diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/changelog.txt shorewall-4.4.8.1/changelog.txt --- shorewall-4.4.8/changelog.txt 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/changelog.txt 2010-04-07 14:49:33.000000000 -0700 @@ -1,3 +1,12 @@ +Changes in Shorewall 4.4.8.1 + +1) Correct handling of a logical interface name in the EXTERNAL column + of proxyarp. + +2) Fix find_first_interface_address() error reporting. + +3) Fix propagation of zero-valued config variables. + Changes in Shorewall 4.4.8 1) Correct handling of RATE LIMIT on NAT rules. diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/configfiles/shorewall.conf shorewall-4.4.8.1/configfiles/shorewall.conf --- shorewall-4.4.8/configfiles/shorewall.conf 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/configfiles/shorewall.conf 2010-04-07 14:49:33.000000000 -0700 @@ -1,19 +1,10 @@ ############################################################################### -# /etc/shorewall/shorewall.conf Version 4 - Change the following variables to -# match your setup # -# This program is under GPL -# [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] -# -# This file should be placed in /etc/shorewall -# -# (c) 1999,2000,2001,2002,2003,2004,2005, -# 2006,2007,2008 - Tom Eastep (teastep@shorewall.net) +# Shorewall Version 4 -- /etc/shorewall/shorewall.conf # # For information about the settings in this file, type "man shorewall.conf" # -# Additional information is available at -# http://www.shorewall.net/Documentation.htm#Conf +# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html ############################################################################### # S T A R T U P E N A B L E D ############################################################################### diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/install.sh shorewall-4.4.8.1/install.sh --- shorewall-4.4.8/install.sh 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/install.sh 2010-04-07 14:49:33.000000000 -0700 @@ -22,7 +22,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.8 +VERSION=4.4.8.1 usage() # $1 = exit status { diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/known_problems.txt shorewall-4.4.8.1/known_problems.txt --- shorewall-4.4.8/known_problems.txt 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/known_problems.txt 2010-04-07 14:49:33.000000000 -0700 @@ -1 +1,23 @@ -There are no known problems in Shorewall 4.4.8 +1) Logical interface names in the EXTERNAL column of + /etc/shorewall/proxyarp were previously not mapped to their + corresponding physical interface names. This could cause 'start' or + 'restart' to fail. + + Corrected in Shorewall 4.4.8.1 + +2) If find_first_interface_address() cannot determine the address of + the passed interface, the following message is issued and the + process continues: + + /usr/share/shorewall/lib.common: line 438: + startup_error: command not found + + Corrected in Shorewall 4.4.8.1 + +3) If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script + is executed, messages such as the following will be issued: + + /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator + expected + + Corrected in Shorewall 4.4.8.1 diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Config.pm shorewall-4.4.8.1/Perl/Shorewall/Config.pm --- shorewall-4.4.8/Perl/Shorewall/Config.pm 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/Perl/Shorewall/Config.pm 2010-04-07 14:49:33.000000000 -0700 @@ -338,7 +338,7 @@ TC_SCRIPT => '', EXPORT => 0, UNTRACKED => 0, - VERSION => "4.4.8", + VERSION => "4.4.8.1", CAPVERSION => 40408 , ); @@ -3050,7 +3050,8 @@ # sub propagateconfig() { for my $option ( @propagateconfig ) { - my $value = $config{$option} || ''; + my $value = $config{$option}; + $value = '' unless defined $value; emit "$option=\"$value\""; } } diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm --- shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm 2010-04-07 14:49:33.000000000 -0700 @@ -118,6 +118,7 @@ } $interface = get_physical $interface; + $external = get_physical $external; $set{$interface} = 1; $reset{$external} = 1 unless $set{$external}; diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/releasenotes.txt shorewall-4.4.8.1/releasenotes.txt --- shorewall-4.4.8/releasenotes.txt 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/releasenotes.txt 2010-04-07 14:49:33.000000000 -0700 @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 4 . 8 + S H O R E W A L L 4 . 4 . 8 . 1 ---------------------------------------------------------------------------- I. RELEASE 4.4 HIGHLIGHTS @@ -218,6 +218,27 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.4.8.1 + +1) Logical interface names in the EXTERNAL column of + /etc/shorewall/proxyarp were previously not mapped to their + corresponding physical interface names. This could cause 'start' or + 'restart' to fail. + +2) If find_first_interface_address() cannot determine the address of + the passed interface, the following message is issued and the + process continues: + + /usr/share/shorewall/lib.common: line 438: + startup_error: command not found + +3) If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script + was executed, messages such as the following would be issued: + + /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator + expected +4.4.8 + 1) A CONTINUE rule specifying a log level would cause the compiler to generate an incorrect rule sequence. The packet would be logged but the CONTINUE action would not occur. @@ -286,6 +307,11 @@ 'shorewall refresh' executed, those new changes would not be included in the active ruleset. +12) In 4.4.7, it was documented that setting the 'bridge' option in an + interfaces file entry also set 'routeback'. That feature was + incomplete with the result that 'routeback' still needed to be + specified. + ---------------------------------------------------------------------------- I V. K N O W N P R O B L E M S R E M A I N I N G ---------------------------------------------------------------------------- diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall shorewall-4.4.8.1/shorewall --- shorewall-4.4.8/shorewall 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/shorewall 2010-04-07 14:49:33.000000000 -0700 @@ -301,14 +301,19 @@ } # +# Fatal error +# +startup_error() { + echo " ERROR: $@" >&2 + kill $$ + exit 1 +} + +# # Run the compiler # compiler() { - startup_error() { - echo " ERROR: $@" >&2 - exit 1 - } - + if [ $(id -u) -ne 0 ]; then if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then startup_error "Ordinary users may not compile the /etc/shorewall configuration" diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall.spec shorewall-4.4.8.1/shorewall.spec --- shorewall-4.4.8/shorewall.spec 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/shorewall.spec 2010-04-07 14:49:33.000000000 -0700 @@ -1,6 +1,6 @@ %define name shorewall %define version 4.4.8 -%define release 0base +%define release 1 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -108,6 +108,8 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples %changelog +* Thu Mar 25 2010 Tom Eastep tom@shorewall.net +- Updated to 4.4.8-1 * Fri Mar 19 2010 Tom Eastep tom@shorewall.net - Updated to 4.4.8-0base * Tue Mar 16 2010 Tom Eastep tom@shorewall.net diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/uninstall.sh shorewall-4.4.8.1/uninstall.sh --- shorewall-4.4.8/uninstall.sh 2010-03-23 08:47:56.000000000 -0700 +++ shorewall-4.4.8.1/uninstall.sh 2010-04-07 14:49:33.000000000 -0700 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.8 +VERSION=4.4.8.1 usage() # $1 = exit status {