1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall6-4.4.12.1/changelog.txt shorewall6-4.4.12.2/changelog.txt
--- shorewall6-4.4.12.1/changelog.txt 2010-08-24 13:17:59.000000000 -0700
+++ shorewall6-4.4.12.2/changelog.txt 2010-09-04 07:30:23.000000000 -0700
@@ -1,9 +1,17 @@
+Changes in Shorewall 4.4.12.2
+
+1) Add tweak to 4.4.12.1 optimization fix.
+
+2) Fix exclusion in the blacklist file.
+
Changes in Shorewall 4.4.12.1
1) Fix optimization bugs.
2) Fix detection of old ipset match capability
+3) Fix REQUIRE_INTERFACE=Yes
+
Changes in Shorewall 4.4.12
1) Fix IPv6 shorecap program.
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall6-4.4.12.1/install.sh shorewall6-4.4.12.2/install.sh
--- shorewall6-4.4.12.1/install.sh 2010-08-24 13:15:35.000000000 -0700
+++ shorewall6-4.4.12.2/install.sh 2010-09-04 07:30:24.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.4.12.1
+VERSION=4.4.12.2
usage() # $1 = exit status
{
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall6-4.4.12.1/releasenotes.txt shorewall6-4.4.12.2/releasenotes.txt
--- shorewall6-4.4.12.1/releasenotes.txt 2010-08-24 13:17:59.000000000 -0700
+++ shorewall6-4.4.12.2/releasenotes.txt 2010-09-04 07:30:23.000000000 -0700
@@ -1,5 +1,5 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 4 . 1 2 . 1
+ S H O R E W A L L 4 . 4 . 1 2 . 2
----------------------------------------------------------------------------
I. RELEASE 4.4 HIGHLIGHTS
@@ -224,21 +224,38 @@
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.4.12.2
+
+1) Earlier releases allowed CONTINUE rules with exclusion. These rules
+ generated valid but incorrect iptables (ip6tables) input. Such
+ rules are now disallowed.
+
+2) The fix for COMMENT and OPTIMIZE 8-15 in 4.4.12.1 missed one case
+ which has now been corrected.
+
+3) Previously, exclusion in the blacklist file was correctly validated
+ but was then ignored when generating iptables (ip6tables) rules.
+
+4) Previously, the interface option combination of 'optional' and
+ 'upnpclient' did not work correctly.
+
4.4.12.1
1) Under rare circumstances where COMMENT is used to attach comments
to rules, OPTIMIZE 8 through 15 could result in invalid
iptables-restore (ip6tables-restore) input.
-2) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
+2) Under rare circumstances involving exclusion, OPTIMIZE 8 through 15
could result in invalid iptables-restore (ip6tables-restore) input.
3) The change in 4.4.12 to detect and use the new ipset match syntax
broke the ability to detect the old ipset match capability. Now,
both versions of the capability can be correctly detected.
-4.4.12
+4) Previously, if REQUIRE_INTERFACE=Yes then start/restart would fail
+ if the last optional interface tested was not available.
+4.4.12
1) Previously, the Shorewall6-lite version of shorecap was using
iptables rather than ip6tables, with the result that many capabilities
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall6-4.4.12.1/shorewall6.spec shorewall6-4.4.12.2/shorewall6.spec
--- shorewall6-4.4.12.1/shorewall6.spec 2010-08-24 13:15:35.000000000 -0700
+++ shorewall6-4.4.12.2/shorewall6.spec 2010-09-04 07:30:24.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall6
%define version 4.4.12
-%define release 1
+%define release 2
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
Name: %{name}
@@ -98,6 +98,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog
+* Sat Sep 04 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.12-2
* Mon Aug 23 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.12-1
* Sun Aug 15 2010 Tom Eastep tom@shorewall.net
diff -Naur -X /Users/teastep/bin/exclude.txt shorewall6-4.4.12.1/uninstall.sh shorewall6-4.4.12.2/uninstall.sh
--- shorewall6-4.4.12.1/uninstall.sh 2010-08-24 13:15:35.000000000 -0700
+++ shorewall6-4.4.12.2/uninstall.sh 2010-09-04 07:30:24.000000000 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.12.1
+VERSION=4.4.12.2
usage() # $1 = exit status
{
|