Hello community, here is the log from the commit of package SuSEfirewall2 checked in at Tue Sep 30 18:03:20 CEST 2008. -------- --- SuSEfirewall2/SuSEfirewall2.changes 2008-09-02 11:23:16.000000000 +0200 +++ /mounts/work_src_done/STABLE/SuSEfirewall2/SuSEfirewall2.changes 2008-09-30 10:49:44.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Sep 30 10:48:19 CEST 2008 - lnussel@suse.de + +- don't modify the ip local port range +- allow negated rules via ! in FW_FORWARD_MASQ (bnc#413046) +- explain some common pitfalls around FW_SERVICES_ACCEPT_EXT +- SuSEfirewall2_init: don't fail if /usr is not available (bnc#429899) + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- SuSEfirewall2-3.6_SVNr200.tar.bz2 New: ---- SuSEfirewall2-3.6_SVNr204.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.ag4807/_old 2008-09-30 18:02:22.000000000 +0200 +++ /var/tmp/diff_new_pack.ag4807/_new 2008-09-30 18:02:22.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package SuSEfirewall2 (Version 3.6_SVNr200) +# spec file for package SuSEfirewall2 (Version 3.6_SVNr204) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: SuSEfirewall2 -Version: 3.6_SVNr200 +Version: 3.6_SVNr204 Release: 1 License: GPL v2 or later Group: Productivity/Networking/Security @@ -196,6 +196,11 @@ rm -rf %{buildroot} %changelog +* Tue Sep 30 2008 lnussel@suse.de +- don't modify the ip local port range +- allow negated rules via ! in FW_FORWARD_MASQ (bnc#413046) +- explain some common pitfalls around FW_SERVICES_ACCEPT_EXT +- SuSEfirewall2_init: don't fail if /usr is not available (bnc#429899) * Tue Sep 02 2008 lnussel@suse.de - fix "recent" match (bnc#421806) * Mon Aug 25 2008 ro@suse.de ++++++ SuSEfirewall2-3.6_SVNr200.tar.bz2 -> SuSEfirewall2-3.6_SVNr204.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2 new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2 --- old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2 2008-09-02 11:22:22.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2 2008-09-12 15:58:33.000000000 +0200 @@ -1022,7 +1022,6 @@ setproc 5 /proc/sys/net/ipv4/icmp_paramprob_rate setproc 6 /proc/sys/net/ipv4/icmp_timeexceed_rate setproc 20 /proc/sys/net/ipv4/ipfrag_time - setproc "1024 29999" /proc/sys/net/ipv4/ip_local_port_range for i in /proc/sys/net/ipv4/conf/*; do setproc 1 $i/log_martians setproc 0 $i/bootp_relay @@ -1983,6 +1982,8 @@ elif [ -z "$port1" ]; then error "Port missing in FW_FORWARD_MASQ -> $nets" else + net1=${net1/\!/\! } + net2=${net2/\!/\! } proto="-p $proto" test -z "$port2" && port2="$port1" port1="--dport $port1" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2_init new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2_init --- old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2_init 2008-09-02 11:22:22.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2_init 2008-09-30 10:47:51.000000000 +0200 @@ -1,7 +1,10 @@ -#! /bin/sh +#! /bin/bash # Copyright (c) 2000-2002 SuSE GmbH Nuernberg, Germany. +# Copyright (C) 2003,2004 SUSE Linux AG +# Copyright (C) 2005-2008 SUSE LINUX Products GmbH # -# Author: Marc Heuse <marc@suse.de> +# Author: Marc Heuse +# Maintainer: Ludwig Nussel # # /etc/init.d/SuSEfirewall2_init # @@ -29,8 +32,13 @@ case "$1" in start) echo -n "Starting Firewall Initialization " - echo -n '(phase 1 of 2) ' - $SUSEFWALL --bootlock -q close + if test -x /usr/sbin/iptables; then + echo -n '(phase 1 of 2) ' + $SUSEFWALL --bootlock -q close + else + echo -n "${extd}iptables not available (yet)${norm}" + rc_failed 5 + fi rc_status -v ;; stop) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2_setup new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2_setup --- old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2_setup 2008-09-02 11:22:22.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2_setup 2008-09-30 10:47:51.000000000 +0200 @@ -1,15 +1,18 @@ -#! /bin/sh +#! /bin/bash # Copyright (c) 2000-2002 SuSE GmbH Nuernberg, Germany. +# Copyright (C) 2003,2004 SUSE Linux AG +# Copyright (C) 2005-2008 SUSE LINUX Products GmbH # -# Author: Marc Heuse <marc@suse.de> +# Author: Marc Heuse +# Maintainer: Ludwig Nussel # # /etc/init.d/SuSEfirewall2_setup # ### BEGIN INIT INFO # Provides: SuSEfirewall2_setup -# Required-Start: SuSEfirewall2_init $network $local_fs +# Required-Start: SuSEfirewall2_init $network $remote_fs # Should-Start: $ALL -# Required-Stop: $local_fs +# Required-Stop: $remote_fs # Should-Stop: $null # Default-Start: 3 4 5 # Default-Stop: 0 1 2 6 @@ -23,13 +26,6 @@ test -x $SUSEFWALL || exit 5 -bootlinkisset() -{ - local l - l=`/sbin/runlevel | (read A B && echo $A)` - test -e /etc/init.d/rc$l.d/S??SuSEfirewall2_setup -} - . /etc/rc.status rc_reset diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2.sysconfig new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2.sysconfig --- old/SuSEfirewall2-3.6_SVNr200/SuSEfirewall2.sysconfig 2008-07-22 10:47:42.000000000 +0200 +++ new/SuSEfirewall2-3.6_SVNr204/SuSEfirewall2.sysconfig 2008-09-12 15:58:33.000000000 +0200 @@ -468,6 +468,14 @@ # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. # +# Note1: keep in mind that FW_SERVICES_EXT_TCP, FW_SERVICES_EXT_UDP +# take precedence over FW_SERVICES_ACCEPT_EXT so don't open the same +# port with both options. +# +# Note2: the iptables recent module may not be available for ipv6. To +# avoid an error message use 0.0.0.0/0 instead of 0/0. This will +# install the rule for ipv4 only. +# FW_SERVICES_ACCEPT_EXT="" ## Type: string ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org