LogoopenSUSE Build Service > Projects > security:netfilter > shorewall > Revisions
Sign Up | Log In

Revision Log of shorewall (213)

buildservice-autocommit accepted request 371244 about 1 month ago (revision 213)
baserev update by copy to link target
Jan Engelhardt Jan Engelhardt (jengelh) accepted request 367131 about 2 months ago (revision 212)
Update to last bugfix 4.x series 
Thanks for your consideration.
Maintainer status is accepted since togan has disappear
Will serve as maintenance sr for Leap + Factory submission
buildservice-autocommit accepted request 331030 8 months ago (revision 211)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 331029 8 months ago (revision 210)
- Update to version 4.6.13 For more details see changelog.txt and
  realeasenotes.txt
  * The 'rules' file manpages have been corrected regarding the
    packets that are processed by rules in the NEW section.
  * Parsing of IPv6 address ranges has been corrected. Previously,
    use of ranges resulted in 'Invalid IPv6 Address' errors.
  * The shorewall6-hosts man page has been corrected to show the
    proper contents of the HOST(S) column.
  * Previously, INLINE statements in the mangle file were not 
    recognized if a chain designator (:F, :P, etc.) followingowed 
    INLINE(...). As a consequence, additional matches following
    a semicolon were interpreted as column/value pairs unless
    INLINE_MATCHES=Yes, resulting in compilation failure.
  * Inline matches on IP[6]TABLE rules could be ignored if
    INLINE_MATCHES=No. They are now recognized.
  * Specifying an action with a logging level in one of the
    _DEFAULT options in shorewall[6].conf
    (e.g., REJECT_DEFAULT=Reject:info) produced a compilation error:
      ERROR: Invalid value (:info) for first Reject parameter
           /usr/share/shorewall/action.Rejectect (line 52)
    That has been corrected. Note, however, that specifying logging
    with a default action tends to defeat one of the main purposes
    of default actions which is to suppress logging.
  * Previously, it was necessary to set TC_EXPERT=Yes to have full
    access to the user mark in fw marks. That has been corrected so
    that any place that a mark or mask can be specified, both the
    TC mark and the User mark are accessible.
buildservice-autocommit accepted request 316608 9 months ago (revision 209)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 316607 10 months ago (revision 208)
- Update to version 4.6.11 For more details see changelog.txt and
  releasenotes.txt
  * Previously, when the -c option was given to the 'compile'
    command, the progress message "Compiling..." was issued before
    it was determined if compilation was necessary.  Now, that message
    is suppressed when re-compilation is not required.
  * Previously, when the -c option was given to the 'compile'
    command, the 'postcompile' extension script was executed even when
    there was no (re-)compilation. Now, the 'postcompile' script is
    only invoked  when a new script is generated.
  * If CONFDIR was other than /etc, then ordinary users would not 
    receive a clear error message when they attempted to execute
    one of the commands that change the firewall state.
  * Previously, IPv4 DHCP client broadcasts were blocked by the
    'rpfilter' interface option. That has been corrected.
  * The 'update' command incorrectly added the INLINE_MATCHES
    option to shorewall6.conf with a default value of 'Yes'. This
    caused 'start' to fail with invalid ip6tables rules when the alternate
    input format using ';' is used.
    Note: This last issue is not documented in the release notes
    included with the release.
buildservice-autocommit accepted request 313364 10 months ago (revision 207)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 312379 11 months ago (revision 206)
- Update to version 4.6.10.1 For more details see changelog.txt and
  releasenotes.txt
  * Indentation is now consistent in lib.core (Tuomo Soini).
  * The first problem corrected in 4.6.10 below was incomplete. It
    is now complete (Tuomo Soini).
  * Similarly, the second fix was also incomplete and is now
    completed  (Tuomo Soini).
buildservice-autocommit accepted request 305795 12 months ago (revision 205)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 305794 12 months ago (revision 204)
- Update to version 4.6.9 For more details see changelog.txt and
  releasenotes.txt
  * This release contains defect repair from Shorewall 4.6.8.1 and
    earlier releases.
  * The means for preventing loading of helper modules has been
    clarified in the documentation.
  * The SetEvent and ResetEvent actions previously set/reset the
    event even if the packet did not match the other specified
    columns. This has been corrected.
  * Previously, the 'show capabilities' command was ignoring the
    HELPERS setting. This resulted in unwanted modules being
    autoloaded  and, when the -f option was given, an incorrect
    capabilities file was generated.
  * Previously, when 'wait' was specified for an interface, the
    generated script erroneously checked for required interfaces on
    all commands rather than just start, restart and restore.
buildservice-autocommit accepted request 296593 about 1 year ago (revision 203)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 296592 about 1 year ago (revision 202)
- Update to version 4.6.8.1 For more details see changnlog.txt and
  releasenotes.txt
  * Previously, when servicd was installed and there were one or
    more required interfaces, the firewall would fail to start at
    boot.This has been corrected by Tuomo Soini.
  * Some startup logic in lib.cli has been deleted. A bug prevented
    the code from working as intended, so there is no loss of 
    functionality resulting from deletion of the code.
buildservice-autocommit accepted request 294499 about 1 year ago (revision 201)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 294498 about 1 year ago (revision 200)
- Update to version 4.6.8 For more details see changelog.txt and
  releasenotes.txt
  * This release includes defect repair from Shorewall 4.6.6.2 and
    earlier releases.
  * Previously, when the -n option was specified and NetworkManager
    was installed on the target system, the Shorewall-init installer
    would still create
    ${DESTDIR}etc/NetworkManager/dispatcher.d/01-shorewall, regardless
    of the setting of $CONFDIR. That has been corrected such that
    the directory
    ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
    is created instead.
  * Previously, handling of the IPTABLES and IP6TABLES actions in
    the conntrack file was broken. nfw provided a fix on IRC.
  * The Shorewall-core and Shorewall6 installers would previously
    report incorrectly that the product release was not installed.
    Matt Darfeuille provided fixes.
buildservice-autocommit accepted request 290982 about 1 year ago (revision 199)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 290980 about 1 year ago (revision 198)
- Update to version 4.6.7 For more details see changelog.txt and
  releasenotes.txt
  * This release includes defect repair from Shorewall 4.6.6.2 and
    earlier releases.
  * The 'tunnels' file now supports 'tinc' tunnels.
  * Previously, the SAME action in the mangle file had a fixed
    timeout of 300 seconds (5 minutes). That action now allows
    specification of a different timeout.
  * It is now possible to add or delete addresses from an ipset
    with entries in the mangle file. The ADD and DEL actions have
    the same behavior in the mangle file as they do in the rules
    file. 
- Added systemd_version macro in anticipation of detecting the
  correct service file when systemd version is >= 214
buildservice-autocommit accepted request 284605 about 1 year ago (revision 197)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 284604 about 1 year ago (revision 196)
- Update to version 4.6.6.2 For more details see changelog.txt and
  releasenotes.txt
  * The compiler failed to parse the construct +<ipset>[n] where n is
    an integer (e.g., +bad[2]).
  * Orion Paplawski has provided a patch that adds 'ko.xz' to the
    default MODULE_SUFFIX setting. This change deals with recent
    Fedora releases where the module names now end with ".ko.xz".
    In addition to Orion's patch, the sample configurations have
    been modified to specify MODULE_SUFFIX="ko ko.xz".
buildservice-autocommit accepted request 282634 over 1 year ago (revision 195)
baserev update by copy to link target
Togan Muftuoglu Togan Muftuoglu (toganm) accepted request 282633 over 1 year ago (revision 194)
- Update to version 4.6.6.1 For more details see changelog.txt and
  releasenotes.txt
  * Previously the SAVE and RESTORE actions were erroneously disallowed
    in the INPUT chain within the mangle file.
  * The manpage descriptions of the mangle SAVE and RESTORE actions
    incorrectly required a slash (/) prior to the mask value.
  * Race conditions could previously occur between the 'start'
    command and the 'enable' and 'disable' commands.
  * The 'update' command incorrectly added the INLINE_MATCHES
    option to shorewall.conf with a default value of 'Yes'. This
    caused 'start' to fail with invalid iptables rules when the
    alternate input format using ';' is used.
  * Previously the LOCKFILE setting was not propagated to the
    generated script. So when the script was run directly, the script
    unconditionally used ${VARDIR}/lock.

Show all