Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

shorewall6-lite-5.2.4.4-lp152.1.7 RPM for noarch

From OpenSuSE Leap 15.2 for noarch

Name: shorewall6-lite Distribution: openSUSE Leap 15.2
Version: 5.2.4.4 Vendor: openSUSE
Release: lp152.1.7 Build date: Tue Jun 9 01:23:04 2020
Group: Productivity/Networking/Security Build host: lamb23
Size: 89005 Source RPM: shorewall-5.2.4.4-lp152.1.7.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.shorewall.net/
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Shorewall6 Lite is a companion product to Shorewall6 that allows network
administrators to centralize the configuration of Shorewall6-based firewalls.

Provides

Requires

License

GPL-2.0-only

Changelog

* Thu Apr 30 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix version 5.2.4.4
    + When DYNAMIC_BLACKLIST=ipset... or when SAVE_IPSETS=Yes in
      shorewall[6].conf, 'shorewall[6] start' could hang. Fixed.
    + 'shorewall[6] start' would not automatically create dynamic
      blacklisting ipsets. That has been corrected.
  - This version will served also as maintenance upgrade for Leap
* Wed Apr 22 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.4.2
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
    + Fixes for debian
  - Update to version 5.2.4.1
    + Fixes for openSUSE shorewall-init
    will now ignore 'start' and 'stop' commands, for running firewalls
    + Spurious messages have been removed
  - Packaging
    + Move /usr/sbin/shorewall to shorewall-core so -lite version
      doesn't need main shorewall package
    + To make shorewall remote-* command working we patch lib.cli-std
      to use /usr/sbin instead of /sbin + commented spec
    + Desactivate for the moment the upgrade warning. we need to
      find a 100% working solution.
    + use %{var} form everywhere
* Tue Apr 14 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Add perl-base as buildrequirement to force choice of SHA-DIGEST
    new problem in TW
  - To fix boo#1166114 never restart shorewall-init.service
    macro service_del_postun is replaced by simplier systemd_postun
  - Remove conflict between main and lite package.
    A managing station need main to build configuration and can use
    - lite to execute it. Users are in charge of choosing which
    service has to be started and used. ❤ Freedom
* Sat Apr 04 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Remove shorewall require from shorewall-init (was a forgoten
    action)
* Tue Mar 31 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.4
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
    + Previously, when a Shorewall6 firewall was placed into the
      'stopped' state, ICMP6 packets required by RFC 4890 were not
      automatically accepted by the generated ruleset.
      Beginning with this release, those packets are automatically
      accepted.
    + Previously, the output of 'shorewall[6] help' displayed the
      superseded 'load' command. That text has been deleted.
    + The QOSExample.html file in the documentation and on the web site
      previously showed tcrules content for the /etc/shorewall/mangle
      file (recall that 'mangle' superseded 'tcrules'). That page has
      been corrected.
    + The 'Starting and Stopping' and 'Configuration file basics'
      documents have been updated to align them with the current product
      behavior.
    +  The 'ipsets' document has been updated to clarify the use of
      ipsets in the stoppedrules file.
  - Packaging
    + shorewall-init package has a removed %service_del_postun
      macro to close bug boo#1166114 Restarting this service can
      lock down admin out of the system.
    + shorewall(6) and shorewall(6)-lite conflict has they shouldn't
      be installed together on the same system.
    + conf_update flag is set to 1 to activate update reminder
    + Adjust and cleanup requires
* Sun Mar 15 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Add version to requires in -lite version
* Wed Mar 11 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to minor bugfix version 5.2.3.7
    + When DOCKER=Yes, if both the DOCKER-ISOLATE and
      DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-*
      chains were not preserved through shorewall state changes.
      That has been corrected so that both chains are preserved if
      present.
    + Previously, the compiler always detected the OLD_CONNTRACK_MATCH
      capability as being available in IPv6. When OLD_CONNTRACK_MATCH
      was available, the compiler also mishandled inversion ('!') in the
      ORIGDEST columns, leading to an assertion failure.
      Both the incorrect capability detection and the mishandled
      inversion have been corrected.
    + During 'enable' processing, if address variables associated with
      the interface have values different than those when the firewall
      was last started/restarted/reloaded, then a 'reload' is performed
      rather than a simple 'enable'. The logic that checks for those
      changes was incorrect in some configurations, leading to unneeded
      reload operations. That has been corrected.
    + When MANGLE_ENABLED=No in shorewall[6].conf, some features
      requiring use of the mangle table can be allowed, even though the
      mangle table is not updated. That has been corrected such that use
      of such features will raise an error.
    + When the IfEvent(...,reset) action was invoked, the compiler
      previously emitted a spurious "Resetting..." message. That message
      has been suppressed.
  - Packaging
    + Do not provide anymore unsused notrack file
    + Introduce define conf_need_update to track when we activate the
    post update warning for users when there's minor or major version
    update of shorewall bnc#1166114
* Mon Feb 17 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.6
    + Fix for possible start failure when both Docker containers
      and Libvirt VMs were in use.
* Mon Feb 03 2020 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut through the -mini flavors.
* Thu Jan 23 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.5
    + A typo in the FTP documentation has been corrected.
    + The recommended mss setting when using IPSec with ipcomp
      has been corrected.
    + A number of incorrect links in the manpages have been
      corrected.
    + The 'bypass' option is now allowed when specifying an
      NFQUEUE policy. Previously, specifying that option resulted
      in an error.
    + Corrected IPv6 Address Range parsing.
    + Previously, such ranges were required to be of the form
      [<addr1>-<addr2>] rather than the more standard form
      [<addr1>]-[<addr2>]. In the snat file (and in nat actions),
      the latter form was actually flagged as an error while in
      other contexts, it resulted in a less obvious error being
      raised.
    + The manpages have been updated to refer to
      https://shorewall.org rather than http://www.shorewall.org.
  - Refresh spec file
* Wed Sep 04 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.4
    + Update release documents.
    + Correct handling of multi-queue NFQUEUE as a policy.
    + Correct handling of multi-queue NFQUEUE as a macro parameter.
    + Make 'AUTOMAKE=No' the update default.
    + Correct the description of the 'bypass' NFQUEUE option in
      shorewall-rules(5).
* Mon Apr 15 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.3
    Previously, if an ipset was specified in an SPORT column, the
    compiler would raise an error similar to:
    ERROR: Invalid ipset name () /etc/shorewall/rules (line 44)
  - Update to bugfix minor 5.2.3.2
    Shorewall 5.2 automatically converts an existing 'masq' file to an
    equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
    automatic update, such that the following error message was issued:
    Use of uninitialized value $Shorewall::Nat::raw::currentline in
    pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
    line 511, <$currentfile> line nnn. and the generated 'masq'
    file contains only initial comments. That has been corrected.
* Wed Feb 27 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.1 release
    + An issue in the implementation of policy file zone exclusion,
      released in 5.2.3 has been resolved. In the original release,
      if more than one zone was excluded then the following error was
      raised:
      ERROR: 'all' is not allowed in a source zone list
      etc/shorewall/policy (line ...)
* Sat Feb 23 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to new 5.2.3 bugfix release
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/releasenotes.txt
    This is the retirement of Tom Eastep see.
    https://sourceforge.net/p/shorewall/mailman/message/36589782/
  - Removed module* in file section
  - Clean-up changes and spec (trailing slashes)
* Sun Feb 03 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to new 5.2.2 bugfix release
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.2/releasenotes.txt
  - Packaging:
    + As seen with upstream recommend running shorewall update on
      all version update
    + to be done: run update automatically
* Fri Jan 04 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to major version 5.2.1.4
    A lot of changes occurs since last package please consult
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.1/releasenotes.txt
    and the know problem list at
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.1/known_problems.txt
  - Update your configuration shorewall update
  - Packaging: renew spec file with spec-cleaner
* Sun Apr 15 2018 bruno@ioda-net.ch
  - Changes in 5.1.12.3
    Problems Corrected:
    When 'reset' and 'dst' were specified to the IfEvent action,
    the action would incorrectly attempt to reset the event for the
    SOURCE IP address rather than the DEST address. That has been
    corrected.
* Mon Mar 05 2018 bruno@ioda-net.ch
  - spec :
    + Minimal changes with spec-cleaner
    + Stop conflicting with other firewall (SuSEFirewall2, firewalld)
      User can have several management tools, and it help preparing
      a migration
  - Run shorewall(6) update -A to update your configurations
    Check and adapt them before restarting.
  - Changes in 5.1.12.3
    + Update release documents.
    + Ensure that mutex gets released at exit.
  - Changes in 5.1.12.2
    + Alter documentation to prefer ';;' over ';' in INLINE and
      IP[6]TABLES rules.
    + Make 'update' convert ';' to ';;' in INLINE, IPTABLES and
      IP6TABLES rules.
    + Correct typo that resulted in an "unknown function" Perl
      diagnostic.
    + Correct "Invalid policy" message.
    + Fix omitted SYN limiting.
  - Changes in 5.1.12.1
    + Replace macro.SSDPServer with corrected macro.SSDPserver.
  - Changes in 5.1.12 Final
    + Update release documents.
    + Add INLINE_MATCHES=Yes to the deprecated list.
  - Changes in 5.1.12 RC 1
    + Update release documents.
    + Minor performance enhancements to Optimize Category 8.
    + Always report IPSET_MATCH.
  - Changes in 5.1.12 Beta 2
    + Delete undocumented OPTIMIZE_USE_FIRST option.
    + Merge 5.1.11.
    + Suppress trailing whitespace.
    + Avoid awkward blank lines.
  - Changes in 5.1.12 Beta 1
    + Code and manpage cleanup.
    + Allow SNAT in the INPUT chain.
  - Changes in 5.1.11 Final
    + Update release documents.
  - Changes in 5.1.11 RC 1
    + Update versions and copyrights.
    + Clear the connection mark on forwarded IPSEC tunneled connections
    + Make TRACK_PROVIDERS=Yes the default.
  - Changes in 5.1.11 Beta 2
    + Be selective about verification of the conntrack utility when
    + DYNAMIC_BLACKLIST=ipset,disconnect...
    + Don't require shorewall to be started for 'allow' with
      ipset-based DBL.
    + Make address variables play nice with the 'clear' command.
    + Don't unconditionally enable forwarding during 'clear'.
  - Changes in 5.1.11 Beta 1
    + Allow non-root to run some 'show' commands.
    + Use synchain name in log messages rather than base chain name.
    + Assume :syn for TCP CT entries in the conntrack file and HELPER.
    + Limit depth of 'find' search when AUTOMAKE=Yes.
  - Changes in 5.1.10.2
    + Limit 'find' to depth 1.
    + Don't run find in an empty entry in $CONFIG_PATH
  - Changes in 5.1.10.1
    + Fix Shorewall-core installer for sandbox case.
    + Make /etc and /configfiles the same.
  - Changes in 5.1.10 Final
    + Add warning re wildcard and OPTIONS.
    + Correct IPv6 Universal interfaces file.
  - Changes in 5.1.10 RC 1
    + Correct ingress policing.
    + Fix Shorewall-init recompilation problem.
  - Changes in 5.1.10 Beta 2
    + Allow a protocol to be associated with a regular action.
    + Remove the PSH flag from the FIN action.
  - Changes in 5.1.10 Beta 1
    + Allow CONFIG_PATH setting to begin with ':' to allow dropping
      the first directory by non-root.
    + Correct several typos in the manpages (Roberto Sánchez).
    + Correct typo in 'dump' processing.
    + Reset all table counters during 'reset'.
  - Changes in 5.1.9 Final
    + Use logical interface names in the Sample configs.
  - Changes in 5.1.9 RC 1
    + Apply W Van den Akker's OpenWRT/Lede patches.
    + Don't verify IP and SHOREWALL_SHELL paths when compiling for
      export.
    + Support for Redfish remote console in macro.IPMI
  - Changes in 5.1.9 Beta 2
    + Merge content from 5.1.8.
  - Changes in 5.1.9 Beta 1
    + Update release documents.
    + Add TCPMSS action in the mangle file.
    + Inline the Broadcast action when ADDRTYPE match is available.
    + Support logging in the snat file.
    + Add shorewall-logging(5).
  - Changes in 5.1.8 Final
    + Correct 'delete_default_routes()'.
    + Delete default routes from 'main' when a fallback provider is
      successfully enabled.
    + Don't restore default route when a fallback provider is enabled.
    + Issue a warning when 'persistent' is used with
      RESTORE_DEFAULT_ROUTE=Yes.
    + Don't dump SPD entries for the other address family.
    + Fix 'persistent' provider issues.
    + Treat LOG_TARGET the same as all other capabilities.
    + Allow merging of rules with IPSEC policies
* Sun Nov 12 2017 bruno@ioda-net.ch
  - spec :
    + use new %_fillupdir macro with env DIRFILLUP in build
    * Redone patches *-fillup-install.patch to use ${DIRFILLUP}
    * use new %_fillupdir macro in files
    + change require perl to perl-base
    + Added conflict with firewalld
    + Refresh list of files and modules
  - Run shorewall(6) update -A to update your configurations
    Check and adapt them before restarting.
  - 5.1.8.1 release - Recommended action :
    + Update release documents
    + Make persistent routes and rules independent of 'autosrc'
    + Correct 'delete_default_routes()'
    + Delete default routes from 'main' when a fallback provider is
      successfully enabled
    + Don't restore default route when a fallback provider is enabled
    + Issue a warning when 'persistent' is used with
      RESTORE_DEFAULT_ROUTE=Yes
    + Don't dump SPD entries for the other address family
    + Fix 'persistent' provider issues
    + Treat LOG_TARGET the same as all other capabilities
    + Allow merging of rules with IPSEC policies
  - 5.1.7.2 release
    Please refer to releasenote.txt for a detailled description.
    As always use shorewall [-6] update and revise your configuration
    + Features summary
    * Module loading streamlined, shorewall [-6] update will remove
      MODULE_SUFFIX configuration
    * Check route if detect is used in gateway column (dhcpd5 has
      now binary encoded .lease)
    * DNAT and REDIRECT support in ShorewallActions
    * Docker configuration support: DOCKER-INGRESS chain.
    + Fixes summary
    * Fix shorewall-snat(5) man page example, DEST column has to be
      read eth0:+myset[dst]
    * Fix invalid vlsm to ipcalc message
    * ADD_IP_ALIASES is set to NO for ipv6 while yes for ipv4
    * Cleanup .tmp in save ipset operations.
    * Command reenable fix for persistent and non-persistent
      interfaces
    * Warn if getattr failed (SeLinux)
  - 5.1.6 release
    + Fixes summary
    * $SHAREDIR $CONFIGDIR available again
    * Fix compilation with optimize level 8
    * Be consistant with Netfilter interpretation of 'eth'='eth+'
    * RESTORE_WAIT_OPTION serialize start of ipv4/ipv6 with -w option
    * RDP macros handle also UDP part
    + Features summary
    * Sparse option (not implemented in our spec)
    * Add enable / disable runtime extension script
    * Check zone and subzone to share at least one interface
    * Runtime address and port variables
    * Iptables --wait option used for serialization
* Tue Aug 15 2017 bruno@ioda-net.ch
  - Update to bugfix release 5.1.5.2
    + Make build reproducible boo#1047218
    + Fix upgrade from 4x version : dropBcast and dropBcasts are now
      supported boo#1053650
    + Perl 5.26 support
    + Fix for BASIC_FILTERS=Yes and tcfilters
    + Fix USER/GROUP messages
    + MAC address in OUTPUT col in accounting file error is raised
      at compile time
    + Fix port number 0 or > 65535 perl execption
* Sat Aug 12 2017 olaf@aepfle.de
  - Update filename in /var/adm/update-messages to match documentation,
    and build-compare pattern
* Wed Jul 12 2017 bruno@ioda-net.ch
  - bugfix release 5.1.4.4
    A defect in 5.1.4.3 caused a startup failure when two or more
    'fallback' providers were configured. That has been corrected.
* Thu Jun 29 2017 alarrosa@suse.com
  - Fix a typo in %posttrans that would remove the wrong file and could
    cause a problem depending on the execution order of the %pretrans
    and %posttrans scripts for the shorewall and shorewall6 packages.
* Wed Jun 21 2017 bruno@ioda-net.ch
  - This stable branch 5.1x will be the new default for Leap 42.3.
    Remember that each time you have an upgrade with changes in Major
    or Major,Minor it is mandatory you upgrade your configuration
    with shorewall(6) update -a /etc/shorewall(6) command.
  - Packaging : use pretrans and posttrans to inform user about
    configuration upgrade.
  - Bugfix release 5.1.4.3. Problem Corrected:
    When running on prior-generation distributions such as RHEL6,
    IPv6 multi-ISP configurations failed to start due to an error
    such as the following:
    ERROR: Command "ip -6 -6 route replace default scope global
      table 250 nexthop via ::192.88.99.1 dev tun6to4 weight 1"
      Failed
    Such configurations now start successfully.
* Wed Jun 14 2017 bruno@ioda-net.ch
  - Bugfix and enhancement release 5.1.4.2
    complete changelog is available
    http://shorewall.net/pub/shorewall/5.1/shorewall-5.1.4/releasenotes.txt
  - Main changes
    All IPv6 standard actions have been deleted and their logic
    has been added to their IPv4 counterparts who can now handle
    both address families.
    Previously, ?error and ?require messages as well as verbose ?info
    and ?warning messages (those that report the file and line numbers)
    generated from an action file would report the action file name and
    line number rather than the file and line number where the action
    was invoked. The file and line number where the action was invoked
    were listed second. Beginning with this release, the invoking file
    and line number are listed first and the action file and line number
    are not reported. This allows for creation of clearer messages.
    IPv6 UPnP support (including MINIUPNPD) is now available.
    A PERL_HASH_SEED option has been added to allow the Perl hash seed
    to be specified.  See shorewall.conf(5) and perlsec(1) for details.
* Sat Mar 25 2017 bruno@ioda-net.ch
  - Bugfix release 5.1.3.2
    Previously, if a Shorewall Variable (e.g., @chain) was the target
    of a conditional ?RESET directive (one that was enclosed in ?if.
    ?else...?endif logic), the compiler could incorrectly use an
    existing chain created from the action rather than creating a new
    (and different) chain. That has been corrected.
    Previously, if alternate input format specified a column that had
    already been specified, the contents of that column were silently
    overwritten. Now, a warning message is issued stating that the
    prior value has been replaced by the newer value.
* Sun Mar 19 2017 bruno@ioda-net.ch
  - Update to last bugfix version 5.1.3.1
    Problems Corrected:
    There was a typo in the BLACKLIST_DEFAULT settings in the 5.1.3
    sample config files, which resulted in a compilation error.
    That typo has been corrected.
    There was also a typo in the two-interface IPv4 sample snat file;
    192.168.0.0/16 was inadvertently entered as 92.168.0.0/16. That has
    been corrected.
    Previously, when processing the policy file, 'all+' was incorrectly
    treated the same as 'all'. That has been corrected so that 'all+'
    causes intra-zone traffic to be included in the policy.
* Wed Mar 15 2017 bruno@ioda-net.ch
  - Upgrade to last stable 5.1.3
    For details see changelog.txt and releasenotes.txt containing all
    informations for a correct upgrade path.
  - Packaging Redone patches for var-fillup
    + shorewall-fillup-install.patch
    + shorewall-init-fillup-install.patch
    + shorewall-lite-fillup-install.patch
* Sun Feb 12 2017 bruno@ioda-net.ch
  - Upgrade to stable 5.1.1
    For details see changelog.txt and releasenotes.txt containing all
    informations for a correct upgrade path.
  - Packaging:
    + use proper %{} syntax
    + Adjust year copyright
    + Remove attr on sbindir symlink
    + Move Samples and Contrib to doc package
* Wed Dec 07 2016 bruno@ioda-net.ch
  - Upgrade to last stable of 5.0.x version 5.0.15
    For details see changelog.txt and releasenotes.txt containing all
    informations for a correct upgrade path.
  - Packaging :
    + Remove all non suse %if
    + Cleanup older non supported version
    + Remove upstream merged patch
    * 0001-remote_fs.patch
    * 0001-required-stop-fix.patch
    + Remove 0001-fillup-install.patch replaced by specific product
      patch for correct usage of var-fillup
    + Added patches for var-fillup when not specific %name6 is also
      supported
    * shorewall-fillup-install.patch
    * shorewall-init-fillup-install.patch
    * shorewall-lite-fillup-install.patch
    + spec-cleaner minimal
* Sun Mar 06 2016 bruno@ioda-net.ch
  - Update to last 4x bugfix version 4.6.13.4
    For details see changelog.txt and releasenotes.txt
    - 4.6.13.4
    * This release includes a couple of additional configure/install
      fixes from Matt Darfeuille.
    * The DROP command was previously rejected in the mangle file.
    That has been corrected.
    - 4.6.13.3
    * Previously, Shorewall6 rejected rules in which the SOURCE
    contained both an interface name and a MAC address (in
    Shorewall format). That defect has been corrected so that such
    rules are now accepted.
    * A number of corrections have been made to the install,
    uninstall and configure scripts (Matt Darfeuille).
    * Previously, optional interfaces were not enabled during 'start'
    and 'restart' unless there was at least one entry in the
    'providers' file.  This resulted in these interfaces not
    appearing in the output of 'shorewall[6] status -i'.
    * The check for use of a circular kernel log buffer (as opposed
    to a log file) has been improved.
    * Previously, if a circular log buffer was being used, the output
    of various commands still displayed '/var/log/messages' as the
    log file. Now, it is displayed as 'logread'.
    * When processing the 'dump' command, the CLI now uses 'netstat'
    to print socket information when the 'ss' utility is not
    installed.
    - 4.6.13.2
    * Previously, if statistical load balancing was used in the
    providers file, the default route in the main table was not
    deleted during firewall start/restart. That route is now
    correctly deleted.
    - 4.6.13.1
    * Previously, the 'reset' command would fail if chain names were
      included. Now, the command succeeds, provided that all of the
      specified chains exist in the filter table.
    * The TCP meta-connection is now supported by the Tinc macro and
      tunnel type. Previously, only the UDP data connection was
      supported.
* Tue Sep 15 2015 toganm@opensuse.org
  - Update to version 4.6.13 For more details see changelog.txt and
    realeasenotes.txt
    * The 'rules' file manpages have been corrected regarding the
      packets that are processed by rules in the NEW section.
    * Parsing of IPv6 address ranges has been corrected. Previously,
      use of ranges resulted in 'Invalid IPv6 Address' errors.
    * The shorewall6-hosts man page has been corrected to show the
      proper contents of the HOST(S) column.
    * Previously, INLINE statements in the mangle file were not
      recognized if a chain designator (:F, :P, etc.) followingowed
      INLINE(...). As a consequence, additional matches following
      a semicolon were interpreted as column/value pairs unless
      INLINE_MATCHES=Yes, resulting in compilation failure.
    * Inline matches on IP[6]TABLE rules could be ignored if
      INLINE_MATCHES=No. They are now recognized.
    * Specifying an action with a logging level in one of the
      _DEFAULT options in shorewall[6].conf
      (e.g., REJECT_DEFAULT=Reject:info) produced a compilation error:
      ERROR: Invalid value (:info) for first Reject parameter
      /usr/share/shorewall/action.Rejectect (line 52)
      That has been corrected. Note, however, that specifying logging
      with a default action tends to defeat one of the main purposes
      of default actions which is to suppress logging.
    * Previously, it was necessary to set TC_EXPERT=Yes to have full
      access to the user mark in fw marks. That has been corrected so
      that any place that a mark or mask can be specified, both the
      TC mark and the User mark are accessible.
* Tue Jul 14 2015 toganm@opensuse.org
  - Update to version 4.6.11 For more details see changelog.txt and
    releasenotes.txt
    * Previously, when the -c option was given to the 'compile'
      command, the progress message "Compiling..." was issued before
      it was determined if compilation was necessary.  Now, that message
      is suppressed when re-compilation is not required.
    * Previously, when the -c option was given to the 'compile'
      command, the 'postcompile' extension script was executed even when
      there was no (re-)compilation. Now, the 'postcompile' script is
      only invoked  when a new script is generated.
    * If CONFDIR was other than /etc, then ordinary users would not
      receive a clear error message when they attempted to execute
      one of the commands that change the firewall state.
    * Previously, IPv4 DHCP client broadcasts were blocked by the
      'rpfilter' interface option. That has been corrected.
    * The 'update' command incorrectly added the INLINE_MATCHES
      option to shorewall6.conf with a default value of 'Yes'. This
      caused 'start' to fail with invalid ip6tables rules when the alternate
      input format using ';' is used.
      Note: This last issue is not documented in the release notes
      included with the release.
* Wed Jun 17 2015 toganm@opensuse.org
  - Update to version 4.6.10.1 For more details see changelog.txt and
    releasenotes.txt
    * Indentation is now consistent in lib.core (Tuomo Soini).
    * The first problem corrected in 4.6.10 below was incomplete. It
      is now complete (Tuomo Soini).
    * Similarly, the second fix was also incomplete and is now
      completed  (Tuomo Soini).
* Thu May 07 2015 toganm@opensuse.org
  - Update to version 4.6.9 For more details see changelog.txt and
    releasenotes.txt
    * This release contains defect repair from Shorewall 4.6.8.1 and
      earlier releases.
    * The means for preventing loading of helper modules has been
      clarified in the documentation.
    * The SetEvent and ResetEvent actions previously set/reset the
      event even if the packet did not match the other specified
      columns. This has been corrected.
    * Previously, the 'show capabilities' command was ignoring the
      HELPERS setting. This resulted in unwanted modules being
      autoloaded  and, when the -f option was given, an incorrect
      capabilities file was generated.
    * Previously, when 'wait' was specified for an interface, the
      generated script erroneously checked for required interfaces on
      all commands rather than just start, restart and restore.
* Tue Apr 14 2015 toganm@opensuse.org
  - Update to version 4.6.8.1 For more details see changnlog.txt and
    releasenotes.txt
    * Previously, when servicd was installed and there were one or
      more required interfaces, the firewall would fail to start at
      boot.This has been corrected by Tuomo Soini.
    * Some startup logic in lib.cli has been deleted. A bug prevented
      the code from working as intended, so there is no loss of
      functionality resulting from deletion of the code.
* Sat Apr 04 2015 toganm@opensuse.org
  - Update to version 4.6.8 For more details see changelog.txt and
    releasenotes.txt
    * This release includes defect repair from Shorewall 4.6.6.2 and
      earlier releases.
    * Previously, when the -n option was specified and NetworkManager
      was installed on the target system, the Shorewall-init installer
      would still create
      ${DESTDIR}etc/NetworkManager/dispatcher.d/01-shorewall, regardless
      of the setting of $CONFDIR. That has been corrected such that
      the directory
      ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
      is created instead.
    * Previously, handling of the IPTABLES and IP6TABLES actions in
      the conntrack file was broken. nfw provided a fix on IRC.
    * The Shorewall-core and Shorewall6 installers would previously
      report incorrectly that the product release was not installed.
      Matt Darfeuille provided fixes.
* Fri Mar 13 2015 toganm@opensuse.org
  - Update to version 4.6.7 For more details see changelog.txt and
    releasenotes.txt
    * This release includes defect repair from Shorewall 4.6.6.2 and
      earlier releases.
    * The 'tunnels' file now supports 'tinc' tunnels.
    * Previously, the SAME action in the mangle file had a fixed
      timeout of 300 seconds (5 minutes). That action now allows
      specification of a different timeout.
    * It is now possible to add or delete addresses from an ipset
      with entries in the mangle file. The ADD and DEL actions have
      the same behavior in the mangle file as they do in the rules
      file.
  - Added systemd_version macro in anticipation of detecting the
    correct service file when systemd version is >= 214
* Sat Feb 07 2015 toganm@opensuse.org
  - Update to version 4.6.6.2 For more details see changelog.txt and
    releasenotes.txt
    * The compiler failed to parse the construct +<ipset>[n] where n is
      an integer (e.g., +bad[2]).
    * Orion Paplawski has provided a patch that adds 'ko.xz' to the
      default MODULE_SUFFIX setting. This change deals with recent
      Fedora releases where the module names now end with ".ko.xz".
      In addition to Orion's patch, the sample configurations have
      been modified to specify MODULE_SUFFIX="ko ko.xz".
* Sat Jan 24 2015 toganm@opensuse.org
  - Update to version 4.6.6.1 For more details see changelog.txt and
    releasenotes.txt
    * Previously the SAVE and RESTORE actions were erroneously disallowed
      in the INPUT chain within the mangle file.
    * The manpage descriptions of the mangle SAVE and RESTORE actions
      incorrectly required a slash (/) prior to the mask value.
    * Race conditions could previously occur between the 'start'
      command and the 'enable' and 'disable' commands.
    * The 'update' command incorrectly added the INLINE_MATCHES
      option to shorewall.conf with a default value of 'Yes'. This
      caused 'start' to fail with invalid iptables rules when the
      alternate input format using ';' is used.
    * Previously the LOCKFILE setting was not propagated to the
      generated script. So when the script was run directly, the script
      unconditionally used ${VARDIR}/lock.
* Sat Jan 17 2015 toganm@opensuse.org
  - Update to version 4.6.6 For more details see changlelog.txt and
    releasenotes.txt As there are many new features with this release
    please consult the mentioned files.
    * Previously, a line beginning with 'shell' was interpreted as a
      shell script. Now, the line must begin with 'SHELL'
      (case-sensitive).
      Note that ?SHELL and BEGIN SHELL are still case-insensitive.
* Mon Jan 12 2015 toganm@opensuse.org
  - Update to version 4.6.5.5 For more details see changelog.txt and
    releasenotes.txt
    * This release adds Tuomo Soini's fix for Shorewall-init to 4.6.5.5.
      Previously, the ifupdown scripts were looking in the wrong
      directory for the firewall script.
* Sat Jan 10 2015 toganm@opensuse.org
  - Update to version 4.6.5.4 For more details see changelog.txt and
    releasenotes.txt
    * The '-c' option of the 'dump' and 'show routing' commands is
      now documented.
    * The handling of the 'DIGEST' environmental variable has been
      corrected in the Shorewall installer. Previously, specifying
      that option would not correctly update the Chains module which
      led to a Perl compilation failure.
    * Handling of ipset names in PORT columns has been corrected.
      Previously, such usage resulted in an invalid  iptables rule
      being generated.
* Thu Dec 18 2014 toganm@opensuse.org
  - Update to version 4.6.5.3 For more details see changelog.txt and
    releasenotes.txt
    * The Shorewall-init scripts were using the incorrect
      variable to set the state directory. Correction provided by
      Roberto Sanchez.
    * For normal dynamic zones, the 'add' command failed with a
      diagnostic such as:
      ERROR: Zone ast, interface net0 does not have a dynamic host
      list
    * When a mark range was used in the marks (tcrules) file, a
      run-time error occurred while attempting to load the generated
      ruleset.
* Thu Dec 11 2014 dimstar@opensuse.org
  - Do not buildrequire openSUSE-release: it's a daily changing
    package and causes thus frequent rebuilds for no reason.
    configure and install both try to guess the target from
    /etc/os-release. So we simply inject BUILD=suse for the openSUSE
    case.
* Sun Nov 23 2014 toganm@opensuse.org
  - Update to version 4.6.5.2 For more details see changelog.txt and
    releasenotes.txt
    * LOG_BACKEND=LOG failed at run-time for all but the most recent
      kernels.
  - Changes in 4.6.5.1
    * The generated script can now detect an gateway address assigned
      by later versions of that program (Alan Barrett).
    * In 4.6.5, the bash-based configure script would issue the
      following diagnostic if SERVICEDIR was not specified in the
      shorewallrc file:
      ./configure: line 199: [SERVICEDIR]=: command not found
      This was compounded by the fact that all of the released
      shorewallrc files still specified SYSTEMDDIR rather than
      SERVICEDIR (Evangelos Foutras)
    * The shorewallrc.archlinux file now reflects a change in SBINDIR
      that occurred in Arch Linux in mid 2013 (Evangelos Foutras).
* Wed Nov 05 2014 toganm@opensuse.org
  - Update to versioin 4.6.4.3 For more details see changelog.txt and
    releasenotes.txt
    * The fix for LOG_BACKEND in 4.6.4.2 worked on some older
      distributions but not on newer ones. This release fixes the
      problem in the remaining cases.

Files

/etc/logrotate.d/shorewall6-lite
/etc/shorewall6-lite
/etc/shorewall6-lite/shorewall6-lite.conf
/usr/lib/shorewall6-lite
/usr/lib/shorewall6-lite/shorecap
/usr/lib/systemd/system/shorewall6-lite.service
/usr/sbin/rcshorewall6-lite
/usr/sbin/shorewall6-lite
/usr/share/doc/packages/shorewall6-lite
/usr/share/doc/packages/shorewall6-lite/COPYING
/usr/share/doc/packages/shorewall6-lite/changelog.txt
/usr/share/doc/packages/shorewall6-lite/releasenotes.txt
/usr/share/fillup-templates/sysconfig.shorewall6-lite
/usr/share/man/man5/shorewall6-lite-vardir.5.gz
/usr/share/man/man5/shorewall6-lite.conf.5.gz
/usr/share/man/man8/shorewall6-lite.8.gz
/usr/share/shorewall6-lite
/usr/share/shorewall6-lite/configpath
/usr/share/shorewall6-lite/functions
/usr/share/shorewall6-lite/helpers
/usr/share/shorewall6-lite/lib.base
/usr/share/shorewall6-lite/version
/var/lib/shorewall6-lite


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 11:46:52 2024