices.5 --- old/shorewall-4.6.0/manpages/shorewall-tcdevices.5 2014-05-15 17:23:11.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcdevices.5 2014-05-23 18:32:33.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcdevices .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCDEVICES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCDEVICES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcfilters.5 new/shorewall-4.6.0.2/manpages/shorewall-tcfilters.5 --- old/shorewall-4.6.0/manpages/shorewall-tcfilters.5 2014-05-15 17:23:12.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcfilters.5 2014-05-23 18:32:35.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcfilters .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCFILTERS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCFILTERS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcinterfaces.5 new/shorewall-4.6.0.2/manpages/shorewall-tcinterfaces.5 --- old/shorewall-4.6.0/manpages/shorewall-tcinterfaces.5 2014-05-15 17:23:14.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcinterfaces.5 2014-05-23 18:32:36.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcinterfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCINTERFA" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCINTERFA" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcpri.5 new/shorewall-4.6.0.2/manpages/shorewall-tcpri.5 --- old/shorewall-4.6.0/manpages/shorewall-tcpri.5 2014-05-15 17:23:15.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcpri.5 2014-05-23 18:32:37.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcpri .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCPRI" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCPRI" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tcrules.5 new/shorewall-4.6.0.2/manpages/shorewall-tcrules.5 --- old/shorewall-4.6.0/manpages/shorewall-tcrules.5 2014-05-15 17:23:17.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tcrules.5 2014-05-23 18:32:39.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "05/15/2014" "[FIXME: source]" "[FIXME: manual]" +.TH "SHOREWALL\-MANGLE" "5" "05/23/2014" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tos.5 new/shorewall-4.6.0.2/manpages/shorewall-tos.5 --- old/shorewall-4.6.0/manpages/shorewall-tos.5 2014-05-15 17:23:18.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tos.5 2014-05-23 18:32:41.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tos .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TOS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TOS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-tunnels.5 new/shorewall-4.6.0.2/manpages/shorewall-tunnels.5 --- old/shorewall-4.6.0/manpages/shorewall-tunnels.5 2014-05-15 17:23:20.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-tunnels.5 2014-05-23 18:32:42.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tunnels .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TUNNELS" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TUNNELS" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-vardir.5 new/shorewall-4.6.0.2/manpages/shorewall-vardir.5 --- old/shorewall-4.6.0/manpages/shorewall-vardir.5 2014-05-15 17:23:21.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-vardir.5 2014-05-23 18:32:43.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-VARDIR" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-VARDIR" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall-zones.5 new/shorewall-4.6.0.2/manpages/shorewall-zones.5 --- old/shorewall-4.6.0/manpages/shorewall-zones.5 2014-05-15 17:23:25.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall-zones.5 2014-05-23 18:32:48.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-zones .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ZONES" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ZONES" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall.8 new/shorewall-4.6.0.2/manpages/shorewall.8 --- old/shorewall-4.6.0/manpages/shorewall.8 2014-05-15 17:23:24.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall.8 2014-05-23 18:32:46.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "05/15/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/manpages/shorewall.conf.5 new/shorewall-4.6.0.2/manpages/shorewall.conf.5 --- old/shorewall-4.6.0/manpages/shorewall.conf.5 2014-05-15 17:22:33.000000000 +0200 +++ new/shorewall-4.6.0.2/manpages/shorewall.conf.5 2014-05-23 18:31:55.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\&.CONF" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\&.CONF" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/releasenotes.txt new/shorewall-4.6.0.2/releasenotes.txt --- old/shorewall-4.6.0/releasenotes.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/releasenotes.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 + S H O R E W A L L 4 . 6 . 0 . 2 ------------------------------------ - M a y 1 5 , 2 0 1 4 + M a y 2 4 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,54 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.2 + +1) The 'upgrade -A' command now converts the tcrules file to a mangle + file. Previously, that didn't happen. + +2) The install components now support RHEL7. + +3) Whitespace issues in the skeleton configuration files have been + corrected (Tuomo Soini). + +4) The install components now support RHEL7. + +5) FAQ 2e has been added which describes additional steps required to + achieve hairpin NAT on a bridge where the modified packets are to + go out the same bridge port as they entered. + +6) shorewall-masq(5) has been corrected to include the word SOURCE on + the description of that column. Previously, the description read + '(formerly called SUBNET)'. + +7) The output of 'shorewall show filters' once again shows ingress + (policing filters). This works around undocumented changes to the + behavior of the 'tc' utility. + +4.6.0.1 + +1) The CHECKSUM target in the tcrules and mangle files was broken and + resulted in this error diagnostic: + + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input + + The compiler is now generating the correct rule. + +2) Some cosmetic issues in the 'mangle' files have been resolved. + +3) When an invalid chain designator was supplied in 'tcrules' or + 'mangle', the compiler's error message was garbled and a + Perl diagnostic was issued. + +4.6.0 + This release includes all defect repair from releases up through 4.5.21.9. @@ -329,9 +377,9 @@ See shorewall6(8) for limitations of 'update -t'. -12) The default value LOAD_HELPERS_ONLY is now 'Yes'. +15) The default value LOAD_HELPERS_ONLY is now 'Yes'. -13) Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are +16) Beginning with Shorewall 4.6.0, FORMAT-1 actions and macros are deprecated and a warning will be issued for each FORMAT-1 action or macro found. @@ -374,7 +422,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER @@ -403,7 +451,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/shorewall.spec new/shorewall-4.6.0.2/shorewall.spec --- old/shorewall-4.6.0/shorewall.spec 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/shorewall.spec 2014-05-23 18:31:41.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall %define version 4.6.0 -%define release 0base +%define release 2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -130,6 +130,10 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-2 +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-1 * Sat May 10 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-0base * Wed May 07 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0/uninstall.sh new/shorewall-4.6.0.2/uninstall.sh --- old/shorewall-4.6.0/uninstall.sh 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-4.6.0.2/uninstall.sh 2014-05-23 18:31:41.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { ++++++ shorewall-core-4.6.0.tar.bz2 -> shorewall-core-4.6.0.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/changelog.txt new/shorewall-core-4.6.0.2/changelog.txt --- old/shorewall-core-4.6.0/changelog.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-core-4.6.0.2/changelog.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,3 +1,29 @@ +Changes in 4.6.0.2 + +1) Update release documents. + +2) Correct handling of tcrules upgrade with 'upgrade -A'. + +3) Apply Tuomo Soini's whitespace patch. + +4) Extend Orion Poplawski's RHEL7 patch. + +5) Add FAQ 2e. + +6) Update Support article. + +7) Fix shorewall-masq SOURCE description + +Changes in 4.6.0.1 + +1) Update release documents. + +2) Correct CHECKSUM handling. + +3) Apply Simon Mater's cosmetic changes to 'mangle' file. + +4) Correct chain designator editing. + Changes in 4.6.0 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/configure new/shorewall-core-4.6.0.2/configure --- old/shorewall-core-4.6.0/configure 2014-05-15 17:22:16.000000000 +0200 +++ new/shorewall-core-4.6.0.2/configure 2014-05-23 18:31:40.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0 +VERSION=4.6.0.2 case "$BASH_VERSION" in [4-9].*) @@ -98,7 +98,7 @@ eval $(cat /etc/os-release | grep ^ID=) case $ID in - fedora) + fedora|rhel) vendor=redhat ;; debian|ubuntu) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/configure.pl new/shorewall-core-4.6.0.2/configure.pl --- old/shorewall-core-4.6.0/configure.pl 2014-05-15 17:22:16.000000000 +0200 +++ new/shorewall-core-4.6.0.2/configure.pl 2014-05-23 18:31:40.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0' + VERSION => '4.6.0.2' }; my %params; @@ -64,7 +64,7 @@ $id =~ s/ID=//; - if ( $id eq 'fedora' ) { + if ( $id eq 'fedora' || $id eq 'rhel' ) { $vendor = 'redhat'; } elsif ( $id eq 'opensuse' ) { $vendor = 'suse'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/install.sh new/shorewall-core-4.6.0.2/install.sh --- old/shorewall-core-4.6.0/install.sh 2014-05-15 17:22:16.000000000 +0200 +++ new/shorewall-core-4.6.0.2/install.sh 2014-05-23 18:31:40.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { @@ -198,7 +198,7 @@ eval $(cat /etc/os-release | grep ^ID) case $ID in - fedora) + fedora|rhel) BUILD=redhat ;; debian) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/known_problems.txt new/shorewall-core-4.6.0.2/known_problems.txt --- old/shorewall-core-4.6.0/known_problems.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-core-4.6.0.2/known_problems.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,109 +1,31 @@ 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. -2) The Shorewall Init installer (install.sh) fails on Gentoo systems. +2) The CHECKSUM target in the tcrules and mangle files is broken and + results in this error diagnostic: - Corrected in Shorewall 4.5.21.1. + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input -3) The installers (install.sh) fail to start the products at boot time - on Debian and derivatives. This problem was introduced in Shorewall - 4.5.21. + Corrected in 4.6.0.1 - Corrected in Shorewall 4.5.21.1. +3) The 'update -A' command does not convert an existing tcrules file + into the equivalent mangle file. A separate 'update -t' step is + required. -4) Multiple ICMP/ICMP6 types listed in a rule result in a Perl runtime - error on the compiler. + Corrected in 4.6.0.2 - Corrected in Shorewall 4.5.21.1. +4) The 'update 't' command results in a Perl segfault when run on + RHEL5-based systems and the tcrules file contains '?FORMAT 2' -5) An attempt to specify RAS or Q.931 in the HELPER column is rejected - with an error. + Workaround: Replace '?FORMAT 2' by 'FORMAT 2'. - Corrected in Shorewall 4.5.21.1. -6) The 'nohostroute' provider option does not suppress the addition of - a host route in the default routing table when USE_DEFAULT_RT=Yes. - - Corrected in Shorewall 4.5.21.1. - -7) The AutoBL action fails if the kernel and iptables does not support - the Recent Match '--reap' option. - - Corrected in Shorewall 4.5.21.2. - -8) The Shorewall-core installer reports an error from 'cp' - stating that it can not stat the shorewallrc file. - - Workaround: Run the installer a second time. - - Corrected in Shorewall 4.5.21.2. - -9) When a non-root user attempts to execute 'version -a', the CLI - attempts to get the version of the compiled firewall resulting in - the following diagnostic when run by non-root: - - /sbin/shorewall: /var/lib/shorewall/firewall: Permission denied - - Corrected in Shorewall 4.5.21.2. - -10) Shorewall uses 'fgrep' making it unusable on on systems without - that utility. - - Corrected in Shorewall 4.5.21.2. - -11) Placing |<mark> in the ACTION column of the tcrules file raises a - fatal compilation error. - - Corrected in Shorewall 4.5.21.2. - -12) The Shorewall-core installer fails when run on Ubuntu Raring. - - Corrected in Shorewall 4.5.21.2. - -13) The Shorewall-init installer fails when run on Ubuntu Raring. - - Workaround: Run as follows: - - BUILD=debian ./install.sh - - Corrected in Shorewall 4.5.21.3. - -14) The tarball installers don't run update-rc.d on Debian-based - systems without insserv. - - Corrected in Shorewall 4.5.21.3. - -15) If an HFSC class is specified with dmax but not umax, then - the firewall fails to start with the messages: - - Nov 14 13:42:42 Setting up Traffic Control... - HFSC: Illegal "umax" - HFSC: Illegal "sc" - ERROR: Command "tc class add dev eth1 parent 1:1 classid 1:110 hfsc sc - umax b dmax 150ms rate 1575kbit ul rate 3150kbit" Failed - - Workaround: Specify a umax value equal to the device MTU. - - Corrected in Shorewall 4.5.21.4. - -16) The 'add' command previously fails if 'IPSET=' appears in the - shorewall.conf file. - - Workaround: Specify the correct pathname in the IPSET= entry. - - Corrected in Shorewall 4.5.21.5. - -16) When a non-terminating target specifies logging, the compiler - erroneously generates a 'goto' (-g) iptables command rather than a - 'jump' (-j) command. This causes the wrong set of rules to be - traversed, usually the catchall 'REJECT' rule at the end of the - INPUT or FORWARD chain. - - Corrected in Shorewall 4.5.21.6 - -17) Existing connections are not blocked when ADMINISABSENTMINDED=No - and the firewall is stopped. - - Corrected in Shorewall 4.5.21.7 (but read the release notes - carefully). + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/lib.cli new/shorewall-core-4.6.0.2/lib.cli --- old/shorewall-core-4.6.0/lib.cli 2014-05-15 17:20:10.000000000 +0200 +++ new/shorewall-core-4.6.0.2/lib.cli 2014-05-23 18:26:12.000000000 +0200 @@ -252,6 +252,7 @@ if [ -n "$qdisc" ]; then echo Device $device: + qt tc -s filter ls root dev $device && tc -s filter ls root dev $device | grep -v '^$' tc -s filter ls dev $device echo fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/releasenotes.txt new/shorewall-core-4.6.0.2/releasenotes.txt --- old/shorewall-core-4.6.0/releasenotes.txt 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-core-4.6.0.2/releasenotes.txt 2014-05-23 18:31:41.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 + S H O R E W A L L 4 . 6 . 0 . 2 ------------------------------------ - M a y 1 5 , 2 0 1 4 + M a y 2 4 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,54 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.2 + +1) The 'upgrade -A' command now converts the tcrules file to a mangle + file. Previously, that didn't happen. + +2) The install components now support RHEL7. + +3) Whitespace issues in the skeleton configuration files have been + corrected (Tuomo Soini). + +4) The install components now support RHEL7. + +5) FAQ 2e has been added which describes additional steps required to + achieve hairpin NAT on a bridge where the modified packets are to + go out the same bridge port as they entered. + +6) shorewall-masq(5) has been corrected to include the word SOURCE on + the description of that column. Previously, the description read + '(formerly called SUBNET)'. + +7) The output of 'shorewall show filters' once again shows ingress + (policing filters). This works around undocumented changes to the + behavior of the 'tc' utility. + +4.6.0.1 + +1) The CHECKSUM target in the tcrules and mangle files was broken and + resulted in this error diagnostic: + + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input + + The compiler is now generating the correct rule. + +2) Some cosmetic issues in the 'mangle' files have been resolved. + +3) When an invalid chain designator was supplied in 'tcrules' or + 'mangle', the compiler's error message was garbled and a + Perl diagnostic was issued. + +4.6.0 + This release includes all defect repair from releases up through 4.5.21.9. @@ -329,9 +377,9 @@ See shorewall6(8) for limitations of 'update -t'. -12) The default value LOAD_HELPERS_ONLY is now 'Yes'. +15) The default value LOAD_HELPERS_ONLY is now 'Yes'. -13) Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are +16) Beginning with Shorewall 4.6.0, FORMAT-1 actions and macros are deprecated and a warning will be issued for each FORMAT-1 action or macro found. @@ -374,7 +422,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER @@ -403,7 +451,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/shorewall-core.spec new/shorewall-core-4.6.0.2/shorewall-core.spec --- old/shorewall-core-4.6.0/shorewall-core.spec 2014-05-15 17:22:17.000000000 +0200 +++ new/shorewall-core-4.6.0.2/shorewall-core.spec 2014-05-23 18:31:41.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-core %define version 4.6.0 -%define release 0base +%define release 2 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -62,6 +62,10 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt %changelog +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-2 +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-1 * Sat May 10 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-0base * Wed May 07 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0/uninstall.sh new/shorewall-core-4.6.0.2/uninstall.sh --- old/shorewall-core-4.6.0/uninstall.sh 2014-05-15 17:22:16.000000000 +0200 +++ new/shorewall-core-4.6.0.2/uninstall.sh 2014-05-23 18:31:40.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { ++++++ shorewall-docs-html-4.6.0.tar.bz2 -> shorewall-docs-html-4.6.0.2.tar.bz2 ++++++ ++++ 6836 lines of diff (skipped) ++++++ shorewall-init-4.6.0.tar.bz2 -> shorewall-init-4.6.0.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/changelog.txt new/shorewall-init-4.6.0.2/changelog.txt --- old/shorewall-init-4.6.0/changelog.txt 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/changelog.txt 2014-05-23 18:31:42.000000000 +0200 @@ -1,3 +1,29 @@ +Changes in 4.6.0.2 + +1) Update release documents. + +2) Correct handling of tcrules upgrade with 'upgrade -A'. + +3) Apply Tuomo Soini's whitespace patch. + +4) Extend Orion Poplawski's RHEL7 patch. + +5) Add FAQ 2e. + +6) Update Support article. + +7) Fix shorewall-masq SOURCE description + +Changes in 4.6.0.1 + +1) Update release documents. + +2) Correct CHECKSUM handling. + +3) Apply Simon Mater's cosmetic changes to 'mangle' file. + +4) Correct chain designator editing. + Changes in 4.6.0 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/configure new/shorewall-init-4.6.0.2/configure --- old/shorewall-init-4.6.0/configure 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/configure 2014-05-23 18:31:42.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0 +VERSION=4.6.0.2 case "$BASH_VERSION" in [4-9].*) @@ -98,7 +98,7 @@ eval $(cat /etc/os-release | grep ^ID=) case $ID in - fedora) + fedora|rhel) vendor=redhat ;; debian|ubuntu) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/configure.pl new/shorewall-init-4.6.0.2/configure.pl --- old/shorewall-init-4.6.0/configure.pl 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/configure.pl 2014-05-23 18:31:42.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0' + VERSION => '4.6.0.2' }; my %params; @@ -64,7 +64,7 @@ $id =~ s/ID=//; - if ( $id eq 'fedora' ) { + if ( $id eq 'fedora' || $id eq 'rhel' ) { $vendor = 'redhat'; } elsif ( $id eq 'opensuse' ) { $vendor = 'suse'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/install.sh new/shorewall-init-4.6.0.2/install.sh --- old/shorewall-init-4.6.0/install.sh 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/install.sh 2014-05-23 18:31:42.000000000 +0200 @@ -27,7 +27,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/releasenotes.txt new/shorewall-init-4.6.0.2/releasenotes.txt --- old/shorewall-init-4.6.0/releasenotes.txt 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/releasenotes.txt 2014-05-23 18:31:42.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 + S H O R E W A L L 4 . 6 . 0 . 2 ------------------------------------ - M a y 1 5 , 2 0 1 4 + M a y 2 4 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,54 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.2 + +1) The 'upgrade -A' command now converts the tcrules file to a mangle + file. Previously, that didn't happen. + +2) The install components now support RHEL7. + +3) Whitespace issues in the skeleton configuration files have been + corrected (Tuomo Soini). + +4) The install components now support RHEL7. + +5) FAQ 2e has been added which describes additional steps required to + achieve hairpin NAT on a bridge where the modified packets are to + go out the same bridge port as they entered. + +6) shorewall-masq(5) has been corrected to include the word SOURCE on + the description of that column. Previously, the description read + '(formerly called SUBNET)'. + +7) The output of 'shorewall show filters' once again shows ingress + (policing filters). This works around undocumented changes to the + behavior of the 'tc' utility. + +4.6.0.1 + +1) The CHECKSUM target in the tcrules and mangle files was broken and + resulted in this error diagnostic: + + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input + + The compiler is now generating the correct rule. + +2) Some cosmetic issues in the 'mangle' files have been resolved. + +3) When an invalid chain designator was supplied in 'tcrules' or + 'mangle', the compiler's error message was garbled and a + Perl diagnostic was issued. + +4.6.0 + This release includes all defect repair from releases up through 4.5.21.9. @@ -329,9 +377,9 @@ See shorewall6(8) for limitations of 'update -t'. -12) The default value LOAD_HELPERS_ONLY is now 'Yes'. +15) The default value LOAD_HELPERS_ONLY is now 'Yes'. -13) Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are +16) Beginning with Shorewall 4.6.0, FORMAT-1 actions and macros are deprecated and a warning will be issued for each FORMAT-1 action or macro found. @@ -374,7 +422,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER @@ -403,7 +451,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/shorewall-init.spec new/shorewall-init-4.6.0.2/shorewall-init.spec --- old/shorewall-init-4.6.0/shorewall-init.spec 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/shorewall-init.spec 2014-05-23 18:31:42.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.6.0 -%define release 0base +%define release 2 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -125,6 +125,10 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-2 +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-1 * Sat May 10 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-0base * Wed May 07 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0/uninstall.sh new/shorewall-init-4.6.0.2/uninstall.sh --- old/shorewall-init-4.6.0/uninstall.sh 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-init-4.6.0.2/uninstall.sh 2014-05-23 18:31:42.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { ++++++ shorewall-lite-4.6.0.tar.bz2 -> shorewall-lite-4.6.0.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/changelog.txt new/shorewall-lite-4.6.0.2/changelog.txt --- old/shorewall-lite-4.6.0/changelog.txt 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/changelog.txt 2014-05-23 18:31:42.000000000 +0200 @@ -1,3 +1,29 @@ +Changes in 4.6.0.2 + +1) Update release documents. + +2) Correct handling of tcrules upgrade with 'upgrade -A'. + +3) Apply Tuomo Soini's whitespace patch. + +4) Extend Orion Poplawski's RHEL7 patch. + +5) Add FAQ 2e. + +6) Update Support article. + +7) Fix shorewall-masq SOURCE description + +Changes in 4.6.0.1 + +1) Update release documents. + +2) Correct CHECKSUM handling. + +3) Apply Simon Mater's cosmetic changes to 'mangle' file. + +4) Correct chain designator editing. + Changes in 4.6.0 Final 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/configure new/shorewall-lite-4.6.0.2/configure --- old/shorewall-lite-4.6.0/configure 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/configure 2014-05-23 18:31:42.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0 +VERSION=4.6.0.2 case "$BASH_VERSION" in [4-9].*) @@ -98,7 +98,7 @@ eval $(cat /etc/os-release | grep ^ID=) case $ID in - fedora) + fedora|rhel) vendor=redhat ;; debian|ubuntu) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/configure.pl new/shorewall-lite-4.6.0.2/configure.pl --- old/shorewall-lite-4.6.0/configure.pl 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/configure.pl 2014-05-23 18:31:42.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0' + VERSION => '4.6.0.2' }; my %params; @@ -64,7 +64,7 @@ $id =~ s/ID=//; - if ( $id eq 'fedora' ) { + if ( $id eq 'fedora' || $id eq 'rhel' ) { $vendor = 'redhat'; } elsif ( $id eq 'opensuse' ) { $vendor = 'suse'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/install.sh new/shorewall-lite-4.6.0.2/install.sh --- old/shorewall-lite-4.6.0/install.sh 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/install.sh 2014-05-23 18:31:42.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { @@ -206,7 +206,7 @@ eval $(cat /etc/os-release | grep ^ID) case $ID in - fedora) + fedora|rhel) BUILD=redhat ;; debian) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/manpages/shorewall-lite-vardir.5 new/shorewall-lite-4.6.0.2/manpages/shorewall-lite-vardir.5 --- old/shorewall-lite-4.6.0/manpages/shorewall-lite-vardir.5 2014-05-15 17:25:39.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/manpages/shorewall-lite-vardir.5 2014-05-23 18:34:58.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\-VAR" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\-VAR" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/manpages/shorewall-lite.8 new/shorewall-lite-4.6.0.2/manpages/shorewall-lite.8 --- old/shorewall-lite-4.6.0/manpages/shorewall-lite.8 2014-05-15 17:25:40.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/manpages/shorewall-lite.8 2014-05-23 18:35:00.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-LITE" "8" "05/15/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-LITE" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/manpages/shorewall-lite.conf.5 new/shorewall-lite-4.6.0.2/manpages/shorewall-lite.conf.5 --- old/shorewall-lite-4.6.0/manpages/shorewall-lite.conf.5 2014-05-15 17:25:37.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/manpages/shorewall-lite.conf.5 2014-05-23 18:34:57.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/> -.\" Date: 05/15/2014 +.\" Date: 05/23/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\&.CO" "5" "05/15/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\&.CO" "5" "05/23/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/releasenotes.txt new/shorewall-lite-4.6.0.2/releasenotes.txt --- old/shorewall-lite-4.6.0/releasenotes.txt 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/releasenotes.txt 2014-05-23 18:31:42.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 + S H O R E W A L L 4 . 6 . 0 . 2 ------------------------------------ - M a y 1 5 , 2 0 1 4 + M a y 2 4 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,54 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.2 + +1) The 'upgrade -A' command now converts the tcrules file to a mangle + file. Previously, that didn't happen. + +2) The install components now support RHEL7. + +3) Whitespace issues in the skeleton configuration files have been + corrected (Tuomo Soini). + +4) The install components now support RHEL7. + +5) FAQ 2e has been added which describes additional steps required to + achieve hairpin NAT on a bridge where the modified packets are to + go out the same bridge port as they entered. + +6) shorewall-masq(5) has been corrected to include the word SOURCE on + the description of that column. Previously, the description read + '(formerly called SUBNET)'. + +7) The output of 'shorewall show filters' once again shows ingress + (policing filters). This works around undocumented changes to the + behavior of the 'tc' utility. + +4.6.0.1 + +1) The CHECKSUM target in the tcrules and mangle files was broken and + resulted in this error diagnostic: + + Running /sbin/iptables-restore... + iptables-restore v1.4.7: CHECKSUM target: Parameter --checksum-fill is + required + Error occurred at line: 41 + Try `iptables-restore -h' or 'iptables-restore --help' for more + information. + ERROR: iptables-restore Failed. Input is in + /var/lib/shorewall/.iptables-restore-input + + The compiler is now generating the correct rule. + +2) Some cosmetic issues in the 'mangle' files have been resolved. + +3) When an invalid chain designator was supplied in 'tcrules' or + 'mangle', the compiler's error message was garbled and a + Perl diagnostic was issued. + +4.6.0 + This release includes all defect repair from releases up through 4.5.21.9. @@ -329,9 +377,9 @@ See shorewall6(8) for limitations of 'update -t'. -12) The default value LOAD_HELPERS_ONLY is now 'Yes'. +15) The default value LOAD_HELPERS_ONLY is now 'Yes'. -13) Beginning with Shorewall 4.5.0, FORMAT-1 actions and macros are +16) Beginning with Shorewall 4.6.0, FORMAT-1 actions and macros are deprecated and a warning will be issued for each FORMAT-1 action or macro found. @@ -374,7 +422,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER @@ -403,7 +451,7 @@ MARK CONNLIMIT TIME - HEADERS (Ipv6 only) + HEADERS (Used in IPv6 only) CONDITION HELPER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/shorewall-lite.spec new/shorewall-lite-4.6.0.2/shorewall-lite.spec --- old/shorewall-lite-4.6.0/shorewall-lite.spec 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/shorewall-lite.spec 2014-05-23 18:31:42.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.6.0 -%define release 0base +%define release 2 %define initdir /etc/init.d Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -105,6 +105,10 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-2 +* Fri May 16 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-1 * Sat May 10 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-0base * Wed May 07 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0/uninstall.sh new/shorewall-lite-4.6.0.2/uninstall.sh --- old/shorewall-lite-4.6.0/uninstall.sh 2014-05-15 17:22:18.000000000 +0200 +++ new/shorewall-lite-4.6.0.2/uninstall.sh 2014-05-23 18:31:42.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0 +VERSION=4.6.0.2 usage() # $1 = exit status { ++++++ shorewall-4.6.0.tar.bz2 -> shorewall6-4.6.0.2.tar.bz2 ++++++ ++++ 124574 lines of diff (skipped) ++++++ shorewall-lite-4.6.0.tar.bz2 -> shorewall6-lite-4.6.0.2.tar.bz2 ++++++ ++++ 7379 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org