Your message dated Fri, 25 Mar 2005 15:50:43 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299747: fixed in shorewall 2.2.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Mar 2005 05:10:38 +0000
>From [EMAIL PROTECTED] Tue Mar 15 21:10:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp803.mail.sc5.yahoo.com [66.163.168.182]
by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
id 1DBQnl-0006hO-00; Tue, 15 Mar 2005 21:10:37 -0800
Received: from unknown (HELO ?192.168.0.2?) ([EMAIL PROTECTED]@66.73.174.249
with plain)
by smtp803.mail.sc5.yahoo.com with SMTP; 16 Mar 2005 05:10:37 -0000
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 15 Mar 2005 23:10:33 -0600
From: FX <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: New upstream version 2.2.2
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
package: shorewall
New upstream version 2.2.2 is available.
Problems corrected in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
ranges (assuming that your iptables and kernel support ranges).
2) If A is a user-defined action and you have file /etc/shorewall/A
then when that file is invoked, the $TAG value may be incorrect.
3) Previously, if an iptables command generating a logging rule
failed, the Shorewall [re]start was still successful. This error
is now considered fatal and Shorewall will be either restored from
the last save (if any) or it will be stopped.
4) The port numbers for UDP and TCP were previously reversed in the
/usr/share/shorewall/action.AllowPCA file.
5) Previously, the 'install.sh' script did not update the
/usr/share/shorewall/action.* files.
6) Previously, when an interface name appeared in the DEST column of
/etc/shorewall/tcrules, the name was not validated against the set
of defined interfaces and bridge ports.
-----------------------------------------------------------------------
New Features in version 2.2.2
1) The SOURCE column in the /etc/shorewall/tcrules file now allows $FW
to be optionally followed by ":" and a host/network address or
address range.
2) Shorewall now clears the output device only if it is a
terminal. This avoids ugly control sequences being placed in files
when /sbin/shorewall output is redirected.
3) The output from 'arp -na' has been added to the 'shorewall status'
display.
4) The 2.6.11 Linux kernel and iptables 1.3.0 now allow port ranges
to appear in port lists handled by "multiport match". If Shorewall
detects this capability, it will use "multiport match" for port
lists containing port ranges. Be cautioned that each port range
counts for TWO ports and a port list handled with "multiport match"
can still specify a maximum of 15 ports.
As always, if a port list in /etc/shorewall/rules is incompatible
with "multiport match", a separate iptables rule will be generated
for each element in the list.
5) Traditionally, the RETURN target in the 'rfc1918' file has caused
'norfc1918' processing to cease for a packet if the packet's source
IP address matches the rule. Thus, if you have:
SUBNETS TARGET
192.168.1.0/24 RETURN
then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even
though you also have:
SUBNETS TARGET
10.0.0.0/8 logdrop
Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic
to be logged and dropped since while the packet's source matches the
RETURN rule, the packet's destination matches the 'logdrop' rule.
If not specified or specified as empty (e.g., RFC1918_STRICT="")
then RFC1918_STRICT=No is assumed.
WARNING: RFC1918_STRICT=Yes requires that your kernel and iptables
support 'Connection Tracking' match.
---------------------------------------
Received: (at 299747-close) by bugs.debian.org; 25 Mar 2005 20:53:43 +0000
>From [EMAIL PROTECTED] Fri Mar 25 12:53:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DEvoM-0005CY-00; Fri, 25 Mar 2005 12:53:42 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DEvlT-0003G9-00; Fri, 25 Mar 2005 15:50:43 -0500
From: Lorenzo Martignoni <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299747: fixed in shorewall 2.2.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 25 Mar 2005 15:50:43 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: shorewall
Source-Version: 2.2.2-1
We believe that the bug you reported is fixed in the latest version of
shorewall, which is due to be installed in the Debian FTP archive:
shorewall_2.2.2-1.diff.gz
to pool/main/s/shorewall/shorewall_2.2.2-1.diff.gz
shorewall_2.2.2-1.dsc
to pool/main/s/shorewall/shorewall_2.2.2-1.dsc
shorewall_2.2.2-1_all.deb
to pool/main/s/shorewall/shorewall_2.2.2-1_all.deb
shorewall_2.2.2.orig.tar.gz
to pool/main/s/shorewall/shorewall_2.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lorenzo Martignoni <[EMAIL PROTECTED]> (supplier of updated shorewall package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 17 Mar 2005 10:08:33 +0100
Source: shorewall
Binary: shorewall
Architecture: source all
Version: 2.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Lorenzo Martignoni <[EMAIL PROTECTED]>
Changed-By: Lorenzo Martignoni <[EMAIL PROTECTED]>
Description:
shorewall - Shoreline Firewall (Shorewall)
Closes: 270338 298266 299747
Changes:
shorewall (2.2.2-1) unstable; urgency=low
.
* New upstream release (closes: #299747)
* Added debconf french translation (closes: #298266)
* As suggested by [EMAIL PROTECTED] default shorewall configuration,
shipped in /usr/share/doc/shorewall/default-config, are not yet
compressed to avoid confusion (previously some were compressed and
others were not) (closes: #270338)
Files:
89ad99c549c812ebb1063db3e60f7fd2 656 net optional shorewall_2.2.2-1.dsc
eb0ad1ad0867299e372e7f2522092751 124958 net optional
shorewall_2.2.2.orig.tar.gz
f8f894aafe328310278753090f193764 31467 net optional shorewall_2.2.2-1.diff.gz
ddb0bc671eef90b977215f8165126ad6 147950 net optional shorewall_2.2.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCRHX7StlRaw+TLJwRAnO/AKCRizjrDIEYsrWHNuX9B94AKqTcxACeMajU
1TOcN1E5qpKxqBXJk4YhVaw=
=35wA
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
