Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at 2014-06-04 18:39:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shorewall (Old) and /work/SRC/openSUSE:Factory/.shorewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "shorewall" Changes: -------- --- /work/SRC/openSUSE:Factory/shorewall/shorewall.changes 2014-05-27 18:31:24.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.shorewall.new/shorewall.changes 2014-06-04 18:39:17.000000000 +0200 @@ -1,0 +2,10 @@ +Mon Jun 2 07:19:16 UTC 2014 - toganm@opensuse.org + +- Update to version 4.6.0.3 For more details see changelog.txt and + releasenotes.txt + * 1:1 NAT is now enabled in IPv6. + * subtle interaction between NAT and sub-zones is explained in + shorewall-nat. + * The 'show filters' command now works with Simple TC. + +------------------------------------------------------------------- Old: ---- shorewall-4.6.0.2.tar.bz2 shorewall-core-4.6.0.2.tar.bz2 shorewall-docs-html-4.6.0.2.tar.bz2 shorewall-init-4.6.0.2.tar.bz2 shorewall-lite-4.6.0.2.tar.bz2 shorewall6-4.6.0.2.tar.bz2 shorewall6-lite-4.6.0.2.tar.bz2 New: ---- shorewall-4.6.0.3.tar.bz2 shorewall-core-4.6.0.3.tar.bz2 shorewall-docs-html-4.6.0.3.tar.bz2 shorewall-init-4.6.0.3.tar.bz2 shorewall-lite-4.6.0.3.tar.bz2 shorewall6-4.6.0.3.tar.bz2 shorewall6-lite-4.6.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ --- /var/tmp/diff_new_pack.mCKPR2/_old 2014-06-04 18:39:19.000000000 +0200 +++ /var/tmp/diff_new_pack.mCKPR2/_new 2014-06-04 18:39:19.000000000 +0200 @@ -20,7 +20,7 @@ %define have_systemd 1 Name: shorewall -Version: 4.6.0.2 +Version: 4.6.0.3 Release: 0 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems License: GPL-2.0 ++++++ shorewall-4.6.0.2.tar.bz2 -> shorewall-4.6.0.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/Perl/Shorewall/Compiler.pm new/shorewall-4.6.0.3/Perl/Shorewall/Compiler.pm --- old/shorewall-4.6.0.2/Perl/Shorewall/Compiler.pm 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/Perl/Shorewall/Compiler.pm 2014-05-29 22:44:49.000000000 +0200 @@ -819,7 +819,7 @@ # # Setup Nat # - setup_nat if $family == F_IPV4; + setup_nat; # # Setup NETMAP # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/Perl/Shorewall/Config.pm new/shorewall-4.6.0.3/Perl/Shorewall/Config.pm --- old/shorewall-4.6.0.2/Perl/Shorewall/Config.pm 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/Perl/Shorewall/Config.pm 2014-05-29 22:44:49.000000000 +0200 @@ -709,7 +709,7 @@ TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => "4.6.0.2", + VERSION => "4.6.0.3", CAPVERSION => 40600 , ); # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/changelog.txt new/shorewall-4.6.0.3/changelog.txt --- old/shorewall-4.6.0.2/changelog.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/changelog.txt 2014-05-29 22:44:49.000000000 +0200 @@ -1,3 +1,11 @@ +Changes in 4.6.0.3 + +1) Update release documents. + +2) Fix RHEL7 installation of Shorewall-init. + +3) Merge content from 4.5.21.10 + Changes in 4.6.0.2 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/configfiles/nat.annotated new/shorewall-4.6.0.3/configfiles/nat.annotated --- old/shorewall-4.6.0.2/configfiles/nat.annotated 2014-05-23 18:32:56.000000000 +0200 +++ new/shorewall-4.6.0.3/configfiles/nat.annotated 2014-05-29 22:46:06.000000000 +0200 @@ -69,6 +69,66 @@ # # If Yes or yes, NAT will be effective from the firewall system # +# RESTRICTIONS +# +# DNAT rules always preempt one-to-one NAT rules. This has subtile consequences +# when there are sub-zones on an interface. Consider the following: +# +# /etc/shorewall/zones: +# +# #ZONE TYPE OPTIONS IN OUT +# # OPTIONS OPTIONS +# fw firewall +# net ipv4 +# loc ipv4 +# smc:net ipv4 +# +# /etc/shorewall/interfaces: +# +# #ZONE INTERFACE OPTIONS +# net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 +# loc eth1 tcpflags,nosmurfs,routefilter,logmartians +# +# /etc/shorewall/hosts: +# +# #ZONE HOST(S) OPTIONS +# smc eth0:10.1.10.0/24 +# +# /etc/shorewall/nat: +# +# #EXTERNAL INTERFACE INTERNAL ALL LOCAL +# # INTERFACES +# 10.1.10.100 eth0 172.20.1.100 +# +# Note that the EXTERNAL address is in the smc zone. +# +# /etc/shorewall/rules: +# +# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER +# # PORT PORT(S) DEST LIMIT GROUP +# ?SECTION ALL +# ?SECTION ESTABLISHED +# ?SECTION RELATED +# ?SECTION INVALID +# ?SECTION UNTRACKED +# ?SECTION NEW +# ... +# DNAT net loc:172.20.1.4 tcp 80 +# +# For the one-to-one NAT to work correctly in this configuration, one of two +# approaches can be taken: +# +# 1. Define a CONTINUE policy with smc as the SOURCE zone (preferred): +# +# #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST +# smc $FW CONTINUE +# loc net ACCEPT +# net all DROP info +# # THE FOLLOWING POLICY MUST BE LAST +# all all REJECT info +# +# 2. Set IMPLICIT_CONTINUE=Yes in shorewall.conf(5). +# ############################################################################### #EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/configure new/shorewall-4.6.0.3/configure --- old/shorewall-4.6.0.2/configure 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/configure 2014-05-29 22:44:49.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0.2 +VERSION=4.6.0.3 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/configure.pl new/shorewall-4.6.0.3/configure.pl --- old/shorewall-4.6.0.2/configure.pl 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/configure.pl 2014-05-29 22:44:49.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0.2' + VERSION => '4.6.0.3' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/install.sh new/shorewall-4.6.0.3/install.sh --- old/shorewall-4.6.0.2/install.sh 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/install.sh 2014-05-29 22:44:49.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.0.2 +VERSION=4.6.0.3 # # Change to the directory containing this script diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/known_problems.txt new/shorewall-4.6.0.3/known_problems.txt --- old/shorewall-4.6.0.2/known_problems.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/known_problems.txt 2014-05-29 22:44:49.000000000 +0200 @@ -26,6 +26,29 @@ Workaround: Replace '?FORMAT 2' by 'FORMAT 2'. + Corrected in 4.6.0.2 +5) The 'shorewall[6] show filters' command does not display ingress + (policing) filters. - + Corrected in 4.6.0.2 + +6) The tarball installer fails on RHEL7 with + + ERROR: Unknown BUILD environment (rhel) + + Workaround: + + BUILD=redhat ./install.sh + + Corrected in 4.6.0.3. + +7) The /etc/shorewall6/nat file is ignored by the compiler, even if + IPv6 NAT is supported by the kernel and ip6tables. + + Corrected in 4.6.0.3. + +8) The 'show filters' command shows no output when Simple TC is used + and shows incomplete output when Complex TC is used. + + Corrected in 4.6.0.3. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-accounting.5 new/shorewall-4.6.0.3/manpages/shorewall-accounting.5 --- old/shorewall-4.6.0.2/manpages/shorewall-accounting.5 2014-05-23 18:31:45.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-accounting.5 2014-05-29 22:44:54.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-accounting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACCOUNTIN" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACCOUNTIN" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-actions.5 new/shorewall-4.6.0.3/manpages/shorewall-actions.5 --- old/shorewall-4.6.0.2/manpages/shorewall-actions.5 2014-05-23 18:31:46.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-actions.5 2014-05-29 22:44:56.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-actions .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACTIONS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACTIONS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-arprules.5 new/shorewall-4.6.0.3/manpages/shorewall-arprules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-arprules.5 2014-05-23 18:31:47.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-arprules.5 2014-05-29 22:44:57.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-arprules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ARPRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ARPRULES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-blacklist.5 new/shorewall-4.6.0.3/manpages/shorewall-blacklist.5 --- old/shorewall-4.6.0.2/manpages/shorewall-blacklist.5 2014-05-23 18:31:49.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-blacklist.5 2014-05-29 22:44:58.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-blacklist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLACKLIST" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLACKLIST" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-blrules.5 new/shorewall-4.6.0.3/manpages/shorewall-blrules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-blrules.5 2014-05-23 18:31:50.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-blrules.5 2014-05-29 22:45:00.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-blrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLRULES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-conntrack.5 new/shorewall-4.6.0.3/manpages/shorewall-conntrack.5 --- old/shorewall-4.6.0.2/manpages/shorewall-conntrack.5 2014-05-23 18:31:57.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-conntrack.5 2014-05-29 22:45:06.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall6-conntrack .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL6\-CONNTRAC" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL6\-CONNTRAC" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-ecn.5 new/shorewall-4.6.0.3/manpages/shorewall-ecn.5 --- old/shorewall-4.6.0.2/manpages/shorewall-ecn.5 2014-05-23 18:31:58.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-ecn.5 2014-05-29 22:45:08.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-ecn .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ECN" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ECN" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-exclusion.5 new/shorewall-4.6.0.3/manpages/shorewall-exclusion.5 --- old/shorewall-4.6.0.2/manpages/shorewall-exclusion.5 2014-05-23 18:31:59.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-exclusion.5 2014-05-29 22:45:09.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-exclusion .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-EXCLUSION" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-EXCLUSION" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-hosts.5 new/shorewall-4.6.0.3/manpages/shorewall-hosts.5 --- old/shorewall-4.6.0.2/manpages/shorewall-hosts.5 2014-05-23 18:32:01.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-hosts.5 2014-05-29 22:45:10.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-hosts .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-HOSTS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-HOSTS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-init.8 new/shorewall-4.6.0.3/manpages/shorewall-init.8 --- old/shorewall-4.6.0.2/manpages/shorewall-init.8 2014-05-23 18:32:02.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-init.8 2014-05-29 22:45:12.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-init .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-INIT" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-INIT" "8" "05/29/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-interfaces.5 new/shorewall-4.6.0.3/manpages/shorewall-interfaces.5 --- old/shorewall-4.6.0.2/manpages/shorewall-interfaces.5 2014-05-23 18:32:04.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-interfaces.5 2014-05-29 22:45:13.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-interfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-INTERFACE" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-INTERFACE" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-ipsets.5 new/shorewall-4.6.0.3/manpages/shorewall-ipsets.5 --- old/shorewall-4.6.0.2/manpages/shorewall-ipsets.5 2014-05-23 18:32:05.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-ipsets.5 2014-05-29 22:45:15.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-ipsets .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-IPSETS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-IPSETS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-maclist.5 new/shorewall-4.6.0.3/manpages/shorewall-maclist.5 --- old/shorewall-4.6.0.2/manpages/shorewall-maclist.5 2014-05-23 18:32:07.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-maclist.5 2014-05-29 22:45:16.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-maclist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MACLIST" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MACLIST" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-mangle.5 new/shorewall-4.6.0.3/manpages/shorewall-mangle.5 --- old/shorewall-4.6.0.2/manpages/shorewall-mangle.5 2014-05-23 18:32:08.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-mangle.5 2014-05-29 22:45:18.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MANGLE" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-masq.5 new/shorewall-4.6.0.3/manpages/shorewall-masq.5 --- old/shorewall-4.6.0.2/manpages/shorewall-masq.5 2014-05-23 18:32:10.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-masq.5 2014-05-29 22:45:19.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-masq .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MASQ" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MASQ" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-modules.5 new/shorewall-4.6.0.3/manpages/shorewall-modules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-modules.5 2014-05-23 18:32:11.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-modules.5 2014-05-29 22:45:21.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-modules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MODULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MODULES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-nat.5 new/shorewall-4.6.0.3/manpages/shorewall-nat.5 --- old/shorewall-4.6.0.2/manpages/shorewall-nat.5 2014-05-23 18:32:13.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-nat.5 2014-05-29 22:45:22.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-nat .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NAT" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NAT" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -119,14 +119,143 @@ or \fByes\fR, NAT will be effective from the firewall system .RE +.SH "RESTRICTIONS" +.PP +DNAT rules always preempt one\-to\-one NAT rules\&. This has subtile consequences when there are sub\-zones on an +\fIinterface\fR\&. Consider the following: +.PP +/etc/shorewall/zones: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#ZONE TYPE OPTIONS IN OUT +# OPTIONS OPTIONS +fw firewall +net ipv4 +loc ipv4 +smc:net ipv4 +.fi +.if n \{\ +.RE +.\} +.PP +/etc/shorewall/interfaces: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#ZONE INTERFACE OPTIONS +net eth0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 +loc eth1 tcpflags,nosmurfs,routefilter,logmartians +.fi +.if n \{\ +.RE +.\} +.PP +/etc/shorewall/hosts: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#ZONE HOST(S) OPTIONS +smc eth0:10\&.1\&.10\&.0/24 +.fi +.if n \{\ +.RE +.\} +.PP +/etc/shorewall/nat: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#EXTERNAL INTERFACE INTERNAL ALL LOCAL +# INTERFACES +10\&.1\&.10\&.100 eth0 172\&.20\&.1\&.100 +.fi +.if n \{\ +.RE +.\} +.PP +Note that the EXTERNAL address is in the +\fBsmc\fR +zone\&. +.PP +/etc/shorewall/rules: +.sp +.if n \{\ +.RS 4 +.\} +.nf +#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER +# PORT PORT(S) DEST LIMIT GROUP +?SECTION ALL +?SECTION ESTABLISHED +?SECTION RELATED +?SECTION INVALID +?SECTION UNTRACKED +?SECTION NEW +\&.\&.\&. +DNAT net loc:172\&.20\&.1\&.4 tcp 80 +.fi +.if n \{\ +.RE +.\} +.PP +For the one\-to\-one NAT to work correctly in this configuration, one of two approaches can be taken: +.sp +.RS 4 +.ie n \{\ +\h'-04' 1.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 1." 4.2 +.\} +Define a CONTINUE policy with +\fBsmc\fR +as the SOURCE zone (preferred): +.sp +.if n \{\ +.RS 4 +.\} +.nf +#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST +\fBsmc $FW CONTINUE\fR +loc net ACCEPT +net all DROP info +# THE FOLLOWING POLICY MUST BE LAST +all all REJECT info +.fi +.if n \{\ +.RE +.\} +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 2.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 2." 4.2 +.\} +Set IMPLICIT_CONTINUE=Yes in +\m[blue]\fBshorewall\&.conf(5)\fR\m[]\&\s-2\u[5]\d\s+2\&. +.RE .SH "FILES" .PP /etc/shorewall/nat .SH "SEE ALSO" .PP -\m[blue]\fBhttp://www\&.shorewall\&.net/NAT\&.htm\fR\m[]\&\s-2\u[5]\d\s+2 +\m[blue]\fBhttp://www\&.shorewall\&.net/NAT\&.htm\fR\m[]\&\s-2\u[6]\d\s+2 .PP -\m[blue]\fBhttp://www\&.shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]\&\s-2\u[6]\d\s+2 +\m[blue]\fBhttp://www\&.shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]\&\s-2\u[7]\d\s+2 .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-maclist(5), shorewall\-masq(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-mangle(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" @@ -151,11 +280,16 @@ \%http://www.shorewall.net/manpages/shorewall-interfaces.html .RE .IP " 5." 4 +shorewall.conf(5) +.RS 4 +\%http://www.shorewall.netmanpages/shorewall.conf.html +.RE +.IP " 6." 4 http://www.shorewall.net/NAT.htm .RS 4 \%http://www.shorewall.net/NAT.htm .RE -.IP " 6." 4 +.IP " 7." 4 http://www.shorewall.net/configuration_file_basics.htm#Pairs .RS 4 \%http://www.shorewall.net/configuration_file_basics.htm#Pairs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-nesting.5 new/shorewall-4.6.0.3/manpages/shorewall-nesting.5 --- old/shorewall-4.6.0.2/manpages/shorewall-nesting.5 2014-05-23 18:32:14.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-nesting.5 2014-05-29 22:45:24.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-nesting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NESTING" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NESTING" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-netmap.5 new/shorewall-4.6.0.3/manpages/shorewall-netmap.5 --- old/shorewall-4.6.0.2/manpages/shorewall-netmap.5 2014-05-23 18:32:15.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-netmap.5 2014-05-29 22:45:25.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-netmap .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NETMAP" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NETMAP" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-params.5 new/shorewall-4.6.0.3/manpages/shorewall-params.5 --- old/shorewall-4.6.0.2/manpages/shorewall-params.5 2014-05-23 18:32:17.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-params.5 2014-05-29 22:45:26.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-params .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PARAMS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PARAMS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-policy.5 new/shorewall-4.6.0.3/manpages/shorewall-policy.5 --- old/shorewall-4.6.0.2/manpages/shorewall-policy.5 2014-05-23 18:32:18.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-policy.5 2014-05-29 22:45:28.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-policy .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-POLICY" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-POLICY" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-providers.5 new/shorewall-4.6.0.3/manpages/shorewall-providers.5 --- old/shorewall-4.6.0.2/manpages/shorewall-providers.5 2014-05-23 18:32:20.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-providers.5 2014-05-29 22:45:29.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-providers .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROVIDERS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROVIDERS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-proxyarp.5 new/shorewall-4.6.0.3/manpages/shorewall-proxyarp.5 --- old/shorewall-4.6.0.2/manpages/shorewall-proxyarp.5 2014-05-23 18:32:21.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-proxyarp.5 2014-05-29 22:45:31.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-proxyarp .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROXYARP" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROXYARP" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-routes.5 new/shorewall-4.6.0.3/manpages/shorewall-routes.5 --- old/shorewall-4.6.0.2/manpages/shorewall-routes.5 2014-05-23 18:32:24.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-routes.5 2014-05-29 22:45:33.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-routes .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-routestopped.5 new/shorewall-4.6.0.3/manpages/shorewall-routestopped.5 --- old/shorewall-4.6.0.2/manpages/shorewall-routestopped.5 2014-05-23 18:32:22.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-routestopped.5 2014-05-29 22:45:32.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-routestopped .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTESTOP" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTESTOP" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-rtrules.5 new/shorewall-4.6.0.3/manpages/shorewall-rtrules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-rtrules.5 2014-05-23 18:32:25.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-rtrules.5 2014-05-29 22:45:35.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-rtrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RTRULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RTRULES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-rules.5 new/shorewall-4.6.0.3/manpages/shorewall-rules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-rules.5 2014-05-23 18:32:28.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-rules.5 2014-05-29 22:45:37.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-rules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RULES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RULES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-secmarks.5 new/shorewall-4.6.0.3/manpages/shorewall-secmarks.5 --- old/shorewall-4.6.0.2/manpages/shorewall-secmarks.5 2014-05-23 18:32:29.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-secmarks.5 2014-05-29 22:45:39.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-secmarks .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-SECMARKS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-SECMARKS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-stoppedrules.5 new/shorewall-4.6.0.3/manpages/shorewall-stoppedrules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-stoppedrules.5 2014-05-23 18:32:30.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-stoppedrules.5 2014-05-29 22:45:40.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-stoppedrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-STOPPEDRU" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-STOPPEDRU" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcclasses.5 new/shorewall-4.6.0.3/manpages/shorewall-tcclasses.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcclasses.5 2014-05-23 18:32:32.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcclasses.5 2014-05-29 22:45:42.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcclasses .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCCLASSES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCCLASSES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcdevices.5 new/shorewall-4.6.0.3/manpages/shorewall-tcdevices.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcdevices.5 2014-05-23 18:32:33.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcdevices.5 2014-05-29 22:45:43.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcdevices .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCDEVICES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCDEVICES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcfilters.5 new/shorewall-4.6.0.3/manpages/shorewall-tcfilters.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcfilters.5 2014-05-23 18:32:35.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcfilters.5 2014-05-29 22:45:44.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcfilters .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCFILTERS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCFILTERS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcinterfaces.5 new/shorewall-4.6.0.3/manpages/shorewall-tcinterfaces.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcinterfaces.5 2014-05-23 18:32:36.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcinterfaces.5 2014-05-29 22:45:46.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcinterfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCINTERFA" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCINTERFA" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcpri.5 new/shorewall-4.6.0.3/manpages/shorewall-tcpri.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcpri.5 2014-05-23 18:32:37.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcpri.5 2014-05-29 22:45:47.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcpri .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCPRI" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCPRI" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tcrules.5 new/shorewall-4.6.0.3/manpages/shorewall-tcrules.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tcrules.5 2014-05-23 18:32:39.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tcrules.5 2014-05-29 22:45:49.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: [FIXME: manual] .\" Source: [FIXME: source] .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "05/23/2014" "[FIXME: source]" "[FIXME: manual]" +.TH "SHOREWALL\-MANGLE" "5" "05/29/2014" "[FIXME: source]" "[FIXME: manual]" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tos.5 new/shorewall-4.6.0.3/manpages/shorewall-tos.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tos.5 2014-05-23 18:32:41.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tos.5 2014-05-29 22:45:50.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tos .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TOS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TOS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-tunnels.5 new/shorewall-4.6.0.3/manpages/shorewall-tunnels.5 --- old/shorewall-4.6.0.2/manpages/shorewall-tunnels.5 2014-05-23 18:32:42.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-tunnels.5 2014-05-29 22:45:52.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-tunnels .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TUNNELS" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TUNNELS" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-vardir.5 new/shorewall-4.6.0.3/manpages/shorewall-vardir.5 --- old/shorewall-4.6.0.2/manpages/shorewall-vardir.5 2014-05-23 18:32:43.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-vardir.5 2014-05-29 22:45:53.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-VARDIR" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-VARDIR" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall-zones.5 new/shorewall-4.6.0.3/manpages/shorewall-zones.5 --- old/shorewall-4.6.0.2/manpages/shorewall-zones.5 2014-05-23 18:32:48.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall-zones.5 2014-05-29 22:45:57.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-zones .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ZONES" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ZONES" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall.8 new/shorewall-4.6.0.3/manpages/shorewall.8 --- old/shorewall-4.6.0.2/manpages/shorewall.8 2014-05-23 18:32:46.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall.8 2014-05-29 22:45:56.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "05/29/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/manpages/shorewall.conf.5 new/shorewall-4.6.0.3/manpages/shorewall.conf.5 --- old/shorewall-4.6.0.2/manpages/shorewall.conf.5 2014-05-23 18:31:55.000000000 +0200 +++ new/shorewall-4.6.0.3/manpages/shorewall.conf.5 2014-05-29 22:45:05.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\&.CONF" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\&.CONF" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/releasenotes.txt new/shorewall-4.6.0.3/releasenotes.txt --- old/shorewall-4.6.0.2/releasenotes.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/releasenotes.txt 2014-05-29 22:44:49.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 . 2 + S H O R E W A L L 4 . 6 . 0 . 3 ------------------------------------ - M a y 2 4 , 2 0 1 4 + M a y 3 1 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,17 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.3 + +1) The Shorewall-init package now installs correctly on RHEL7. + +2) 1:1 NAT is now enabled in IPv6. + +3) A subtle interaction between NAT and sub-zones is explained in + shorewall-nat. + +4) The 'show filters' command now works with Simple TC. + 4.6.0.2 1) The 'upgrade -A' command now converts the tcrules file to a mangle @@ -35,7 +46,7 @@ '(formerly called SUBNET)'. 7) The output of 'shorewall show filters' once again shows ingress - (policing filters). This works around undocumented changes to the + (policing) filters. This works around undocumented changes to the behavior of the 'tc' utility. 4.6.0.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/shorewall.spec new/shorewall-4.6.0.3/shorewall.spec --- old/shorewall-4.6.0.2/shorewall.spec 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/shorewall.spec 2014-05-29 22:44:49.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall %define version 4.6.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -130,6 +130,8 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Fri May 23 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-3 * Fri May 16 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-2 * Fri May 16 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-4.6.0.2/uninstall.sh new/shorewall-4.6.0.3/uninstall.sh --- old/shorewall-4.6.0.2/uninstall.sh 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-4.6.0.3/uninstall.sh 2014-05-29 22:44:49.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { ++++++ shorewall-core-4.6.0.2.tar.bz2 -> shorewall-core-4.6.0.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/changelog.txt new/shorewall-core-4.6.0.3/changelog.txt --- old/shorewall-core-4.6.0.2/changelog.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-core-4.6.0.3/changelog.txt 2014-05-29 22:44:49.000000000 +0200 @@ -1,3 +1,11 @@ +Changes in 4.6.0.3 + +1) Update release documents. + +2) Fix RHEL7 installation of Shorewall-init. + +3) Merge content from 4.5.21.10 + Changes in 4.6.0.2 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/configure new/shorewall-core-4.6.0.3/configure --- old/shorewall-core-4.6.0.2/configure 2014-05-23 18:31:40.000000000 +0200 +++ new/shorewall-core-4.6.0.3/configure 2014-05-29 22:44:48.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0.2 +VERSION=4.6.0.3 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/configure.pl new/shorewall-core-4.6.0.3/configure.pl --- old/shorewall-core-4.6.0.2/configure.pl 2014-05-23 18:31:40.000000000 +0200 +++ new/shorewall-core-4.6.0.3/configure.pl 2014-05-29 22:44:48.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0.2' + VERSION => '4.6.0.3' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/install.sh new/shorewall-core-4.6.0.3/install.sh --- old/shorewall-core-4.6.0.2/install.sh 2014-05-23 18:31:40.000000000 +0200 +++ new/shorewall-core-4.6.0.3/install.sh 2014-05-29 22:44:48.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/known_problems.txt new/shorewall-core-4.6.0.3/known_problems.txt --- old/shorewall-core-4.6.0.2/known_problems.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-core-4.6.0.3/known_problems.txt 2014-05-29 22:44:49.000000000 +0200 @@ -26,6 +26,29 @@ Workaround: Replace '?FORMAT 2' by 'FORMAT 2'. + Corrected in 4.6.0.2 +5) The 'shorewall[6] show filters' command does not display ingress + (policing) filters. - + Corrected in 4.6.0.2 + +6) The tarball installer fails on RHEL7 with + + ERROR: Unknown BUILD environment (rhel) + + Workaround: + + BUILD=redhat ./install.sh + + Corrected in 4.6.0.3. + +7) The /etc/shorewall6/nat file is ignored by the compiler, even if + IPv6 NAT is supported by the kernel and ip6tables. + + Corrected in 4.6.0.3. + +8) The 'show filters' command shows no output when Simple TC is used + and shows incomplete output when Complex TC is used. + + Corrected in 4.6.0.3. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/lib.cli new/shorewall-core-4.6.0.3/lib.cli --- old/shorewall-core-4.6.0.2/lib.cli 2014-05-23 18:26:12.000000000 +0200 +++ new/shorewall-core-4.6.0.3/lib.cli 2014-05-25 21:30:12.000000000 +0200 @@ -253,7 +253,14 @@ if [ -n "$qdisc" ]; then echo Device $device: qt tc -s filter ls root dev $device && tc -s filter ls root dev $device | grep -v '^$' - tc -s filter ls dev $device + tc filter show dev $device + tc class show dev $device | fgrep 'leaf ' | fgrep -v ' hfsc' | sed 's/^.*leaf //;s/ .*//' | while read class; do + if [ -n "$class" ]; then + echo + echo Node $class + tc filter show dev $device parent $class + fi + done echo fi } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/releasenotes.txt new/shorewall-core-4.6.0.3/releasenotes.txt --- old/shorewall-core-4.6.0.2/releasenotes.txt 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-core-4.6.0.3/releasenotes.txt 2014-05-29 22:44:49.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 . 2 + S H O R E W A L L 4 . 6 . 0 . 3 ------------------------------------ - M a y 2 4 , 2 0 1 4 + M a y 3 1 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,17 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.3 + +1) The Shorewall-init package now installs correctly on RHEL7. + +2) 1:1 NAT is now enabled in IPv6. + +3) A subtle interaction between NAT and sub-zones is explained in + shorewall-nat. + +4) The 'show filters' command now works with Simple TC. + 4.6.0.2 1) The 'upgrade -A' command now converts the tcrules file to a mangle @@ -35,7 +46,7 @@ '(formerly called SUBNET)'. 7) The output of 'shorewall show filters' once again shows ingress - (policing filters). This works around undocumented changes to the + (policing) filters. This works around undocumented changes to the behavior of the 'tc' utility. 4.6.0.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/shorewall-core.spec new/shorewall-core-4.6.0.3/shorewall-core.spec --- old/shorewall-core-4.6.0.2/shorewall-core.spec 2014-05-23 18:31:41.000000000 +0200 +++ new/shorewall-core-4.6.0.3/shorewall-core.spec 2014-05-29 22:44:49.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-core %define version 4.6.0 -%define release 2 +%define release 3 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -62,6 +62,8 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt %changelog +* Fri May 23 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-3 * Fri May 16 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-2 * Fri May 16 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-core-4.6.0.2/uninstall.sh new/shorewall-core-4.6.0.3/uninstall.sh --- old/shorewall-core-4.6.0.2/uninstall.sh 2014-05-23 18:31:40.000000000 +0200 +++ new/shorewall-core-4.6.0.3/uninstall.sh 2014-05-29 22:44:48.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { ++++++ shorewall-docs-html-4.6.0.2.tar.bz2 -> shorewall-docs-html-4.6.0.3.tar.bz2 ++++++ ++++ 6801 lines of diff (skipped) ++++++ shorewall-init-4.6.0.2.tar.bz2 -> shorewall-init-4.6.0.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/changelog.txt new/shorewall-init-4.6.0.3/changelog.txt --- old/shorewall-init-4.6.0.2/changelog.txt 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/changelog.txt 2014-05-29 22:44:50.000000000 +0200 @@ -1,3 +1,11 @@ +Changes in 4.6.0.3 + +1) Update release documents. + +2) Fix RHEL7 installation of Shorewall-init. + +3) Merge content from 4.5.21.10 + Changes in 4.6.0.2 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/configure new/shorewall-init-4.6.0.3/configure --- old/shorewall-init-4.6.0.2/configure 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/configure 2014-05-29 22:44:50.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0.2 +VERSION=4.6.0.3 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/configure.pl new/shorewall-init-4.6.0.3/configure.pl --- old/shorewall-init-4.6.0.2/configure.pl 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/configure.pl 2014-05-29 22:44:50.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0.2' + VERSION => '4.6.0.3' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/install.sh new/shorewall-init-4.6.0.3/install.sh --- old/shorewall-init-4.6.0.2/install.sh 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/install.sh 2014-05-29 22:44:50.000000000 +0200 @@ -27,7 +27,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { @@ -191,7 +191,7 @@ eval $(cat /etc/os-release | grep ^ID=) case $ID in - fedora) + fedora|rhel) BUILD=redhat ;; debian|ubuntu) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/releasenotes.txt new/shorewall-init-4.6.0.3/releasenotes.txt --- old/shorewall-init-4.6.0.2/releasenotes.txt 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/releasenotes.txt 2014-05-29 22:44:50.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 . 2 + S H O R E W A L L 4 . 6 . 0 . 3 ------------------------------------ - M a y 2 4 , 2 0 1 4 + M a y 3 1 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,17 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.3 + +1) The Shorewall-init package now installs correctly on RHEL7. + +2) 1:1 NAT is now enabled in IPv6. + +3) A subtle interaction between NAT and sub-zones is explained in + shorewall-nat. + +4) The 'show filters' command now works with Simple TC. + 4.6.0.2 1) The 'upgrade -A' command now converts the tcrules file to a mangle @@ -35,7 +46,7 @@ '(formerly called SUBNET)'. 7) The output of 'shorewall show filters' once again shows ingress - (policing filters). This works around undocumented changes to the + (policing) filters. This works around undocumented changes to the behavior of the 'tc' utility. 4.6.0.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/shorewall-init.spec new/shorewall-init-4.6.0.3/shorewall-init.spec --- old/shorewall-init-4.6.0.2/shorewall-init.spec 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/shorewall-init.spec 2014-05-29 22:44:50.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.6.0 -%define release 2 +%define release 3 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -125,6 +125,8 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri May 23 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-3 * Fri May 16 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-2 * Fri May 16 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-init-4.6.0.2/uninstall.sh new/shorewall-init-4.6.0.3/uninstall.sh --- old/shorewall-init-4.6.0.2/uninstall.sh 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-init-4.6.0.3/uninstall.sh 2014-05-29 22:44:50.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { ++++++ shorewall-lite-4.6.0.2.tar.bz2 -> shorewall-lite-4.6.0.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/changelog.txt new/shorewall-lite-4.6.0.3/changelog.txt --- old/shorewall-lite-4.6.0.2/changelog.txt 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/changelog.txt 2014-05-29 22:44:50.000000000 +0200 @@ -1,3 +1,11 @@ +Changes in 4.6.0.3 + +1) Update release documents. + +2) Fix RHEL7 installation of Shorewall-init. + +3) Merge content from 4.5.21.10 + Changes in 4.6.0.2 1) Update release documents. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/configure new/shorewall-lite-4.6.0.3/configure --- old/shorewall-lite-4.6.0.2/configure 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/configure 2014-05-29 22:44:50.000000000 +0200 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=4.6.0.2 +VERSION=4.6.0.3 case "$BASH_VERSION" in [4-9].*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/configure.pl new/shorewall-lite-4.6.0.3/configure.pl --- old/shorewall-lite-4.6.0.2/configure.pl 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/configure.pl 2014-05-29 22:44:50.000000000 +0200 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '4.6.0.2' + VERSION => '4.6.0.3' }; my %params; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/install.sh new/shorewall-lite-4.6.0.3/install.sh --- old/shorewall-lite-4.6.0.2/install.sh 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/install.sh 2014-05-29 22:44:50.000000000 +0200 @@ -22,7 +22,7 @@ # along with this program; if not, see http://www.gnu.org/licenses/. # -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/manpages/shorewall-lite-vardir.5 new/shorewall-lite-4.6.0.3/manpages/shorewall-lite-vardir.5 --- old/shorewall-lite-4.6.0.2/manpages/shorewall-lite-vardir.5 2014-05-23 18:34:58.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/manpages/shorewall-lite-vardir.5 2014-05-29 22:48:11.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\-VAR" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\-VAR" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/manpages/shorewall-lite.8 new/shorewall-lite-4.6.0.3/manpages/shorewall-lite.8 --- old/shorewall-lite-4.6.0.2/manpages/shorewall-lite.8 2014-05-23 18:35:00.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/manpages/shorewall-lite.8 2014-05-29 22:48:12.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-LITE" "8" "05/23/2014" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-LITE" "8" "05/29/2014" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/manpages/shorewall-lite.conf.5 new/shorewall-lite-4.6.0.3/manpages/shorewall-lite.conf.5 --- old/shorewall-lite-4.6.0.2/manpages/shorewall-lite.conf.5 2014-05-23 18:34:57.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/manpages/shorewall-lite.conf.5 2014-05-29 22:48:09.000000000 +0200 @@ -2,12 +2,12 @@ .\" Title: shorewall-lite.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\" Date: 05/23/2014 +.\" Date: 05/29/2014 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-LITE\&.CO" "5" "05/23/2014" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-LITE\&.CO" "5" "05/29/2014" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/releasenotes.txt new/shorewall-lite-4.6.0.3/releasenotes.txt --- old/shorewall-lite-4.6.0.2/releasenotes.txt 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/releasenotes.txt 2014-05-29 22:44:50.000000000 +0200 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 6 . 0 . 2 + S H O R E W A L L 4 . 6 . 0 . 3 ------------------------------------ - M a y 2 4 , 2 0 1 4 + M a y 3 1 , 2 0 1 4 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,6 +14,17 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.6.0.3 + +1) The Shorewall-init package now installs correctly on RHEL7. + +2) 1:1 NAT is now enabled in IPv6. + +3) A subtle interaction between NAT and sub-zones is explained in + shorewall-nat. + +4) The 'show filters' command now works with Simple TC. + 4.6.0.2 1) The 'upgrade -A' command now converts the tcrules file to a mangle @@ -35,7 +46,7 @@ '(formerly called SUBNET)'. 7) The output of 'shorewall show filters' once again shows ingress - (policing filters). This works around undocumented changes to the + (policing) filters. This works around undocumented changes to the behavior of the 'tc' utility. 4.6.0.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/shorewall-lite.spec new/shorewall-lite-4.6.0.3/shorewall-lite.spec --- old/shorewall-lite-4.6.0.2/shorewall-lite.spec 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/shorewall-lite.spec 2014-05-29 22:44:50.000000000 +0200 @@ -1,6 +1,6 @@ %define name shorewall-lite %define version 4.6.0 -%define release 2 +%define release 3 %define initdir /etc/init.d Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems. @@ -105,6 +105,8 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Fri May 23 2014 Tom Eastep tom@shorewall.net +- Updated to 4.6.0-3 * Fri May 16 2014 Tom Eastep tom@shorewall.net - Updated to 4.6.0-2 * Fri May 16 2014 Tom Eastep tom@shorewall.net diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/shorewall-lite-4.6.0.2/uninstall.sh new/shorewall-lite-4.6.0.3/uninstall.sh --- old/shorewall-lite-4.6.0.2/uninstall.sh 2014-05-23 18:31:42.000000000 +0200 +++ new/shorewall-lite-4.6.0.3/uninstall.sh 2014-05-29 22:44:50.000000000 +0200 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.6.0.2 +VERSION=4.6.0.3 usage() # $1 = exit status { ++++++ shorewall-4.6.0.2.tar.bz2 -> shorewall6-4.6.0.3.tar.bz2 ++++++ ++++ 124367 lines of diff (skipped) ++++++ shorewall-lite-4.6.0.2.tar.bz2 -> shorewall6-lite-4.6.0.3.tar.bz2 ++++++ ++++ 7282 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org