Hello community,
here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2012-09-03 18:56:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shorewall (Old)
and /work/SRC/openSUSE:Factory/.shorewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shorewall", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2012-08-27 17:07:54.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.shorewall.new/shorewall.changes 2012-09-03 18:56:26.000000000 +0200
@@ -1,0 +2,32 @@
+Mon Sep 3 06:32:01 UTC 2012 - toganm@opensuse.org
+
+- Update to 4.5.7.1 For more details see changelog.txt and
+ releasenotes.txt
+
+ * When using IPSEC in a multi-ISP configuration, it is possible
+ for the kernel to mis-route ESP packets. To date, this problem
+ has only been observed on a system running a 3.5 kernel where
+ traffic is being tunneled through GRE which is in turn being
+ tunneled via IPSEC.
+
+ This Shorewall release includes a low-cost workaround.
+
+ * The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now
+ map NOTRACK to 'CT --notrack' if the CT Target is available.
+
+ * Previously, the current COMMENT was not being cleared after the
+ blrules file was processed, causing that COMMENT to be used on
+ entries in the rules file. That defect has been corrected.
+
+- Add a note to the spec for reviewer explaining the configure
+ command usage
+
+- Removed following opensuse specific patches as they are merged to
+ upstream now
+ + shorewall-lite-4.5.2-init.patch
+ + shorewall6-4.5.2-init.patch
+ + shorewall6-lite-4.5.2-init.patch
+ + shorewall-init-4.4.21_init_sh.patch
+- Added 001-required-stop-fix patch for shorewall-lite/init.suse.sh
+-------------------------------------------------------------------
Old:
----
init-4.4.14.patch
shorewall-4.5.7.tar.bz2
shorewall-core-4.5.7.tar.bz2
shorewall-docs-html-4.5.7.tar.bz2
shorewall-init-4.4.21_init_sh.patch
shorewall-init-4.5.7.tar.bz2
shorewall-lite-4.5.2-init.patch
shorewall-lite-4.5.7.tar.bz2
shorewall6-4.5.2-init.patch
shorewall6-4.5.7.tar.bz2
shorewall6-lite-4.5.2-init.patch
shorewall6-lite-4.5.7.tar.bz2
New:
----
0001-required-stop-fix.patch
shorewall-4.5.7.1.tar.bz2
shorewall-core-4.5.7.1.tar.bz2
shorewall-docs-html-4.5.7.1.tar.bz2
shorewall-init-4.5.7.1.tar.bz2
shorewall-lite-4.5.7.1.tar.bz2
shorewall6-4.5.7.1.tar.bz2
shorewall6-lite-4.5.7.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shorewall.spec ++++++
--- /var/tmp/diff_new_pack.eitss9/_old 2012-09-03 18:56:29.000000000 +0200
+++ /var/tmp/diff_new_pack.eitss9/_new 2012-09-03 18:56:29.000000000 +0200
@@ -17,13 +17,13 @@
Name: shorewall
-Version: 4.5.7
+Version: 4.5.7.1
Release: 0
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems
License: GPL-2.0
Group: Productivity/Networking/Security
Url: http://www.shorewall.net/
-Source0: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-%version.ta...
+Source: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-%version.ta...
Source1: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-core-%versi...
Source2: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-lite-%versi...
Source3: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-init-%versi...
@@ -32,19 +32,10 @@
Source6: http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.7/%name-docs-html-%...
Source7: %name-4.4.22.rpmlintrc
Source8: README.openSUSE
-# PATCH-FIX-UPSTREAM init-4.4.14 toganm@opensuse.org -- Required-Stop and Short descriprtion
-Patch0: init-4.4.14.patch
-# PATCH-FIX-UPSTREAM shorewall-lite-4.5.2.init.patch toganm@opensuse.org Required-Stop and Short descriprtion
-Patch1: shorewall-lite-4.5.2-init.patch
-# PATCH-FIX-UPSTREAM shorewall6--4.5.2-init.patch toganm@opensuse.org Required-Stop and Short descriprtion
-Patch2: shorewall6-4.5.2-init.patch
-# PATCH-FIX-UPSTREAM shorewall6-lite-4.5.2.init.patch toganm@opensuse.org Required-Stop and Short descriprtion
-Patch3: shorewall6-lite-4.5.2-init.patch
-# PATCH-FIX-UPSTREAM shorewall-init-4.4.21_init_sh.patch toganm@opensuse.org
-# Required-Start/Stop
-Patch4: shorewall-init-4.4.21_init_sh.patch
+# PATCH-FIX-UPSTREAM toganm@opensuse.org Shorewall-lite init.suse.sh Required Stop
+Patch0: 0001-required-stop-fix.patch
# PATCH-FIX-OPENSUSE shorewall-init-4.5.2-install.patch toganm@opensuse.org -- use of fillup template
-Patch5: shorewall-init-4.5.2-install.patch
+Patch1: shorewall-init-4.5.2-install.patch
%if 0%{?suse_version} >= 1210 || 0%{?centos_version} || 0%{?fedora_version}
BuildRequires: systemd
%{?systemd_requires}
@@ -269,29 +260,19 @@
# we need the patches for suse only
%if 0%{?suse_version}
# apply patches to shorewall
-pushd %name-%version
-%patch0
-popd
# apply patches to shorewall-lite
pushd %name-lite-%version
-%patch1 -p2
+%patch0 -p2
popd
# apply patches to shorewall6
-pushd %{name}6-%version
-%patch2 -p2
-popd
# apply patches to shorewall-lite
-pushd %{name}6-lite-%version
-%patch3 -p2
-popd
# apply patches to shorewall-init
pushd %name-init-%version
-%patch4
-%patch5 -p2
+%patch1 -p2
popd
%endif
@@ -307,6 +288,13 @@
%install
+# NOTE For REVIEWERS
+#
+# configure is used to set the installation parameters to shorewall.
+# The default shorewallrc is not what we want and every distro needs
+# to set it differently. Please see the disccussion in
+# http://lists.opensuse.org/opensuse-packaging/2012-08/msg00050.html
+
targets="shorewall shorewall-core shorewall-lite shorewall6 shorewall6-lite shorewall-init"
%if 0%{?suse_version}
@@ -543,7 +531,6 @@
%dir %_datadir/%name/Shorewall
%attr(0700,root,root) %dir %{_localstatedir}/lib/%name
-
%config(noreplace) %_sysconfdir/logrotate.d/%name
%attr(0755,root,root) %_sbindir/%name
%_datadir/%name/version
@@ -640,7 +627,6 @@
%dir %_datadir/%{name}6/configfiles
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6
-
%_datadir/%{name}6/version
%_datadir/%{name}6/actions.std
%_datadir/%{name}6/action.*
++++++ 0001-required-stop-fix.patch ++++++
From 945753e70e5fdbaef1cdbc75d7f6630393c7a84b Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu
Date: Mon, 3 Sep 2012 08:43:36 +0200
Subject: [PATCH] required-stop fix
Signed-off-by: Togan Muftuoglu
---
Shorewall-lite/init.suse.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Shorewall-lite/init.suse.sh b/Shorewall-lite/init.suse.sh
index ea7df61..f671694 100755
--- a/Shorewall-lite/init.suse.sh
+++ b/Shorewall-lite/init.suse.sh
@@ -40,7 +40,7 @@
### BEGIN INIT INFO
# Provides: shorewall-lite
# Required-Start: $network $remote_fs
-# Required-Stop:
+# Required-Stop: $null
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall firewall
--
1.7.11.5
++++++ shorewall-4.5.7.tar.bz2 -> shorewall-4.5.7.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Perl/Shorewall/Config.pm new/shorewall-4.5.7.1/Perl/Shorewall/Config.pm
--- old/shorewall-4.5.7/Perl/Shorewall/Config.pm 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/Perl/Shorewall/Config.pm 2012-08-28 15:51:44.000000000 +0200
@@ -606,7 +606,7 @@
EXPORT => 0,
KLUDGEFREE => '',
STATEMATCH => '-m state --state',
- VERSION => "4.5.7",
+ VERSION => "4.5.7.1",
CAPVERSION => 40507 ,
);
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Perl/Shorewall/Providers.pm new/shorewall-4.5.7.1/Perl/Shorewall/Providers.pm
--- old/shorewall-4.5.7/Perl/Shorewall/Providers.pm 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/Perl/Shorewall/Providers.pm 2012-08-28 15:51:44.000000000 +0200
@@ -121,7 +121,7 @@
require_capability( $_ , q(The provider 'track' option) , 's' ) for qw/CONNMARK_MATCH CONNMARK/;
- add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => "--restore-mark --mask $mask", connmark => "! --mark 0/$mask" for qw/PREROUTING OUTPUT/;
+ add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => "--restore-mark --mask $mask" for qw/PREROUTING OUTPUT/;
my $chainref = new_chain 'mangle', 'routemark';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Perl/Shorewall/Raw.pm new/shorewall-4.5.7.1/Perl/Shorewall/Raw.pm
--- old/shorewall-4.5.7/Perl/Shorewall/Raw.pm 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/Perl/Shorewall/Raw.pm 2012-08-28 15:51:44.000000000 +0200
@@ -74,7 +74,13 @@
my $exception_rule = '';
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
- unless ( $action eq 'NOTRACK' ) {
+ if ( $action eq 'NOTRACK' ) {
+ #
+ # A patch that deimplements the NOTRACK target has been posted on the
+ # Netfilter development list
+ #
+ $action = 'CT --notrack' if have_capability 'CT_TARGET';
+ } else {
( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Perl/Shorewall/Rules.pm new/shorewall-4.5.7.1/Perl/Shorewall/Rules.pm
--- old/shorewall-4.5.7/Perl/Shorewall/Rules.pm 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/Perl/Shorewall/Rules.pm 2012-08-28 15:51:44.000000000 +0200
@@ -2460,6 +2460,8 @@
);
process_rule while read_a_line( NORMAL_READ );
+
+ clear_comment;
}
$section = '';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Samples/Universal/shorewall.conf.annotated new/shorewall-4.5.7.1/Samples/Universal/shorewall.conf.annotated
--- old/shorewall-4.5.7/Samples/Universal/shorewall.conf.annotated 2012-08-19 17:44:26.000000000 +0200
+++ new/shorewall-4.5.7.1/Samples/Universal/shorewall.conf.annotated 2012-08-28 15:54:37.000000000 +0200
@@ -307,7 +307,7 @@
#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/
-# ISOCODES.html. If not specified, the default value is /usr/share/xt_geoip/
+# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.
#
IPTABLES=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Samples/one-interface/shorewall.conf.annotated new/shorewall-4.5.7.1/Samples/one-interface/shorewall.conf.annotated
--- old/shorewall-4.5.7/Samples/one-interface/shorewall.conf.annotated 2012-08-19 17:43:51.000000000 +0200
+++ new/shorewall-4.5.7.1/Samples/one-interface/shorewall.conf.annotated 2012-08-28 15:54:02.000000000 +0200
@@ -318,7 +318,7 @@
#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/
-# ISOCODES.html. If not specified, the default value is /usr/share/xt_geoip/
+# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.
#
IPTABLES=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Samples/three-interfaces/shorewall.conf.annotated new/shorewall-4.5.7.1/Samples/three-interfaces/shorewall.conf.annotated
--- old/shorewall-4.5.7/Samples/three-interfaces/shorewall.conf.annotated 2012-08-19 17:44:04.000000000 +0200
+++ new/shorewall-4.5.7.1/Samples/three-interfaces/shorewall.conf.annotated 2012-08-28 15:54:14.000000000 +0200
@@ -317,7 +317,7 @@
#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/
-# ISOCODES.html. If not specified, the default value is /usr/share/xt_geoip/
+# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.
#
IPTABLES=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/Samples/two-interfaces/shorewall.conf.annotated new/shorewall-4.5.7.1/Samples/two-interfaces/shorewall.conf.annotated
--- old/shorewall-4.5.7/Samples/two-interfaces/shorewall.conf.annotated 2012-08-19 17:44:16.000000000 +0200
+++ new/shorewall-4.5.7.1/Samples/two-interfaces/shorewall.conf.annotated 2012-08-28 15:54:27.000000000 +0200
@@ -319,7 +319,7 @@
#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/
-# ISOCODES.html. If not specified, the default value is /usr/share/xt_geoip/
+# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.
#
IPTABLES=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/changelog.txt new/shorewall-4.5.7.1/changelog.txt
--- old/shorewall-4.5.7/changelog.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/changelog.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,3 +1,23 @@
+Changes in 4.5.7.1
+
+1) Update Release Documents
+
+2) Move routing display closer to IP display in 'dump' output.
+
+3) Unconditionally restore mark in mangle OUTPUT and PREROUTING.
+
+4) Update manpage links in documentation.
+
+5) Correct link in the shorewall[6].conf manpages.
+
+6) Apply SuSE-specific patches from Togan Muftuoglu.
+
+7) FAQ update.
+
+8) Map NOTRACK to 'CT --notrack' of CT Target is available.
+
+9) Clear current comment after processing the blrules file.
+
Changes in 4.5.7 Final
1) Update Release Documents.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/configfiles/shorewall.conf.annotated new/shorewall-4.5.7.1/configfiles/shorewall.conf.annotated
--- old/shorewall-4.5.7/configfiles/shorewall.conf.annotated 2012-08-19 17:43:30.000000000 +0200
+++ new/shorewall-4.5.7.1/configfiles/shorewall.conf.annotated 2012-08-28 15:53:40.000000000 +0200
@@ -307,7 +307,7 @@
#
# Added in Shorewall 4.5.4. Specifies the pathname of the directory
# containing the GeoIP Match database. See http://www.shorewall.net/
-# ISOCODES.html. If not specified, the default value is /usr/share/xt_geoip/
+# ISO-3661.html. If not specified, the default value is /usr/share/xt_geoip/
# LE which is the default location of the little-endian database.
#
IPTABLES=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/configure new/shorewall-4.5.7.1/configure
--- old/shorewall-4.5.7/configure 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/configure 2012-08-28 15:51:44.000000000 +0200
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.7
+VERSION=4.5.7.1
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/configure.pl new/shorewall-4.5.7.1/configure.pl
--- old/shorewall-4.5.7/configure.pl 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/configure.pl 2012-08-28 15:51:44.000000000 +0200
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.7'
+ VERSION => '4.5.7.1'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/init.suse.sh new/shorewall-4.5.7.1/init.suse.sh
--- old/shorewall-4.5.7/init.suse.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/shorewall-4.5.7.1/init.suse.sh 2012-08-27 22:22:05.000000000 +0200
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.2
+#
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
+#
+# On most distributions, this file should be called /etc/init.d/shorewall.
+#
+# Complete documentation is available at http://shorewall.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of Version 2 of the GNU General Public License
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# If an error occurs while starting or restarting the firewall, the
+# firewall is automatically stopped.
+#
+# Commands are:
+#
+# shorewall start Starts the firewall
+# shorewall restart Restarts the firewall
+# shorewall reload Reload the firewall
+# (same as restart)
+# shorewall stop Stops the firewall
+# shorewall status Displays firewall status
+#
+
+### BEGIN INIT INFO
+# Provides: shorewall
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 2 3 5
+# Default-Stop: 0 6
+# Short-Description: Configure the firewall at boot time
+# Description: Configure the firewall according to the rules specified in
+# /etc/shorewall
+### END INIT INFO
+
+################################################################################
+# Give Usage Information #
+################################################################################
+usage() {
+ echo "Usage: $0 start|stop|reload|restart|status" >&2
+ exit 1
+}
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS="-v0"
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall ]; then
+ . ${SYSCONFDIR}/shorewall
+fi
+
+export SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N B E G I N S H E R E #
+################################################################################
+command="$1"
+shift
+
+case "$command" in
+ start)
+ exec $SBINDIR/shorewall $OPTIONS start $STARTOPTIONS
+ ;;
+ restart|reload)
+ exec $SBINDIR/shorewall $OPTIONS restart $RESTARTOPTIONS
+ ;;
+ status|stop)
+ exec $SBINDIR/shorewall $OPTIONS $command
+ ;;
+ *)
+ usage
+ ;;
+esac
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/install.sh new/shorewall-4.5.7.1/install.sh
--- old/shorewall-4.5.7/install.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/install.sh 2012-08-28 15:51:43.000000000 +0200
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.7
+VERSION=4.5.7.1
#
# Change to the directory containing this script
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/known_problems.txt new/shorewall-4.5.7.1/known_problems.txt
--- old/shorewall-4.5.7/known_problems.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/known_problems.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,2 +1,22 @@
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
+
+2) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+3) Yhe current COMMENT is not being cleared after the blrules file is
+ processed, causing that COMMENT to be used on entries in the rules
+ file.
+3) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+ Workaround: Place an empty COMMENT line at the end of your blrules
+ file.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, that issue has been resolved.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-accounting.5 new/shorewall-4.5.7.1/manpages/shorewall-accounting.5
--- old/shorewall-4.5.7/manpages/shorewall-accounting.5 2012-08-19 17:41:38.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-accounting.5 2012-08-28 15:51:47.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-accounting
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ACCOUNTIN" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ACCOUNTIN" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-actions.5 new/shorewall-4.5.7.1/manpages/shorewall-actions.5
--- old/shorewall-4.5.7/manpages/shorewall-actions.5 2012-08-19 17:41:40.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-actions.5 2012-08-28 15:51:49.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-actions
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ACTIONS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ACTIONS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-blacklist.5 new/shorewall-4.5.7.1/manpages/shorewall-blacklist.5
--- old/shorewall-4.5.7/manpages/shorewall-blacklist.5 2012-08-19 17:41:42.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-blacklist.5 2012-08-28 15:51:51.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-blacklist
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-BLACKLIST" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-BLACKLIST" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-blrules.5 new/shorewall-4.5.7.1/manpages/shorewall-blrules.5
--- old/shorewall-4.5.7/manpages/shorewall-blrules.5 2012-08-19 17:41:44.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-blrules.5 2012-08-28 15:51:53.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-blrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-BLRULES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-BLRULES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-conntrack.5 new/shorewall-4.5.7.1/manpages/shorewall-conntrack.5
--- old/shorewall-4.5.7/manpages/shorewall-conntrack.5 2012-08-19 17:41:50.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-conntrack.5 2012-08-28 15:51:59.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall6-conntrack
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL6\-CONNTRAC" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL6\-CONNTRAC" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-ecn.5 new/shorewall-4.5.7.1/manpages/shorewall-ecn.5
--- old/shorewall-4.5.7/manpages/shorewall-ecn.5 2012-08-19 17:41:52.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-ecn.5 2012-08-28 15:52:02.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-ecn
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ECN" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ECN" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-exclusion.5 new/shorewall-4.5.7.1/manpages/shorewall-exclusion.5
--- old/shorewall-4.5.7/manpages/shorewall-exclusion.5 2012-08-19 17:41:54.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-exclusion.5 2012-08-28 15:52:04.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-exclusion
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-EXCLUSION" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-EXCLUSION" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-hosts.5 new/shorewall-4.5.7.1/manpages/shorewall-hosts.5
--- old/shorewall-4.5.7/manpages/shorewall-hosts.5 2012-08-19 17:41:56.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-hosts.5 2012-08-28 15:52:06.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-hosts
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-HOSTS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-HOSTS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-init.8 new/shorewall-4.5.7.1/manpages/shorewall-init.8
--- old/shorewall-4.5.7/manpages/shorewall-init.8 2012-08-19 17:41:58.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-init.8 2012-08-28 15:52:07.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-init
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-INIT" "8" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-INIT" "8" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-interfaces.5 new/shorewall-4.5.7.1/manpages/shorewall-interfaces.5
--- old/shorewall-4.5.7/manpages/shorewall-interfaces.5 2012-08-19 17:42:01.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-interfaces.5 2012-08-28 15:52:10.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-interfaces
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-INTERFACE" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-INTERFACE" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-ipsets.5 new/shorewall-4.5.7.1/manpages/shorewall-ipsets.5
--- old/shorewall-4.5.7/manpages/shorewall-ipsets.5 2012-08-19 17:42:03.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-ipsets.5 2012-08-28 15:52:12.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-ipsets
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-IPSETS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-IPSETS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-maclist.5 new/shorewall-4.5.7.1/manpages/shorewall-maclist.5
--- old/shorewall-4.5.7/manpages/shorewall-maclist.5 2012-08-19 17:42:05.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-maclist.5 2012-08-28 15:52:14.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-maclist
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-MACLIST" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-MACLIST" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-masq.5 new/shorewall-4.5.7.1/manpages/shorewall-masq.5
--- old/shorewall-4.5.7/manpages/shorewall-masq.5 2012-08-19 17:42:07.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-masq.5 2012-08-28 15:52:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-masq
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-MASQ" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-MASQ" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-modules.5 new/shorewall-4.5.7.1/manpages/shorewall-modules.5
--- old/shorewall-4.5.7/manpages/shorewall-modules.5 2012-08-19 17:42:09.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-modules.5 2012-08-28 15:52:18.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-modules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-MODULES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-MODULES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-nat.5 new/shorewall-4.5.7.1/manpages/shorewall-nat.5
--- old/shorewall-4.5.7/manpages/shorewall-nat.5 2012-08-19 17:42:11.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-nat.5 2012-08-28 15:52:20.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-nat
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-NAT" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-NAT" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-nesting.5 new/shorewall-4.5.7.1/manpages/shorewall-nesting.5
--- old/shorewall-4.5.7/manpages/shorewall-nesting.5 2012-08-19 17:42:13.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-nesting.5 2012-08-28 15:52:23.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-nesting
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-NESTING" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-NESTING" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-netmap.5 new/shorewall-4.5.7.1/manpages/shorewall-netmap.5
--- old/shorewall-4.5.7/manpages/shorewall-netmap.5 2012-08-19 17:42:15.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-netmap.5 2012-08-28 15:52:25.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-netmap
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-NETMAP" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-NETMAP" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-params.5 new/shorewall-4.5.7.1/manpages/shorewall-params.5
--- old/shorewall-4.5.7/manpages/shorewall-params.5 2012-08-19 17:42:17.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-params.5 2012-08-28 15:52:27.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-params
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-PARAMS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-PARAMS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-policy.5 new/shorewall-4.5.7.1/manpages/shorewall-policy.5
--- old/shorewall-4.5.7/manpages/shorewall-policy.5 2012-08-19 17:42:19.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-policy.5 2012-08-28 15:52:29.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-policy
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-POLICY" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-POLICY" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-providers.5 new/shorewall-4.5.7.1/manpages/shorewall-providers.5
--- old/shorewall-4.5.7/manpages/shorewall-providers.5 2012-08-19 17:42:21.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-providers.5 2012-08-28 15:52:31.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-providers
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-PROVIDERS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-PROVIDERS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-proxyarp.5 new/shorewall-4.5.7.1/manpages/shorewall-proxyarp.5
--- old/shorewall-4.5.7/manpages/shorewall-proxyarp.5 2012-08-19 17:42:23.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-proxyarp.5 2012-08-28 15:52:33.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-proxyarp
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-PROXYARP" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-PROXYARP" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-routes.5 new/shorewall-4.5.7.1/manpages/shorewall-routes.5
--- old/shorewall-4.5.7/manpages/shorewall-routes.5 2012-08-19 17:42:27.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-routes.5 2012-08-28 15:52:37.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-routes
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ROUTES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ROUTES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-routestopped.5 new/shorewall-4.5.7.1/manpages/shorewall-routestopped.5
--- old/shorewall-4.5.7/manpages/shorewall-routestopped.5 2012-08-19 17:42:25.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-routestopped.5 2012-08-28 15:52:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-routestopped
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ROUTESTOP" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ROUTESTOP" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-rtrules.5 new/shorewall-4.5.7.1/manpages/shorewall-rtrules.5
--- old/shorewall-4.5.7/manpages/shorewall-rtrules.5 2012-08-19 17:42:29.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-rtrules.5 2012-08-28 15:52:39.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-rtrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-RTRULES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-RTRULES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-rules.5 new/shorewall-4.5.7.1/manpages/shorewall-rules.5
--- old/shorewall-4.5.7/manpages/shorewall-rules.5 2012-08-19 17:42:32.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-rules.5 2012-08-28 15:52:42.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-rules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-RULES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-RULES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-secmarks.5 new/shorewall-4.5.7.1/manpages/shorewall-secmarks.5
--- old/shorewall-4.5.7/manpages/shorewall-secmarks.5 2012-08-19 17:42:34.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-secmarks.5 2012-08-28 15:52:44.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-secmarks
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-SECMARKS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-SECMARKS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcclasses.5 new/shorewall-4.5.7.1/manpages/shorewall-tcclasses.5
--- old/shorewall-4.5.7/manpages/shorewall-tcclasses.5 2012-08-19 17:42:36.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcclasses.5 2012-08-28 15:52:46.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcclasses
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCCLASSES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCCLASSES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcdevices.5 new/shorewall-4.5.7.1/manpages/shorewall-tcdevices.5
--- old/shorewall-4.5.7/manpages/shorewall-tcdevices.5 2012-08-19 17:42:38.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcdevices.5 2012-08-28 15:52:48.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcdevices
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCDEVICES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCDEVICES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcfilters.5 new/shorewall-4.5.7.1/manpages/shorewall-tcfilters.5
--- old/shorewall-4.5.7/manpages/shorewall-tcfilters.5 2012-08-19 17:42:40.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcfilters.5 2012-08-28 15:52:50.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcfilters
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCFILTERS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCFILTERS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcinterfaces.5 new/shorewall-4.5.7.1/manpages/shorewall-tcinterfaces.5
--- old/shorewall-4.5.7/manpages/shorewall-tcinterfaces.5 2012-08-19 17:42:43.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcinterfaces.5 2012-08-28 15:52:52.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcinterfaces
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCINTERFA" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCINTERFA" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcpri.5 new/shorewall-4.5.7.1/manpages/shorewall-tcpri.5
--- old/shorewall-4.5.7/manpages/shorewall-tcpri.5 2012-08-19 17:42:45.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcpri.5 2012-08-28 15:52:54.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcpri
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCPRI" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCPRI" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tcrules.5 new/shorewall-4.5.7.1/manpages/shorewall-tcrules.5
--- old/shorewall-4.5.7/manpages/shorewall-tcrules.5 2012-08-19 17:42:47.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tcrules.5 2012-08-28 15:52:57.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tcrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TCRULES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TCRULES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tos.5 new/shorewall-4.5.7.1/manpages/shorewall-tos.5
--- old/shorewall-4.5.7/manpages/shorewall-tos.5 2012-08-19 17:42:49.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tos.5 2012-08-28 15:52:59.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tos
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TOS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TOS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-tunnels.5 new/shorewall-4.5.7.1/manpages/shorewall-tunnels.5
--- old/shorewall-4.5.7/manpages/shorewall-tunnels.5 2012-08-19 17:42:51.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-tunnels.5 2012-08-28 15:53:01.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-tunnels
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-TUNNELS" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-TUNNELS" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-vardir.5 new/shorewall-4.5.7.1/manpages/shorewall-vardir.5
--- old/shorewall-4.5.7/manpages/shorewall-vardir.5 2012-08-19 17:42:53.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-vardir.5 2012-08-28 15:53:03.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-vardir
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-VARDIR" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-VARDIR" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall-zones.5 new/shorewall-4.5.7.1/manpages/shorewall-zones.5
--- old/shorewall-4.5.7/manpages/shorewall-zones.5 2012-08-19 17:42:58.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall-zones.5 2012-08-28 15:53:08.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-zones
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-ZONES" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-ZONES" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall.8 new/shorewall-4.5.7.1/manpages/shorewall.8
--- old/shorewall-4.5.7/manpages/shorewall.8 2012-08-19 17:42:55.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall.8 2012-08-28 15:53:05.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL" "8" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL" "8" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/manpages/shorewall.conf.5 new/shorewall-4.5.7.1/manpages/shorewall.conf.5
--- old/shorewall-4.5.7/manpages/shorewall.conf.5 2012-08-19 17:41:48.000000000 +0200
+++ new/shorewall-4.5.7.1/manpages/shorewall.conf.5 2012-08-28 15:51:57.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\&.CONF" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\&.CONF" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -586,7 +586,7 @@
Added in Shorewall 4\&.5\&.4\&. Specifies the pathname of the directory containing the
GeoIP Match
database\&. See
-\m[blue]\fBhttp://www\&.shorewall\&.net/ISOCODES\&.html\fR\m[]\&. If not specified, the default value is
+\m[blue]\fBhttp://www\&.shorewall\&.net/ISO\-3661\&.html\fR\m[]\&. If not specified, the default value is
/usr/share/xt_geoip/LE
which is the default location of the little\-endian database\&.
.RE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/releasenotes.txt new/shorewall-4.5.7.1/releasenotes.txt
--- old/shorewall-4.5.7/releasenotes.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/releasenotes.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 7
+ S H O R E W A L L 4 . 5 . 7 . 1
------------------------------------
- A u g u s t 2 1 , 2 0 1 2
+ A u g u s t 2 9 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,30 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.5.7.1
+
+1) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+ This Shorewall release includes a low-cost workaround.
+
+2) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+3) Previously, the current COMMENT was not being cleared after the
+ blrules file was processed, causing that COMMENT to be used on
+ entries in the rules file. That defect has been corrected.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, the files are now the same.
+
+4.5.7
+
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command 'shorewall enable pppX' could fail with the ip diagnostic
@@ -40,10 +64,10 @@
5) A defect in RHEL 6.3 and derivatives causes 'shorewall show
capabilities' to leave an empty ipset in the configuration. The
- same defect can cause the Shorewall compiler to similarly leave an
- empty ipset behind.
+ same defect can cause the Shorewall compiler to similarly leave
+ behind an empty ipset.
- This Shorewall release has a workaround for this problem.
+ This Shorewall release implements a workaround for the problem.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/shorewall.spec new/shorewall-4.5.7.1/shorewall.spec
--- old/shorewall-4.5.7/shorewall.spec 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/shorewall.spec 2012-08-28 15:51:44.000000000 +0200
@@ -1,6 +1,6 @@
%define name shorewall
%define version 4.5.7
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -122,6 +122,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog
+* Thu Aug 23 2012 Tom Eastep tom@shorewall.net
+- Updated to 4.5.7-1
* Tue Aug 14 2012 Tom Eastep tom@shorewall.net
- Updated to 4.5.7-0base
* Mon Aug 13 2012 Tom Eastep tom@shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/shorewallrc.suse new/shorewall-4.5.7.1/shorewallrc.suse
--- old/shorewall-4.5.7/shorewallrc.suse 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/shorewallrc.suse 2012-08-28 15:51:44.000000000 +0200
@@ -12,7 +12,7 @@
MANDIR=${SHAREDIR}/man/ #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's SysV init script
-INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.suse.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSTEMD= #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.5.7/uninstall.sh new/shorewall-4.5.7.1/uninstall.sh
--- old/shorewall-4.5.7/uninstall.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-4.5.7.1/uninstall.sh 2012-08-28 15:51:43.000000000 +0200
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
++++++ shorewall-core-4.5.7.tar.bz2 -> shorewall-core-4.5.7.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/changelog.txt new/shorewall-core-4.5.7.1/changelog.txt
--- old/shorewall-core-4.5.7/changelog.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/changelog.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,3 +1,23 @@
+Changes in 4.5.7.1
+
+1) Update Release Documents
+
+2) Move routing display closer to IP display in 'dump' output.
+
+3) Unconditionally restore mark in mangle OUTPUT and PREROUTING.
+
+4) Update manpage links in documentation.
+
+5) Correct link in the shorewall[6].conf manpages.
+
+6) Apply SuSE-specific patches from Togan Muftuoglu.
+
+7) FAQ update.
+
+8) Map NOTRACK to 'CT --notrack' of CT Target is available.
+
+9) Clear current comment after processing the blrules file.
+
Changes in 4.5.7 Final
1) Update Release Documents.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/configure new/shorewall-core-4.5.7.1/configure
--- old/shorewall-core-4.5.7/configure 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/configure 2012-08-28 15:51:43.000000000 +0200
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.7
+VERSION=4.5.7.1
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/configure.pl new/shorewall-core-4.5.7.1/configure.pl
--- old/shorewall-core-4.5.7/configure.pl 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/configure.pl 2012-08-28 15:51:43.000000000 +0200
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.7'
+ VERSION => '4.5.7.1'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/install.sh new/shorewall-core-4.5.7.1/install.sh
--- old/shorewall-core-4.5.7/install.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/install.sh 2012-08-28 15:51:43.000000000 +0200
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/known_problems.txt new/shorewall-core-4.5.7.1/known_problems.txt
--- old/shorewall-core-4.5.7/known_problems.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/known_problems.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,2 +1,22 @@
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
+
+2) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+3) Yhe current COMMENT is not being cleared after the blrules file is
+ processed, causing that COMMENT to be used on entries in the rules
+ file.
+3) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+ Workaround: Place an empty COMMENT line at the end of your blrules
+ file.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, that issue has been resolved.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/lib.cli new/shorewall-core-4.5.7.1/lib.cli
--- old/shorewall-core-4.5.7/lib.cli 2012-08-19 15:43:25.000000000 +0200
+++ new/shorewall-core-4.5.7.1/lib.cli 2012-08-27 22:22:05.000000000 +0200
@@ -1216,6 +1216,8 @@
brctl show
fi
+ show_routing
+
if [ $g_family -eq 4 ]; then
heading "Per-IP Counters"
@@ -1252,8 +1254,6 @@
done
fi
- show_routing
-
if [ $g_family -eq 4 ]; then
heading "ARP"
arp -na
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/releasenotes.txt new/shorewall-core-4.5.7.1/releasenotes.txt
--- old/shorewall-core-4.5.7/releasenotes.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/releasenotes.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 7
+ S H O R E W A L L 4 . 5 . 7 . 1
------------------------------------
- A u g u s t 2 1 , 2 0 1 2
+ A u g u s t 2 9 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,30 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.5.7.1
+
+1) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+ This Shorewall release includes a low-cost workaround.
+
+2) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+3) Previously, the current COMMENT was not being cleared after the
+ blrules file was processed, causing that COMMENT to be used on
+ entries in the rules file. That defect has been corrected.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, the files are now the same.
+
+4.5.7
+
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command 'shorewall enable pppX' could fail with the ip diagnostic
@@ -40,10 +64,10 @@
5) A defect in RHEL 6.3 and derivatives causes 'shorewall show
capabilities' to leave an empty ipset in the configuration. The
- same defect can cause the Shorewall compiler to similarly leave an
- empty ipset behind.
+ same defect can cause the Shorewall compiler to similarly leave
+ behind an empty ipset.
- This Shorewall release has a workaround for this problem.
+ This Shorewall release implements a workaround for the problem.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/shorewall-core.spec new/shorewall-core-4.5.7.1/shorewall-core.spec
--- old/shorewall-core-4.5.7/shorewall-core.spec 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/shorewall-core.spec 2012-08-28 15:51:44.000000000 +0200
@@ -1,6 +1,6 @@
%define name shorewall-core
%define version 4.5.7
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -62,6 +62,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt
%changelog
+* Thu Aug 23 2012 Tom Eastep tom@shorewall.net
+- Updated to 4.5.7-1
* Tue Aug 14 2012 Tom Eastep tom@shorewall.net
- Updated to 4.5.7-0base
* Mon Aug 13 2012 Tom Eastep tom@shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/shorewallrc.suse new/shorewall-core-4.5.7.1/shorewallrc.suse
--- old/shorewall-core-4.5.7/shorewallrc.suse 2012-08-19 15:43:25.000000000 +0200
+++ new/shorewall-core-4.5.7.1/shorewallrc.suse 2012-08-27 22:22:05.000000000 +0200
@@ -12,7 +12,7 @@
MANDIR=${SHAREDIR}/man/ #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's SysV init script
-INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.suse.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSTEMD= #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.5.7/uninstall.sh new/shorewall-core-4.5.7.1/uninstall.sh
--- old/shorewall-core-4.5.7/uninstall.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-core-4.5.7.1/uninstall.sh 2012-08-28 15:51:43.000000000 +0200
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
++++++ shorewall-docs-html-4.5.7.tar.bz2 -> shorewall-docs-html-4.5.7.1.tar.bz2 ++++++
++++ 6504 lines of diff (skipped)
++++++ shorewall-init-4.5.7.tar.bz2 -> shorewall-init-4.5.7.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/changelog.txt new/shorewall-init-4.5.7.1/changelog.txt
--- old/shorewall-init-4.5.7/changelog.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/changelog.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,3 +1,23 @@
+Changes in 4.5.7.1
+
+1) Update Release Documents
+
+2) Move routing display closer to IP display in 'dump' output.
+
+3) Unconditionally restore mark in mangle OUTPUT and PREROUTING.
+
+4) Update manpage links in documentation.
+
+5) Correct link in the shorewall[6].conf manpages.
+
+6) Apply SuSE-specific patches from Togan Muftuoglu.
+
+7) FAQ update.
+
+8) Map NOTRACK to 'CT --notrack' of CT Target is available.
+
+9) Clear current comment after processing the blrules file.
+
Changes in 4.5.7 Final
1) Update Release Documents.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/configure new/shorewall-init-4.5.7.1/configure
--- old/shorewall-init-4.5.7/configure 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/configure 2012-08-28 15:51:44.000000000 +0200
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.7
+VERSION=4.5.7.1
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/configure.pl new/shorewall-init-4.5.7.1/configure.pl
--- old/shorewall-init-4.5.7/configure.pl 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/configure.pl 2012-08-28 15:51:44.000000000 +0200
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.7'
+ VERSION => '4.5.7.1'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/init.suse.sh new/shorewall-init-4.5.7.1/init.suse.sh
--- old/shorewall-init-4.5.7/init.suse.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/shorewall-init-4.5.7.1/init.suse.sh 2012-08-27 22:22:05.000000000 +0200
@@ -0,0 +1,115 @@
+#! /bin/bash
+# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+# (c) 2010,2012 - Tom Eastep (teastep@shorewall.net)
+#
+# On most distributions, this file should be called /etc/init.d/shorewall.
+#
+# Complete documentation is available at http://shorewall.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of Version 2 of the GNU General Public License
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+### BEGIN INIT INFO
+# Provides: shorewall-init
+# Required-Start: $local_fs
+# Required-Stop: $local_fs
+# Default-Start: 2 3 5
+# Default-Stop: 0 1 6
+# Short-Description: Initialize the firewall at boot time
+# Description: Place the firewall in a safe state at boot time
+# prior to bringing up the network.
+### END INIT INFO
+
+if [ "$(id -u)" != "0" ]
+then
+ echo "You must be root to start, stop or restart \"Shorewall \"."
+ exit 1
+fi
+
+# check if shorewall-init is configured or not
+if [ -f "/etc/sysconfig/shorewall-init" ]
+then
+ . /etc/sysconfig/shorewall-init
+ if [ -z "$PRODUCTS" ]
+ then
+ exit 0
+ fi
+else
+ exit 0
+fi
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+# Initialize the firewall
+shorewall_start () {
+ local PRODUCT
+ local VARDIR
+
+ echo -n "Initializing \"Shorewall-based firewalls\": "
+ for PRODUCT in $PRODUCTS; do
+ if [ -x ${VARDIR}/firewall ]; then
+ if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
+ ${VARDIR}/firewall stop || echo_notdone
+ fi
+ fi
+ done
+
+ if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
+ ipset -R < "$SAVE_IPSETS"
+ fi
+
+ return 0
+}
+
+# Clear the firewall
+shorewall_stop () {
+ local PRODUCT
+ local VARDIR
+
+ echo -n "Clearing \"Shorewall-based firewalls\": "
+ for PRODUCT in $PRODUCTS; do
+ if [ -x ${VARDIR}/firewall ]; then
+ ${VARDIR}/firewall clear || exit 1
+ fi
+ done
+
+ if [ -n "$SAVE_IPSETS" ]; then
+ mkdir -p $(dirname "$SAVE_IPSETS")
+ if ipset -S > "${SAVE_IPSETS}.tmp"; then
+ grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
+ fi
+ fi
+
+ return 0
+}
+
+case "$1" in
+ start)
+ shorewall_start
+ ;;
+ stop)
+ shorewall_stop
+ ;;
+ *)
+ echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+ exit 1
+esac
+
+exit 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/install.sh new/shorewall-init-4.5.7.1/install.sh
--- old/shorewall-init-4.5.7/install.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/install.sh 2012-08-28 15:51:44.000000000 +0200
@@ -23,7 +23,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/releasenotes.txt new/shorewall-init-4.5.7.1/releasenotes.txt
--- old/shorewall-init-4.5.7/releasenotes.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/releasenotes.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 7
+ S H O R E W A L L 4 . 5 . 7 . 1
------------------------------------
- A u g u s t 2 1 , 2 0 1 2
+ A u g u s t 2 9 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,30 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.5.7.1
+
+1) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+ This Shorewall release includes a low-cost workaround.
+
+2) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+3) Previously, the current COMMENT was not being cleared after the
+ blrules file was processed, causing that COMMENT to be used on
+ entries in the rules file. That defect has been corrected.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, the files are now the same.
+
+4.5.7
+
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command 'shorewall enable pppX' could fail with the ip diagnostic
@@ -40,10 +64,10 @@
5) A defect in RHEL 6.3 and derivatives causes 'shorewall show
capabilities' to leave an empty ipset in the configuration. The
- same defect can cause the Shorewall compiler to similarly leave an
- empty ipset behind.
+ same defect can cause the Shorewall compiler to similarly leave
+ behind an empty ipset.
- This Shorewall release has a workaround for this problem.
+ This Shorewall release implements a workaround for the problem.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/shorewall-init.spec new/shorewall-init-4.5.7.1/shorewall-init.spec
--- old/shorewall-init-4.5.7/shorewall-init.spec 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/shorewall-init.spec 2012-08-28 15:51:44.000000000 +0200
@@ -1,6 +1,6 @@
%define name shorewall-init
%define version 4.5.7
-%define release 0base
+%define release 1
Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
Name: %{name}
@@ -125,6 +125,8 @@
%doc COPYING changelog.txt releasenotes.txt
%changelog
+* Thu Aug 23 2012 Tom Eastep tom@shorewall.net
+- Updated to 4.5.7-1
* Tue Aug 14 2012 Tom Eastep tom@shorewall.net
- Updated to 4.5.7-0base
* Mon Aug 13 2012 Tom Eastep tom@shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/shorewallrc.suse new/shorewall-init-4.5.7.1/shorewallrc.suse
--- old/shorewall-init-4.5.7/shorewallrc.suse 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/shorewallrc.suse 2012-08-28 15:51:44.000000000 +0200
@@ -12,7 +12,7 @@
MANDIR=${SHAREDIR}/man/ #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's SysV init script
-INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.suse.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSTEMD= #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.5.7/uninstall.sh new/shorewall-init-4.5.7.1/uninstall.sh
--- old/shorewall-init-4.5.7/uninstall.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-init-4.5.7.1/uninstall.sh 2012-08-28 15:51:44.000000000 +0200
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
++++++ shorewall-lite-4.5.7.tar.bz2 -> shorewall-lite-4.5.7.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/changelog.txt new/shorewall-lite-4.5.7.1/changelog.txt
--- old/shorewall-lite-4.5.7/changelog.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/changelog.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,3 +1,23 @@
+Changes in 4.5.7.1
+
+1) Update Release Documents
+
+2) Move routing display closer to IP display in 'dump' output.
+
+3) Unconditionally restore mark in mangle OUTPUT and PREROUTING.
+
+4) Update manpage links in documentation.
+
+5) Correct link in the shorewall[6].conf manpages.
+
+6) Apply SuSE-specific patches from Togan Muftuoglu.
+
+7) FAQ update.
+
+8) Map NOTRACK to 'CT --notrack' of CT Target is available.
+
+9) Clear current comment after processing the blrules file.
+
Changes in 4.5.7 Final
1) Update Release Documents.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/configure new/shorewall-lite-4.5.7.1/configure
--- old/shorewall-lite-4.5.7/configure 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/configure 2012-08-28 15:51:44.000000000 +0200
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=4.5.7
+VERSION=4.5.7.1
case "$BASH_VERSION" in
[4-9].*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/configure.pl new/shorewall-lite-4.5.7.1/configure.pl
--- old/shorewall-lite-4.5.7/configure.pl 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/configure.pl 2012-08-28 15:51:44.000000000 +0200
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '4.5.7'
+ VERSION => '4.5.7.1'
};
my %params;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/init.suse.sh new/shorewall-lite-4.5.7.1/init.suse.sh
--- old/shorewall-lite-4.5.7/init.suse.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/shorewall-lite-4.5.7.1/init.suse.sh 2012-08-27 22:22:05.000000000 +0200
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
+#
+# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
+#
+# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007,2012 - Tom Eastep (teastep@shorewall.net)
+#
+# On most distributions, this file should be called /etc/init.d/shorewall.
+#
+# Complete documentation is available at http://shorewall.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of Version 2 of the GNU General Public License
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# If an error occurs while starting or restarting the firewall, the
+# firewall is automatically stopped.
+#
+# Commands are:
+#
+# shorewall start Starts the firewall
+# shorewall restart Restarts the firewall
+# shorewall reload Reload the firewall
+# (same as restart)
+# shorewall stop Stops the firewall
+# shorewall status Displays firewall status
+#
+
+
+### BEGIN INIT INFO
+# Provides: shorewall-lite
+# Required-Start: $network $remote_fs
+# Required-Stop:
+# Default-Start: 2 3 5
+# Default-Stop: 0 1 6
+# Description: starts and stops the shorewall firewall
+# Short-Description: Packet filtering firewall
+### END INIT INFO
+
+################################################################################
+# Give Usage Information #
+################################################################################
+usage() {
+ echo "Usage: $0 start|stop|reload|restart|status"
+ exit 1
+}
+
+################################################################################
+# Get startup options (override default)
+################################################################################
+OPTIONS=
+
+#
+# The installer may alter this
+#
+. /usr/share/shorewall/shorewallrc
+
+if [ -f ${SYSCONFDIR}/shorewall-lite ]; then
+ . ${SYSCONFDIR}/shorewall-lite
+fi
+
+SHOREWALL_INIT_SCRIPT=1
+
+################################################################################
+# E X E C U T I O N B E G I N S H E R E #
+################################################################################
+command="$1"
+
+case "$command" in
+ start)
+ exec ${SBINDIR}/shorewall-lite $OPTIONS start $STARTOPTIONS
+ ;;
+ restart|reload)
+ exec ${SBINDIR}/shorewall-lite $OPTIONS restart $RESTARTOPTIONS
+ ;;
+ status|stop)
+ exec ${SBINDIR}/shorewall-lite $OPTIONS $command $@
+ ;;
+ *)
+ usage
+ ;;
+esac
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/install.sh new/shorewall-lite-4.5.7.1/install.sh
--- old/shorewall-lite-4.5.7/install.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/install.sh 2012-08-28 15:51:44.000000000 +0200
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
@@ -253,7 +253,10 @@
archlinux)
echo "Installing ArchLinux-specific configuration..."
;;
- linux|suse)
+ suse)
+ echo "Installing Suse-specific configuration..."
+ ;;
+ linux)
;;
*)
echo "ERROR: Unknown HOST \"$HOST\"" >&2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/manpages/shorewall-lite-vardir.5 new/shorewall-lite-4.5.7.1/manpages/shorewall-lite-vardir.5
--- old/shorewall-lite-4.5.7/manpages/shorewall-lite-vardir.5 2012-08-19 17:47:01.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/manpages/shorewall-lite-vardir.5 2012-08-28 15:57:14.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite-vardir
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE\-VAR" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE\-VAR" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/manpages/shorewall-lite.8 new/shorewall-lite-4.5.7.1/manpages/shorewall-lite.8
--- old/shorewall-lite-4.5.7/manpages/shorewall-lite.8 2012-08-19 17:47:03.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/manpages/shorewall-lite.8 2012-08-28 15:57:16.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE" "8" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE" "8" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/manpages/shorewall-lite.conf.5 new/shorewall-lite-4.5.7.1/manpages/shorewall-lite.conf.5
--- old/shorewall-lite-4.5.7/manpages/shorewall-lite.conf.5 2012-08-19 17:46:59.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/manpages/shorewall-lite.conf.5 2012-08-28 15:57:11.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: shorewall-lite.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/
-.\" Date: 08/19/2012
+.\" Date: 08/28/2012
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "SHOREWALL\-LITE\&.CO" "5" "08/19/2012" "[FIXME: source]" "[FIXME: manual]"
+.TH "SHOREWALL\-LITE\&.CO" "5" "08/28/2012" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/releasenotes.txt new/shorewall-lite-4.5.7.1/releasenotes.txt
--- old/shorewall-lite-4.5.7/releasenotes.txt 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/releasenotes.txt 2012-08-28 15:51:44.000000000 +0200
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 5 . 7
+ S H O R E W A L L 4 . 5 . 7 . 1
------------------------------------
- A u g u s t 2 1 , 2 0 1 2
+ A u g u s t 2 9 , 2 0 1 2
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -15,6 +15,30 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.5.7.1
+
+1) When using IPSEC in a multi-ISP configuration, it is possible for
+ the kernel to mis-route ESP packets. To date, this problem has only
+ been observed on a system running a 3.5 kernel where traffic is
+ being tunneled through GRE which is in turn being tunneled via
+ IPSEC.
+
+ This Shorewall release includes a low-cost workaround.
+
+2) The Netfilter team have announced their intention to remove the
+ NOTRACK target in favor of 'CT --notrack'. Shorewall will now map
+ NOTRACK to 'CT --notrack' if the CT Target is available.
+
+3) Previously, the current COMMENT was not being cleared after the
+ blrules file was processed, causing that COMMENT to be used on
+ entries in the rules file. That defect has been corrected.
+
+4) Previously, the init script installed by the Shorewall installer on
+ SuSE systems were different from those installed by the official
+ SuSE RPMs. Thanks to Togan Muftuoglu, the files are now the same.
+
+4.5.7
+
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command 'shorewall enable pppX' could fail with the ip diagnostic
@@ -40,10 +64,10 @@
5) A defect in RHEL 6.3 and derivatives causes 'shorewall show
capabilities' to leave an empty ipset in the configuration. The
- same defect can cause the Shorewall compiler to similarly leave an
- empty ipset behind.
+ same defect can cause the Shorewall compiler to similarly leave
+ behind an empty ipset.
- This Shorewall release has a workaround for this problem.
+ This Shorewall release implements a workaround for the problem.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/shorewall-lite.spec new/shorewall-lite-4.5.7.1/shorewall-lite.spec
--- old/shorewall-lite-4.5.7/shorewall-lite.spec 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/shorewall-lite.spec 2012-08-28 15:51:44.000000000 +0200
@@ -1,6 +1,6 @@
%define name shorewall-lite
%define version 4.5.7
-%define release 0base
+%define release 1
%define initdir /etc/init.d
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
@@ -105,6 +105,8 @@
%doc COPYING changelog.txt releasenotes.txt
%changelog
+* Thu Aug 23 2012 Tom Eastep tom@shorewall.net
+- Updated to 4.5.7-1
* Tue Aug 14 2012 Tom Eastep tom@shorewall.net
- Updated to 4.5.7-0base
* Mon Aug 13 2012 Tom Eastep tom@shorewall.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/shorewallrc.suse new/shorewall-lite-4.5.7.1/shorewallrc.suse
--- old/shorewall-lite-4.5.7/shorewallrc.suse 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/shorewallrc.suse 2012-08-28 15:51:44.000000000 +0200
@@ -12,7 +12,7 @@
MANDIR=${SHAREDIR}/man/ #Directory where manpages are installed.
INITDIR=/etc/init.d #Directory where SysV init scripts are installed.
INITFILE=$PRODUCT #Name of the product's SysV init script
-INITSOURCE=init.sh #Name of the distributed file to be installed as the SysV init script
+INITSOURCE=init.suse.sh #Name of the distributed file to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated configuration files are installed
SYSTEMD= #Directory where .service files are installed (systems running systemd only)
SYSCONFFILE= #Name of the distributed file to be installed in $SYSCONFDIR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.5.7/uninstall.sh new/shorewall-lite-4.5.7.1/uninstall.sh
--- old/shorewall-lite-4.5.7/uninstall.sh 2012-08-19 17:41:35.000000000 +0200
+++ new/shorewall-lite-4.5.7.1/uninstall.sh 2012-08-28 15:51:44.000000000 +0200
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.5.7
+VERSION=4.5.7.1
usage() # $1 = exit status
{
++++++ shorewall-4.5.7.tar.bz2 -> shorewall6-4.5.7.1.tar.bz2 ++++++
++++ 103171 lines of diff (skipped)
++++++ shorewall-lite-4.5.7.tar.bz2 -> shorewall6-lite-4.5.7.1.tar.bz2 ++++++
++++ 6865 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org