diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/changelog.txt shorewall-4.4.8.1/changelog.txt
--- shorewall-4.4.8/changelog.txt 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/changelog.txt 2010-04-07 14:49:33.000000000 -0700
@@ -1,3 +1,12 @@
+Changes in Shorewall 4.4.8.1
+
+1) Correct handling of a logical interface name in the EXTERNAL column
+ of proxyarp.
+
+2) Fix find_first_interface_address() error reporting.
+
+3) Fix propagation of zero-valued config variables.
+
Changes in Shorewall 4.4.8
1) Correct handling of RATE LIMIT on NAT rules.
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/configfiles/shorewall.conf shorewall-4.4.8.1/configfiles/shorewall.conf
--- shorewall-4.4.8/configfiles/shorewall.conf 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/configfiles/shorewall.conf 2010-04-07 14:49:33.000000000 -0700
@@ -1,19 +1,10 @@
###############################################################################
-# /etc/shorewall/shorewall.conf Version 4 - Change the following variables to
-# match your setup
#
-# This program is under GPL
-# [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
-#
-# This file should be placed in /etc/shorewall
-#
-# (c) 1999,2000,2001,2002,2003,2004,2005,
-# 2006,2007,2008 - Tom Eastep (teastep@shorewall.net)
+# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
-# Additional information is available at
-# http://www.shorewall.net/Documentation.htm#Conf
+# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/install.sh shorewall-4.4.8.1/install.sh
--- shorewall-4.4.8/install.sh 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/install.sh 2010-04-07 14:49:33.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.4.8
+VERSION=4.4.8.1
usage() # $1 = exit status
{
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/known_problems.txt shorewall-4.4.8.1/known_problems.txt
--- shorewall-4.4.8/known_problems.txt 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/known_problems.txt 2010-04-07 14:49:33.000000000 -0700
@@ -1 +1,23 @@
-There are no known problems in Shorewall 4.4.8
+1) Logical interface names in the EXTERNAL column of
+ /etc/shorewall/proxyarp were previously not mapped to their
+ corresponding physical interface names. This could cause 'start' or
+ 'restart' to fail.
+
+ Corrected in Shorewall 4.4.8.1
+
+2) If find_first_interface_address() cannot determine the address of
+ the passed interface, the following message is issued and the
+ process continues:
+
+ /usr/share/shorewall/lib.common: line 438:
+ startup_error: command not found
+
+ Corrected in Shorewall 4.4.8.1
+
+3) If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script
+ is executed, messages such as the following will be issued:
+
+ /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator
+ expected
+
+ Corrected in Shorewall 4.4.8.1
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Config.pm shorewall-4.4.8.1/Perl/Shorewall/Config.pm
--- shorewall-4.4.8/Perl/Shorewall/Config.pm 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/Perl/Shorewall/Config.pm 2010-04-07 14:49:33.000000000 -0700
@@ -338,7 +338,7 @@
TC_SCRIPT => '',
EXPORT => 0,
UNTRACKED => 0,
- VERSION => "4.4.8",
+ VERSION => "4.4.8.1",
CAPVERSION => 40408 ,
);
@@ -3050,7 +3050,8 @@
#
sub propagateconfig() {
for my $option ( @propagateconfig ) {
- my $value = $config{$option} || '';
+ my $value = $config{$option};
+ $value = '' unless defined $value;
emit "$option=\"$value\"";
}
}
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm
--- shorewall-4.4.8/Perl/Shorewall/Proxyarp.pm 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/Perl/Shorewall/Proxyarp.pm 2010-04-07 14:49:33.000000000 -0700
@@ -118,6 +118,7 @@
}
$interface = get_physical $interface;
+ $external = get_physical $external;
$set{$interface} = 1;
$reset{$external} = 1 unless $set{$external};
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/releasenotes.txt shorewall-4.4.8.1/releasenotes.txt
--- shorewall-4.4.8/releasenotes.txt 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/releasenotes.txt 2010-04-07 14:49:33.000000000 -0700
@@ -1,5 +1,5 @@
----------------------------------------------------------------------------
- S H O R E W A L L 4 . 4 . 8
+ S H O R E W A L L 4 . 4 . 8 . 1
----------------------------------------------------------------------------
I. RELEASE 4.4 HIGHLIGHTS
@@ -218,6 +218,27 @@
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+4.4.8.1
+
+1) Logical interface names in the EXTERNAL column of
+ /etc/shorewall/proxyarp were previously not mapped to their
+ corresponding physical interface names. This could cause 'start' or
+ 'restart' to fail.
+
+2) If find_first_interface_address() cannot determine the address of
+ the passed interface, the following message is issued and the
+ process continues:
+
+ /usr/share/shorewall/lib.common: line 438:
+ startup_error: command not found
+
+3) If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script
+ was executed, messages such as the following would be issued:
+
+ /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator
+ expected
+4.4.8
+
1) A CONTINUE rule specifying a log level would cause the compiler to
generate an incorrect rule sequence. The packet would be logged
but the CONTINUE action would not occur.
@@ -286,6 +307,11 @@
'shorewall refresh' executed, those new changes would not be included
in the active ruleset.
+12) In 4.4.7, it was documented that setting the 'bridge' option in an
+ interfaces file entry also set 'routeback'. That feature was
+ incomplete with the result that 'routeback' still needed to be
+ specified.
+
----------------------------------------------------------------------------
I V. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall shorewall-4.4.8.1/shorewall
--- shorewall-4.4.8/shorewall 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/shorewall 2010-04-07 14:49:33.000000000 -0700
@@ -301,14 +301,19 @@
}
#
+# Fatal error
+#
+startup_error() {
+ echo " ERROR: $@" >&2
+ kill $$
+ exit 1
+}
+
+#
# Run the compiler
#
compiler() {
- startup_error() {
- echo " ERROR: $@" >&2
- exit 1
- }
-
+
if [ $(id -u) -ne 0 ]; then
if [ -z "$SHOREWALL_DIR" -o "$SHOREWALL_DIR" = /etc/shorewall ]; then
startup_error "Ordinary users may not compile the /etc/shorewall configuration"
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/shorewall.spec shorewall-4.4.8.1/shorewall.spec
--- shorewall-4.4.8/shorewall.spec 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/shorewall.spec 2010-04-07 14:49:33.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall
%define version 4.4.8
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -108,6 +108,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
%changelog
+* Thu Mar 25 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.8-1
* Fri Mar 19 2010 Tom Eastep tom@shorewall.net
- Updated to 4.4.8-0base
* Tue Mar 16 2010 Tom Eastep tom@shorewall.net
diff -Naur -X /home/teastep/bin/exclude.txt shorewall-4.4.8/uninstall.sh shorewall-4.4.8.1/uninstall.sh
--- shorewall-4.4.8/uninstall.sh 2010-03-23 08:47:56.000000000 -0700
+++ shorewall-4.4.8.1/uninstall.sh 2010-04-07 14:49:33.000000000 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.4.8
+VERSION=4.4.8.1
usage() # $1 = exit status
{
|
