rpms/shorewall/F-9 init.sh, NONE, 1.1 patch-common-4.0.14.1, NONE, 1.1 patch-common-4.0.14.2, NONE, 1.1 patch-perl-4.0.14.1, NONE, 1.1 patch-perl-4.0.14.2, NONE, 1.1 patch-shell-4.0.14.1, NONE, 1.1 shorewall.spec, 1.58, 1.59 shorewall-4.0.4-init.patch, 1.1, NONE shorewall-lite-4.0.4-init.patch, 1.1, NONE
Jonathan G. Underwood
jgu at fedoraproject.org
Sat Nov 1 00:47:34 UTC 2008
- Previous message (by thread): rpms/scala/F-9 scala-buildfile.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 scala.spec, 1.1, 1.2 sources, 1.2, 1.3 scala-2.7.2.RC1.build.patch, 1.1, NONE
- Next message (by thread): rpms/shorewall/F-9 shorewall.spec,1.59,1.60
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jgu
Update of /cvs/extras/rpms/shorewall/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22857
Modified Files:
shorewall.spec
Added Files:
init.sh patch-common-4.0.14.1 patch-common-4.0.14.2
patch-perl-4.0.14.1 patch-perl-4.0.14.2 patch-shell-4.0.14.1
Removed Files:
shorewall-4.0.4-init.patch shorewall-lite-4.0.4-init.patch
Log Message:
* Sat Nov 1 2008 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.14-2
- New sysv init files which are no longer maintained as patches, but as a
Fedora specific file
- Added upstream patches patch-{common,perl,shell}-4.0.14.1
- Added upstream patches patch-{common,perl}-4.0.14.2
--- NEW FILE init.sh ---
#!/bin/sh
#
# Shorewall init script
#
# chkconfig: - 25 90
# description: Packet filtering firewall
### BEGIN INIT INFO
# Provides: shorewall
# Required-Start: $local_fs $remote_fs $syslog $network
# Should-Start: VMware $time $named
# Required-Stop:
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: Packet filtering firewall
# Description: The Shoreline Firewall, more commonly known as "Shorewall", is a
# Netfilter (iptables) based firewall
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
prog="shorewall"
shorewall="/sbin/$prog"
logger="logger -i -t $prog"
lockfile="/var/lock/subsys/$prog"
# Get startup options (override default)
OPTIONS=
if [ -f /etc/sysconfig/$prog ]; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting Shorewall: "
$shorewall $OPTIONS start 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
touch $lockfile
success
else
failure
fi
echo
return $retval
}
stop() {
echo -n $"Stopping Shorewall: "
$shorewall $OPTIONS stop 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
rm -f $lockfile
success
else
failure
fi
echo
return $retval
}
restart() {
# Note that we don't simply stop and start since shorewall has a built in
# restart which stops the firewall if running and then starts it.
echo -n $"Restarting Shorewall: "
$shorewall $OPTIONS restart 2>&1 | $logger
retval=${PIPESTATUS[0]}
if [[ $retval == 0 ]]; then
touch $lockfile
success
else # Failed to start, clean up lock file if present
rm -f $lockfile
failure
fi
echo
return $retval
}
status(){
$shorewall status
return $?
}
status_q() {
status > /dev/null 2>&1
}
case "$1" in
start)
status_q && exit 0
$1
;;
stop)
status_q || exit 0
$1
;;
restart|reload|force-reload)
restart
;;
condrestart|try-restart)
status_q || exit 0
restart
;;
status)
$1
;;
*)
echo "Usage: $0 start|stop|reload|restart|force-reload|status"
exit 1
;;
esac
--- NEW FILE patch-common-4.0.14.1 ---
diff -Naur -X /usr/local/bin/exclude.txt shorewall-common-4.0.14/fallback.sh shorewall-common-4.0.14.1/fallback.sh
--- shorewall-common-4.0.14/fallback.sh 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-common-4.0.14.1/fallback.sh 2008-10-13 10:36:50.000000000 -0700
@@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
-VERSION=4.0.14
+VERSION=4.0.14.1
usage() # $1 = exit status
{
diff -Naur -X /usr/local/bin/exclude.txt shorewall-common-4.0.14/install.sh shorewall-common-4.0.14.1/install.sh
--- shorewall-common-4.0.14/install.sh 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-common-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.0.14
+VERSION=4.0.14.1
usage() # $1 = exit status
{
diff -Naur -X /usr/local/bin/exclude.txt shorewall-common-4.0.14/lib.base shorewall-common-4.0.14.1/lib.base
--- shorewall-common-4.0.14/lib.base 2007-12-18 12:59:42.000000000 -0800
+++ shorewall-common-4.0.14.1/lib.base 2008-10-13 09:55:02.000000000 -0700
@@ -35,7 +35,7 @@
#
SHOREWALL_LIBVERSION=40000
-SHOREWALL_CAPVERSION=40006
+SHOREWALL_CAPVERSION=40015
[ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
diff -Naur -X /usr/local/bin/exclude.txt shorewall-common-4.0.14/shorewall-common.spec shorewall-common-4.0.14.1/shorewall-common.spec
--- shorewall-common-4.0.14/shorewall-common.spec 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-common-4.0.14.1/shorewall-common.spec 2008-10-13 10:36:50.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall-common
%define version 4.0.14
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -244,6 +244,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
%changelog
+* Mon Oct 13 2008 Tom Eastep tom at shorewall.net
+- Updated to 4.0.14-1
* Mon Sep 22 2008 Tom Eastep tom at shorewall.net
- Updated to 4.0.14-0base
* Sat Jul 26 2008 Tom Eastep tom at shorewall.net
diff -Naur -X /usr/local/bin/exclude.txt shorewall-common-4.0.14/uninstall.sh shorewall-common-4.0.14.1/uninstall.sh
--- shorewall-common-4.0.14/uninstall.sh 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-common-4.0.14.1/uninstall.sh 2008-10-13 10:36:50.000000000 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.0.14
+VERSION=4.0.14.1
usage() # $1 = exit status
{
--- NEW FILE patch-common-4.0.14.2 ---
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/fallback.sh shorewall-common-4.0.14.2/fallback.sh
--- shorewall-common-4.0.14.1/fallback.sh 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-common-4.0.14.2/fallback.sh 2008-10-30 16:39:08.000000000 -0700
@@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
-VERSION=4.0.14.1
+VERSION=4.0.14.2
usage() # $1 = exit status
{
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/install.sh shorewall-common-4.0.14.2/install.sh
--- shorewall-common-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-common-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.0.14.1
+VERSION=4.0.14.2
usage() # $1 = exit status
{
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/lib.base shorewall-common-4.0.14.2/lib.base
--- shorewall-common-4.0.14.1/lib.base 2008-10-13 09:55:02.000000000 -0700
+++ shorewall-common-4.0.14.2/lib.base 2008-10-30 16:39:08.000000000 -0700
@@ -979,6 +979,7 @@
qt $IPTABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
CONNTRACK_MATCH=
+ NEW_CONNTRACK_MATCH=
MULTIPORT=
XMULTIPORT=
POLICY_MATCH=
@@ -1026,6 +1027,10 @@
qt $IPTABLES -A $chain -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
+ if [ -n "$CONNTRACK_MATCH" ]; then
+ qt $IPTABLES -A $chain -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT && NEW_CONNTRACK_MATCH=Yes
+ fi
+
if qt $IPTABLES -A $chain -p tcp -m multiport --dports 21,22 -j ACCEPT; then
MULTIPORT=Yes
qt $IPTABLES -A $chain -p tcp -m multiport --sports 60 -m multiport --dports 99 -j ACCEPT && KLUDEFREE=Yes
@@ -1126,6 +1131,7 @@
report_capability "Multi-port Match" $MULTIPORT
[ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
report_capability "Connection Tracking Match" $CONNTRACK_MATCH
+ report_capability "New Connection Tracking Match Syntax" $NEW_CONNTRACK_MATCH
report_capability "Packet Type Match" $USEPKTTYPE
report_capability "Policy Match" $POLICY_MATCH
report_capability "Physdev Match" $PHYSDEV_MATCH
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/shorewall-common.spec shorewall-common-4.0.14.2/shorewall-common.spec
--- shorewall-common-4.0.14.1/shorewall-common.spec 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-common-4.0.14.2/shorewall-common.spec 2008-10-30 16:39:08.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall-common
%define version 4.0.14
-%define release 1
+%define release 2
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -244,6 +244,8 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples
%changelog
+* Thu Oct 30 2008 Tom Eastep tom at shorewall.net
+- Updated to 4.0.14-2
* Mon Oct 13 2008 Tom Eastep tom at shorewall.net
- Updated to 4.0.14-1
* Mon Sep 22 2008 Tom Eastep tom at shorewall.net
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-common-4.0.14.1/uninstall.sh shorewall-common-4.0.14.2/uninstall.sh
--- shorewall-common-4.0.14.1/uninstall.sh 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-common-4.0.14.2/uninstall.sh 2008-10-30 16:39:08.000000000 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=4.0.14.1
+VERSION=4.0.14.2
usage() # $1 = exit status
{
--- NEW FILE patch-perl-4.0.14.1 ---
diff -Naur -X /usr/local/bin/exclude.txt shorewall-perl-4.0.14/install.sh shorewall-perl-4.0.14.1/install.sh
--- shorewall-perl-4.0.14/install.sh 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-perl-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.0.14
+VERSION=4.0.14.1
usage() # $1 = exit status
{
diff -Naur -X /usr/local/bin/exclude.txt shorewall-perl-4.0.14/Shorewall/Chains.pm shorewall-perl-4.0.14.1/Shorewall/Chains.pm
--- shorewall-perl-4.0.14/Shorewall/Chains.pm 2008-06-13 17:23:36.000000000 -0700
+++ shorewall-perl-4.0.14.1/Shorewall/Chains.pm 2008-10-13 09:55:02.000000000 -0700
@@ -1345,7 +1345,7 @@
if ( $net =~ /^!/ ) {
$net =~ s/!//;
validate_net $net, 1;
- "-m conntrack --ctorigdst ! $net ";
+ $capabilities{NEW_CONNTRACK_MATCH} ? "-m conntrack ! --ctorigdst $net " : "-m conntrack --ctorigdst ! $net ";
} else {
validate_net $net, 1;
$net eq ALLIPv4 ? '' : "-m conntrack --ctorigdst $net ";
diff -Naur -X /usr/local/bin/exclude.txt shorewall-perl-4.0.14/Shorewall/Config.pm shorewall-perl-4.0.14.1/Shorewall/Config.pm
--- shorewall-perl-4.0.14/Shorewall/Config.pm 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-perl-4.0.14.1/Shorewall/Config.pm 2008-10-13 10:36:50.000000000 -0700
@@ -162,6 +162,8 @@
MULTIPORT => 'Multi-port Match' ,
XMULTIPORT => 'Extended Multi-port Match',
CONNTRACK_MATCH => 'Connection Tracking Match',
+ NEW_CONNTRACK_MATCH =>
+ 'New Connection Tracking Match syntax',
USEPKTTYPE => 'Packet Type Match',
POLICY_MATCH => 'Policy Match',
PHYSDEV_MATCH => 'Physdev Match',
@@ -244,8 +246,8 @@
ORIGINAL_POLICY_MATCH => '',
LOGPARMS => '',
TC_SCRIPT => '',
- VERSION => "4.0.14",
- CAPVERSION => 40006 ,
+ VERSION => "4.0.14.1",
+ CAPVERSION => 40015 ,
);
#
# From shorewall.conf file
@@ -357,6 +359,7 @@
MULTIPORT => undef,
XMULTIPORT => undef,
CONNTRACK_MATCH => undef,
+ NEW_CONNTRACK_MATCH => undef,
USEPKTTYPE => undef,
POLICY_MATCH => undef,
PHYSDEV_MATCH => undef,
@@ -1368,6 +1371,10 @@
qt1( "$iptables -N $sillyname" );
$capabilities{CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT" );
+
+ if ( $capabilities{CONNTRACL_MATCH} ) {
+ $capabilities{NEW_CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT" );
+ }
if ( qt1( "$iptables -A $sillyname -p tcp -m multiport --dports 21,22 -j ACCEPT" ) ) {
$capabilities{MULTIPORT} = 1;
diff -Naur -X /usr/local/bin/exclude.txt shorewall-perl-4.0.14/shorewall-perl.spec shorewall-perl-4.0.14.1/shorewall-perl.spec
--- shorewall-perl-4.0.14/shorewall-perl.spec 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-perl-4.0.14.1/shorewall-perl.spec 2008-10-13 10:36:50.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall-perl
%define version 4.0.14
-%define release 0base
+%define release 1
Summary: Shoreline Firewall Perl-based compiler.
Name: %{name}
@@ -64,6 +64,8 @@
%doc COPYING releasenotes.txt
%changelog
+* Mon Oct 13 2008 Tom Eastep tom at shorewall.net
+- Updated to 4.0.14-1
* Mon Sep 22 2008 Tom Eastep tom at shorewall.net
- Updated to 4.0.14-0base
* Sat Jul 26 2008 Tom Eastep tom at shorewall.net
--- NEW FILE patch-perl-4.0.14.2 ---
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/install.sh shorewall-perl-4.0.14.2/install.sh
--- shorewall-perl-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-perl-4.0.14.2/install.sh 2008-10-30 16:39:08.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.0.14.1
+VERSION=4.0.14.2
usage() # $1 = exit status
{
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Chains.pm shorewall-perl-4.0.14.2/Shorewall/Chains.pm
--- shorewall-perl-4.0.14.1/Shorewall/Chains.pm 2008-10-13 09:55:02.000000000 -0700
+++ shorewall-perl-4.0.14.2/Shorewall/Chains.pm 2008-10-30 16:39:08.000000000 -0700
@@ -110,6 +110,7 @@
do_test
do_ratelimit
do_user
+ do_length
do_tos
match_source_dev
match_dest_dev
@@ -421,7 +422,7 @@
if ( $expandports && $rule =~ '^(.* --dports\s+)([^ ]+)(.*)$' ) {
my ($first, $ports, $rest) = ( $1, $2, $3 );
- if ( ( $ports =~ tr/:,/:,/ ) > 15 ) {
+ if ( ( $ports =~ tr/:,/:,/ ) > 14 ) {
my @ports = split '([,:])', $ports;
while ( @ports ) {
@@ -1212,6 +1213,16 @@
}
#
+# Create a "-m length" match for the passed TOS
+#
+sub do_length( $ ) {
+ my $length = $_[0];
+
+ require_capability( 'LENGTH_MATCH' , 'A non-empty LENGTH' , 's' );
+ $length ne '-' ? "-m length --length $length " : '';
+}
+
+#
# Match Source Interface
#
sub match_source_dev( $ ) {
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/Shorewall/Config.pm shorewall-perl-4.0.14.2/Shorewall/Config.pm
--- shorewall-perl-4.0.14.1/Shorewall/Config.pm 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-perl-4.0.14.2/Shorewall/Config.pm 2008-10-30 16:42:11.000000000 -0700
@@ -246,7 +246,7 @@
ORIGINAL_POLICY_MATCH => '',
LOGPARMS => '',
TC_SCRIPT => '',
- VERSION => "4.0.14.1",
+ VERSION => "4.0.14.2",
CAPVERSION => 40015 ,
);
#
@@ -1372,7 +1372,7 @@
$capabilities{CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT" );
- if ( $capabilities{CONNTRACL_MATCH} ) {
+ if ( $capabilities{CONNTRACK_MATCH} ) {
$capabilities{NEW_CONNTRACK_MATCH} = qt1( "$iptables -A $sillyname -m conntrack ! --ctorigdst 192.168.1.1 -j ACCEPT" );
}
diff -Naur -X /home/teastep/shorewall/trunk/tools/build/exclude.txt shorewall-perl-4.0.14.1/shorewall-perl.spec shorewall-perl-4.0.14.2/shorewall-perl.spec
--- shorewall-perl-4.0.14.1/shorewall-perl.spec 2008-10-13 10:36:50.000000000 -0700
+++ shorewall-perl-4.0.14.2/shorewall-perl.spec 2008-10-30 16:39:08.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall-perl
%define version 4.0.14
-%define release 1
+%define release 2
Summary: Shoreline Firewall Perl-based compiler.
Name: %{name}
@@ -64,6 +64,8 @@
%doc COPYING releasenotes.txt
%changelog
+* Thu Oct 30 2008 Tom Eastep tom at shorewall.net
+- Updated to 4.0.14-2
* Mon Oct 13 2008 Tom Eastep tom at shorewall.net
- Updated to 4.0.14-1
* Mon Sep 22 2008 Tom Eastep tom at shorewall.net
--- NEW FILE patch-shell-4.0.14.1 ---
diff -Naur -X /usr/local/bin/exclude.txt shorewall-shell-4.0.14/compiler shorewall-shell-4.0.14.1/compiler
--- shorewall-shell-4.0.14/compiler 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-shell-4.0.14.1/compiler 2008-10-13 09:55:02.000000000 -0700
@@ -1674,8 +1674,18 @@
build_exclusion_chain chain filter "$excludesource" "$excludedest"
if [ -n "$addr" -a -n "$CONNTRACK_MATCH" ]; then
+ match='--ctorigdst'
+ if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+ case $adr in
+ !*)
+ match='!--ctorigdst'
+ adr=${adr#!}
+ ;;
+ esac
+ fi
+
for adr in $(separate_list $addr); do
- run_iptables -A $logchain $state $(fix_bang $proto $multiport $sports $dports) $user -m conntrack --ctorigdst $adr -j $chain
+ run_iptables -A $logchain $state $(fix_bang $proto $multiport $sports $dports) $user -m conntrack $match $adr -j $chain
done
addr=
else
@@ -1891,14 +1901,24 @@
__EOF__
else
for adr in $(separate_list $addr); do
+ match='--ctorigdst'
+ if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+ case $adr in
+ !*)
+ match='!--ctorigdst'
+ adr=${adr#!}
+ ;;
+ esac
+ fi
+
if [ -n "$loglevel" -a -z "$natrule" ]; then
- log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A -m conntrack --ctorigdst $adr \
+ log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A -m conntrack $match $adr \
$user $mrk $(fix_bang $proto $multiport $sports $cli $srv $dports) $state
fi
if [ "$logtarget" != LOG ]; then
run_iptables2 -A $chain $state $proto $ratelimit $multiport $cli $sports \
- $srv $dports -m conntrack --ctorigdst $adr $user $mrk -j $target
+ $srv $dports -m conntrack $match $adr $user $mrk -j $target
fi
done
fi
@@ -1958,20 +1978,30 @@
if [ -n "$addr" ]; then
for adr in $(separate_list $addr); do
+ match='--ctorigdst'
+ if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+ case $adr in
+ !*)
+ match='!--ctorigdst'
+ adr=${adr#!}
+ ;;
+ esac
+ fi
+
if [ -n "$loglevel" ]; then
log_rule_limit $loglevel $chain $logchain $logtarget "$ratelimit" "$logtag" -A $user $mrk \
- $state $(fix_bang $proto $multiport $cli $dest_interface $sports $dports -m conntrack --ctorigdst $adr)
+ $state $(fix_bang $proto $multiport $cli $dest_interface $sports $dports -m conntrack $match $adr)
fi
if [ "$logtarget" != LOG ]; then
if [ -n "$nonat" ]; then
addnatrule $(dnat_chain $source) $proto $multiport \
- $cli $sports $dports $ratelimit $user $mrk -m conntrack --ctorigdst $adr -j RETURN
+ $cli $sports $dports $ratelimit $user $mrk -m conntrack $match $adr -j RETURN
fi
if [ "$logtarget" != NONAT ]; then
run_iptables2 -A $chain $state $proto $multiport $cli $dest_interface \
- $sports $dports $ratelimit $user $mrk -m conntrack --ctorigdst $adr -j $target
+ $sports $dports $ratelimit $user $mrk -m conntrack $match $adr -j $target
fi
fi
done
@@ -3670,7 +3700,17 @@
#
# We have connection tracking match -- match on the original destination
#
- run_iptables2 -A $chain -m conntrack --ctorigdst $network -j $target
+ match='--ctorigdst'
+ if [ -n "$NEW_CONNTRACK_MATCH" ]; then
+ case $network in
+ !*)
+ match='!--ctorigdst'
+ network=${network#!}
+ ;;
+ esac
+ fi
+
+ run_iptables2 -A $chain -m conntrack $match $network -j $target
elif [ -n "$MANGLE_ENABLED" ]; then
#
# No connection tracking match but we have mangling -- add a rule to
diff -Naur -X /usr/local/bin/exclude.txt shorewall-shell-4.0.14/install.sh shorewall-shell-4.0.14.1/install.sh
--- shorewall-shell-4.0.14/install.sh 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-shell-4.0.14.1/install.sh 2008-10-13 10:36:50.000000000 -0700
@@ -22,7 +22,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
-VERSION=4.0.14
+VERSION=4.0.14.1
usage() # $1 = exit status
{
diff -Naur -X /usr/local/bin/exclude.txt shorewall-shell-4.0.14/shorewall-shell.spec shorewall-shell-4.0.14.1/shorewall-shell.spec
--- shorewall-shell-4.0.14/shorewall-shell.spec 2008-09-22 13:26:21.000000000 -0700
+++ shorewall-shell-4.0.14.1/shorewall-shell.spec 2008-10-13 10:36:50.000000000 -0700
@@ -1,6 +1,6 @@
%define name shorewall-shell
%define version 4.0.14
-%define release 0base
+%define release 1
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
Name: %{name}
@@ -81,6 +81,8 @@
%doc COPYING INSTALL
%changelog
+* Mon Oct 13 2008 Tom Eastep tom at shorewall.net
+- Updated to 4.0.14-1
* Mon Sep 22 2008 Tom Eastep tom at shorewall.net
- Updated to 4.0.14-0base
* Sat Jul 26 2008 Tom Eastep tom at shorewall.net
Index: shorewall.spec
===================================================================
RCS file: /cvs/extras/rpms/shorewall/F-9/shorewall.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- shorewall.spec 28 Sep 2008 23:35:20 -0000 1.58
+++ shorewall.spec 1 Nov 2008 00:47:03 -0000 1.59
@@ -22,8 +22,16 @@
Source1: %{_baseurl}%{name}-perl-%{version}.tar.bz2
Source2: %{_baseurl}%{name}-shell-%{version}.tar.bz2
Source3: %{_baseurl}%{name}-lite-%{version}.tar.bz2
-Patch0: shorewall-4.0.4-init.patch
-Patch1: shorewall-lite-4.0.4-init.patch
+
+# Init files for Fedora
+Source10: init.sh
+
+Patch0: patch-common-4.0.14.1
+Patch1: patch-perl-4.0.14.1
+Patch2: patch-shell-4.0.14.1
+
+Patch3: patch-common-4.0.14.2
+Patch4: patch-perl-4.0.14.2
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: perl
@@ -94,12 +102,23 @@
pushd shorewall-common-%{version}
%patch0 -p1
+%patch3 -p1
popd
-pushd shorewall-lite-%{version}
+pushd shorewall-perl-%{version}
%patch1 -p1
+%patch4 -p1
popd
+pushd shorewall-shell-%{version}
+%patch2 -p1
+popd
+
+# Overwrite default init files with Fedora specific ones
+cp %{SOURCE10} shorewall-common-%{version}
+cp %{SOURCE10} shorewall-lite-%{version}
+sed -i -e 's|prog="shorewall"|prog="shorewall-lite"|' shorewall-lite-%{version}/init.sh
+
# Remove hash-bang from files which are not directly executed as shell
# scripts. This silences some rpmlint errors.
find . -name "lib.*" -exec sed -i -e '/\#\!\/bin\/sh/d' {} \;
@@ -263,6 +282,12 @@
%{_mandir}/man8/shorewall-lite.8.gz
%changelog
+* Sat Nov 1 2008 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.14-2
+- New sysv init files which are no longer maintained as patches, but as a
+ Fedora specific file
+- Added upstream patches patch-{common,perl,shell}-4.0.14.1
+- Added upstream patches patch-{common,perl}-4.0.14.2
+
* Sun Sep 28 2008 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 4.0.14-1
- Update to version 4.0.14
--- shorewall-4.0.4-init.patch DELETED ---
--- shorewall-lite-4.0.4-init.patch DELETED ---
- Previous message (by thread): rpms/scala/F-9 scala-buildfile.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 scala.spec, 1.1, 1.2 sources, 1.2, 1.3 scala-2.7.2.RC1.build.patch, 1.1, NONE
- Next message (by thread): rpms/shorewall/F-9 shorewall.spec,1.59,1.60
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list