diff -Naurdw -X /Users/teastep/bin/exclude.txt shorewall-init-4.4.19.2/changelog.txt shorewall-init-4.4.19.3/changelog.txt --- shorewall-init-4.4.19.2/changelog.txt 2011-05-05 16:31:23.000000000 -0700 +++ shorewall-init-4.4.19.3/changelog.txt 2011-05-10 07:23:00.000000000 -0700 @@ -1,3 +1,13 @@ +Changes in Shorewall 4.4.19.3 + +1) Eliminate issue with 'gawk'. + +2) Ensure that a host route to the gateway exists in the main table. + +3) Only allow USER/GROUP in the OUTPUT chain. + +4) Restrict output interface in CLASSIFY TC rules. + Changes in Shorewall 4.4.19.2 1) Restore the ability to have IPSET names in the ORIGINAL DEST column diff -Naurdw -X /Users/teastep/bin/exclude.txt shorewall-init-4.4.19.2/install.sh shorewall-init-4.4.19.3/install.sh --- shorewall-init-4.4.19.2/install.sh 2011-05-05 16:18:04.000000000 -0700 +++ shorewall-init-4.4.19.3/install.sh 2011-05-10 07:22:30.000000000 -0700 @@ -23,7 +23,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # -VERSION=4.4.19.2 +VERSION=4.4.19.3 usage() # $1 = exit status { diff -Naurdw -X /Users/teastep/bin/exclude.txt shorewall-init-4.4.19.2/releasenotes.txt shorewall-init-4.4.19.3/releasenotes.txt --- shorewall-init-4.4.19.2/releasenotes.txt 2011-05-05 16:31:23.000000000 -0700 +++ shorewall-init-4.4.19.3/releasenotes.txt 2011-05-10 07:23:00.000000000 -0700 @@ -1,5 +1,5 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 4 . 4 . 1 9 . 2 + S H O R E W A L L 4 . 4 . 1 9 . 3 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -13,6 +13,41 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.4.19.3 + +1) The changes in 4.4.19.1 that corrected long-standing issues with + default route save/restore were incompatible with 'gawk'. When + 'gawk' was installed (rather than 'mawk'), awk syntax errors having + to do with the symbol 'default' were issued. + + This incompatibility has been corrected. + +2) Previously, an entry in the USER/GROUP column in the rules and + tcrules files could cause run-time start/restart failures if the + rule(s) being added did not have the firewall as the source or was + being added to the POSTROUTING chain. This error is now caught by + the compiler. + +3) Shorewall now insures that a route to a default gateway exists in + the main table before it attempts to add a default route through + that gateway to a provider table. This prevents start/restart + failures in the rare event that such a route does not exist. + +4) CLASSIFY TC rules can apply to traffic exiting only the interface + associated with the class-id specified in the first column. In a + Multi-ISP configuration, a naive user might create this TC rule: + + 1:2 - 1.2.3.4 + + This will work fine when 1.2.3.4 can only be routed out of a single + interface. However, if we assume that eth0 is interface 1, then the + above rule only works for traffic leaving via eth0. + + Beginning with this release, the Shorewall compiler will interpret + the above rule as this one: + + 1.2 - eth0:1.2.3.4 + 4.4.19.2 1) In Shorewall-shell, there was the ability to specify IPSET names in diff -Naurdw -X /Users/teastep/bin/exclude.txt shorewall-init-4.4.19.2/shorewall-init.spec shorewall-init-4.4.19.3/shorewall-init.spec --- shorewall-init-4.4.19.2/shorewall-init.spec 2011-05-05 16:18:04.000000000 -0700 +++ shorewall-init-4.4.19.3/shorewall-init.spec 2011-05-10 07:22:30.000000000 -0700 @@ -1,6 +1,6 @@ %define name shorewall-init %define version 4.4.19 -%define release 2 +%define release 3 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall). Name: %{name} @@ -119,6 +119,8 @@ %doc COPYING changelog.txt releasenotes.txt %changelog +* Sat May 07 2011 Tom Eastep tom@shorewall.net +- Updated to 4.4.19-3 * Sat Apr 16 2011 Tom Eastep tom@shorewall.net - Updated to 4.4.19-2 * Wed Apr 13 2011 Tom Eastep tom@shorewall.net diff -Naurdw -X /Users/teastep/bin/exclude.txt shorewall-init-4.4.19.2/uninstall.sh shorewall-init-4.4.19.3/uninstall.sh --- shorewall-init-4.4.19.2/uninstall.sh 2011-05-05 16:18:04.000000000 -0700 +++ shorewall-init-4.4.19.3/uninstall.sh 2011-05-10 07:22:30.000000000 -0700 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=4.4.19.2 +VERSION=4.4.19.3 usage() # $1 = exit status {