Hello community, here is the log from the commit of package shorewall for openSUSE:Factory checked in at Thu Aug 11 15:58:21 CEST 2011.
-------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /mounts/work_src_done/STABLE/shorewall/shorewall.changes 2011-06-16 09:06:17.000000000 +0200 @@ -0,0 +1,531 @@ +------------------------------------------------------------------- +Thu Jun 16 06:59:20 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.20.3. Changes in this release are + * Deprecated options have been removed from the .conf files. + They remain in the man pages. + * A simple configuration like the 'Universal' sample that includes a + single wildcard interface ('+' in the INTERFACE column) produces a + ruleset that blocks all incoming packets. + + As part of correcting this defect, which was introduced in + 4.4.20.2, one or more superfluous rules (which could never + match) have been eliminated from most configurations. + + +------------------------------------------------------------------- +Wed Jun 15 06:57:32 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.20.2 + * A defect introduced in 4.4.20 could cause the following failure at + start/restart: + + ERROR: Command "tc qdisc add dev eth0 parent 1:11 handle 1: + sfq quantum 12498 limit 127 perturb 10" failed + * The 'sfilter' interface option introduced in 4.4.20 was only + applied to forwarded traffic. Now it is also applied to traffic + addressed to the firewall itself. + * Issues with iptables-restore is corrected + * IPSEC traffic is now (correctly) excluded from sfilter. + * The following incorrect warning message has been eliminated: + + WARNING: sfilter is ineffective with FASTACCEPT=Yes + + +------------------------------------------------------------------- +Tue Jun 7 14:14:12 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.20.1 + * The address of the Free Software Foundation has been corrected in + the License files. + * The shorewall[6].conf file installed in + /usr/share/shorewall[6]/configfiles is no longer modified for use + with Shorewall[6]-lite. When creating a new configuration for a + remote forewall, two lines need to be modified in the copy + + CONFIG_PATH=/usr/share/shorewall (or shorewall6) + STARTUP_LOG=/var/log/shorewall-lite-init.log + (or shorewall6-lite-init.log) + + +------------------------------------------------------------------- +Mon Jun 6 07:30:14 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.20 + *Removed backported patches for openSUSE specific locations as + they are incorporated in upstream. + +- Changes in 4.4.20 (for more read changelog.txt and releasenotes.txt) + * Support for the AUDIT target has been added. AUDIT is a feature of + the 2.6.39 kernel and iptables 1.4.10 that allows security auditing + of access decisions. + +------------------------------------------------------------------- +Wed May 18 11:03:16 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.19.4 + * Previously, the compiler would allow a degenerate entry (only the + BAND specified) in /etc/shorewall/tcpri. Such an entry now raises a + compilation error. + * Previously, it was possible to specify tcfilters and tcrules that + classified traffic with the class-id of a non-leaf HFSC class. Such + classes are not capabable of handling packets. + Shorewall now generates a compile-time warning in this case and + ignores the entry. + + If a non-leaf class is specified as the default class, then + Shorewall now generates a compile-time error since that + configuration allows no network traffic to flow. + + * Traditionally, Shorewall has not checked for the existance of + ipsets mentioned in the configuration, potentially resulting in a + run-time start/restart failure. Now, the compiler will issue a + WARNING if: + + a) The compiler is being run by root. + b) The compilation isn't producing a script to run on a remote + system under a -lite product. + c) An ipset appearing in the configuration does not exist on the + local system. + +* As previously implemented, the 'refresh' command could fail or + could result in a ruleset other than what was intended. If there + had been changes in the ruleset since it was originally + started/restarted/restored that added or deleted sequenced chains + (chains such as ~lognnn and ~exclnnn), the resulting ruleset could + jump to the wrong such chains or could fail to 'refresh' + successfully. + + This issue has been corrected as follows. When a 'refresh' is done + and individual chains are involved, then each table that contains + both sequenced chains and one of the chains being refreshed is + refreshed in its entirety. + + For example, if 'shorwall refresh foo' is issued and the filter + table (which is the default) contains any sequenced chains, then + the entire table is reloaded. Note that this reload operation is + atomic so no packets are passed through an inconsistent + configuration. + + * When 'shorewall6 refresh' was run previously, a harmless + 'ip6tables: Chain exists' message was generated. + +- Reworked backported patches so shorewall still uses openSUSE specific + locations +- Fix the zone definitions in shorewall6/Samples6/zones examples + +------------------------------------------------------------------- +Wed May 11 16:17:38 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.19.3 + * incompatibility with gawk has been corrected + * Previously, an entry in the USER/GROUP column in the rules and + tcrules files could cause run-time start/restart failures if the + rule(s) being added did not have the firewall as the source (rules + file) and were not being added to the POSTROUTING chain (:T + designator in the tcrules file). This error is now caught by + the compiler. + * Shorewall now insures that a route to a default gateway exists in + the main table before it attempts to add a default route through + that gateway in a provider table. This prevents start/restart + failures in the rare event that such a route does not exist. + * CLASSIFY TC rules can apply to traffic exiting only the interface + associated with the class-id specified in the first column. + + * Fixes start of shorewall6 (bnc#693162) + +------------------------------------------------------------------- +Fri May 6 08:03:49 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.19.2 For more details see changelog.txt and + releasenotes.txt + + * In Shorewall-shell, there was the ability to specify IPSET names in + the ORIGINAL DEST column of DNAT and REDIRECT rules. That ability, + inadvertently dropped in Shorewall-perl, has been restored + * Several problems with complex TC have been corrected: + * Double exclusion involving ipset lists was previously not detected, + resulting in anomalous behavior. +------------------------------------------------------------------- +Mon Apr 18 09:42:37 UTC 2011 - tog...@opensuse.org + +- Update to 4.4.19.1 + * Eliminate silly duplicate rule when stopped. + * Don't believe that all nexthop routes are default routes. + * Restore :<low port>-<high port> in masq file. + * Correct default route safe/restore. + +- backported paths related patches from git as they are in mainstream + now +------------------------------------------------------------------- +Wed Apr 13 17:23:31 UTC 2011 - tog...@opensuse.org + +- Shorewall packages have their openSUSE specific locations now + + * Executable files in /usr/lib/shorewall*. These include; + + getparams + compiler.pl + wait4ifup + shorecap + ifupdown + + * Perl Modules in /usr/lib/perl5/vendor_perl/PERL_VERSION/Shorewall. + +- Updated to 4.4.19 (for more info please consult changelog.txt and + releasenotes.txt) + +* Corrected a problem in optimize level 4 that resulted in the following + compile-time failure + Can't use an undefined value as an ARRAY reference at + /usr/share/shorewall/Shorewall/Chains.pm line 862. + + * If a DNAT or REDIRECT rule applied to a source zone with an interface + defined with 'physical=+', then the nat table 'dnat' chain might have + been created but not referenced. This prevented the DNAT or REDIRECT + rule from working correctly. + + * Previously, if a variable set in /etc/shorewall/params was given a value + containing shell metacharacters, then the compiled script would contain + syntax errors. + + * The pathname of the 'conntrack' binary was erroneously printed in the + output of 'shorewall6 show connections'. + + * Correct a problem whereby incorrect Netfilter rules were generated when + a bridge with ports was given a logical name. + ++++ 334 more lines (skipped) ++++ between /dev/null ++++ and /mounts/work_src_done/STABLE/shorewall/shorewall.changes calling whatdependson for head-i586 New: ---- README.openSUSE init-4.4.14.patch install-4.4.14.patch shorewall-4.4.14.rpmlintrc shorewall-4.4.20.3.tar.bz2 shorewall-docs-html-4.4.20.3.tar.bz2 shorewall-init-4.4.14.init.patch shorewall-init-4.4.20.3.tar.bz2 shorewall-lite-4.4.14.init.patch shorewall-lite-4.4.20.3.tar.bz2 shorewall.changes shorewall.spec shorewall6-4.4.20.3.tar.bz2 shorewall6-init-4.4.14.patch shorewall6-lite-4.4.14.init.patch shorewall6-lite-4.4.20.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shorewall.spec ++++++ # # spec file for package shorewall # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: shorewall Version: 4.4.20.3 Release: 1 License: GPL-2.0 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems Url: http://www.shorewall.net/ Group: Productivity/Networking/Security Source0: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-%version.tar.bz2 Source1: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-lite-%version.tar.bz2 Source2: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-init-%version.tar.bz2 Source3: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%{name}6-lite-%version.tar.bz2 Source4: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%{name}6-%version.tar.bz2 Source5: http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-docs-html-%version.tar.bz2 Source6: %name-4.4.14.rpmlintrc Source7: README.openSUSE # PATCH-FIX-UPSTREAM init-4.4.14 tog...@opensuse.org -- Required-Stop and Short descriprtion Patch0: init-4.4.14.patch # PATCH-FIX-UPSTREAM shorewall-lite-4.4.14.init.patch tog...@opensuse.org Required-Stop and Short descriprtion Patch1: shorewall-lite-4.4.14.init.patch # PATCH-FIX-UPSTREAM shorewall6-init-4.4.14.patch tog...@opensuse.org Required-Stop and Short descriprtion Patch2: shorewall6-init-4.4.14.patch # PATCH-FIX-UPSTREAM shorewall6-lite-4.4.14.init.patch tog...@opensuse.org Required-Stop and Short descriprtion Patch3: shorewall6-lite-4.4.14.init.patch # PATCH-FIX-UPSTREAM shorewall-init-4.4.14.init.patch tog...@opensuse.org added reload which is start actually Patch4: shorewall-init-4.4.14.init.patch # PATCH-FIX-OPENSUSE install-4.4.14.patch tog...@opensuse.org -- use of fillup template Patch5: install-4.4.14.patch PreReq: %fillup_prereq PreReq: %insserv_prereq Requires: xtables-addons Requires: iproute2 Requires: iptables %if 0%{?suse_version} < 1140 Requires: perl = %{perl_version} %else %{perl_requires} %endif Requires: logrotate BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch Conflicts: SuSEfirewall2 %description The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package lite Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems Group: Productivity/Networking/Security PreReq: %fillup_prereq PreReq: %insserv_prereq Requires: bc Requires: iproute2 Requires: iptables Requires: logrotate Conflicts: SuSEfirewall2 %description lite The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. Shorewall Lite is a companion product to Shorewall that allows network administrators to centralize the configuration of Shorewall-based firewalls. %package -n %{name}6 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems PreReq: %fillup_prereq PreReq: %insserv_prereq Requires: logrotate Conflicts: SuSEfirewall2 Group: Productivity/Networking/Security %description -n %{name}6 The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter (ip6tables) based IPv6 firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. %package -n %{name}6-lite Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems PreReq: %fillup_prereq PreReq: %insserv_prereq Requires: logrotate Conflicts: SuSEfirewall2 Group: Productivity/Networking/Security %description -n %{name}6-lite The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter (ip6tables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. Shorewall6 Lite is a companion product to Shorewall6 that allows network administrators to centralize the configuration of Shorewall6-based firewalls. %package init Summary: Adds functionality to Shoreline Firewall (Shorewall) PreReq: %fillup_prereq PreReq: %insserv_prereq Requires: logrotate Requires: %name > 4.4.9 Requires: %{name}6 > 4.4.9 Group: Productivity/Networking/Security %description init The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter (iptables) based firewall that can be used on a dedicated firewall system, a multi-function gateway/ router/server or on a standalone GNU/Linux system. Shorewall Init is a companion product to Shorewall that allows for tigher control of connections during boot and that integrates Shorewall with ifup/ifdown and NetworkManager. %package docs Summary: HTML documentation for shorewall configuration Group: Documentation/Other License: FDLv1.2+ %description docs HTML documentation for the Shoreline Firewall. Highly recommend to read before starting to configure shorewall %prep %setup -q -c -a1 -a2 -a3 -a4 -a5 # apply patches to shorewall pushd %name-%version %patch0 popd # apply patches to shorewall-lite pushd %name-lite-%version %patch1 popd # apply patches to shorewall6 pushd %{name}6-%version %patch2 popd # apply patches to shorewall-lite pushd %{name}6-lite-%version %patch3 popd # apply patches to shorewall-lite pushd %name-init-%version %patch4 %patch5 popd chmod -x %name-docs-html-%version/images/*.png chmod -x %{name}6-%version/tunnel chmod -x %{name}6-%version/ipv6 chmod -x %name-%version/Contrib/swping.init chmod -x %name-%version/Contrib/tunnel cp %{S:7} %name-%version/. %build %install export LIBEXEC=%_libexecdir ;\ export PERLLIB=%perl_vendorlib ;\ export OWNER="root" ; \ export GROUP="root" pushd %name-%version PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh popd pushd %name-lite-%version PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh popd pushd %{name}6-%version PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh popd pushd %{name}6-lite-%version PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh popd pushd %name-init-%version PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh popd %clean rm -rf %buildroot %post %{fillup_and_insserv -f %name} %preun %{stop_on_removal %name} rm -f %_sysconfdir/%name/startup_disabled %postun %restart_on_update %name %insserv_cleanup %stop_on_removal %post -n %{name}6 %{fillup_and_insserv -f %{name}6} %preun -n %{name}6 %{stop_on_removal %{name}6} rm -f %_sysconfdir/%name/startup_disabled %postun -n %{name}6 %restart_on_update %{name}6 %insserv_cleanup %stop_on_removal %post -n %name-lite %{fillup_and_insserv -f %name-lite} %preun -n %name-lite %{stop_on_removal %name-lite} rm -f %_sysconfdir/%name/startup_disabled %postun -n %name-lite %restart_on_update %name-lite %insserv_cleanup %stop_on_removal %post -n %{name}6-lite %{fillup_and_insserv -f %{name}6-lite} %preun -n %{name}6-lite %{stop_on_removal %{name}6-lite} rm -f %_sysconfdir/%name/startup_disabled %postun -n %{name}6-lite %restart_on_update %{name}6-lite %insserv_cleanup %stop_on_removal %post init %{fillup_and_insserv -n %name-init} cp -pf %_libexecdir/%name-init/ifupdown %_sysconfdir/sysconfig/network/scripts/%name ln -sf %_sysconfdir/sysconfig/network/scripts/%name %_sysconfdir/sysconfig/network/if-up.d/%name ln -sf %_sysconfdir/sysconfig/network/scripts/%name %_sysconfdir/sysconfig/network/if-down.d/%name if [ -d %_sysconfdir/NetworkManager/dispatcher.d/ ]; then cp -pf %_libexecdir/%name-init/ifupdown %_sysconfdir/NetworkManager/dispatcher.d/01-%name fi %postun init %restart_on_update %name-init %insserv_cleanup %stop_on_removal %preun init %{stop_on_removal %name-init} rm -f %_sysconfdir/NetworkManager/dispatcher.d/01-%name %files %defattr(-,root,root,-) %attr(0544,root,root) %_initddir/%name %dir %_sysconfdir/%name %dir %_datadir/%name %dir %_libexecdir/%name %dir %_datadir/%name/configfiles %dir %_datadir/%name/Shorewall %attr(0700,root,root) %dir %{_localstatedir}/lib/%name %config(noreplace) %_sysconfdir/%name/* %config(noreplace) %_sysconfdir/logrotate.d/%name %attr(0755,root,root) /sbin/%name %_datadir/%name/version %_datadir/%name/actions.std %_datadir/%name/action.Drop %_datadir/%name/action.Reject %_datadir/%name/action.template %_datadir/%name/action.A_Drop %_datadir/%name/action.A_Reject %attr(- ,root,root) %_datadir/%name/functions %_datadir/%name/lib.* %_datadir/%name/macro.* %_datadir/%name/modules %_datadir/%name/modules.* %_datadir/%name/helpers %_datadir/%name/configpath %_libexecdir/%name/getparams %attr(0755,root,root) %_libexecdir/%name/wait4ifup %attr(755,root,root) %_libexecdir/%name/compiler.pl %_datadir/%name/prog.* %dir %perl_vendorlib/Shorewall %perl_vendorlib/Shorewall/*.pm %_datadir/%name/configfiles/* %_mandir/man5/%name-[a-k,m-z]*.5* %_mandir/man5/%name.conf.5* %_mandir/man8/%name.8* %doc %name-%version/COPYING %doc %name-%version/INSTALL %doc %name-%version/changelog.txt %doc %name-%version/releasenotes.txt %doc %name-%version/Contrib/* %doc %name-%version/Samples %doc %name-%version/README.openSUSE %files lite %defattr(-,root,root,-) %dir %_sysconfdir/%name-lite %config(noreplace) %_sysconfdir/%name-lite/%name-lite.conf %config %_sysconfdir/%name-lite/Makefile %attr(0544,root,root) %_initddir/%name-lite %dir %_datadir/%name-lite %dir %_libexecdir/%name-lite %attr(0700,root,root) %dir %{_localstatedir}/lib/%name-lite %config(noreplace) %_sysconfdir/logrotate.d/%name-lite %attr(0755,root,root) /sbin/%name-lite %_datadir/%name-lite/version %_datadir/%name-lite/configpath %attr(- ,root,root) %_datadir/%name-lite/functions %_datadir/%name-lite/lib.* %_datadir/%name-lite/modules %_datadir/%name-lite/modules.* %_datadir/%name-lite/helpers %attr(0544,root,root) %_libexecdir/%name-lite/shorecap %attr(0755,root,root) %_libexecdir/%name-lite/wait4ifup %_mandir/man5/%name-lite*.5* %_mandir/man8/%name-lite.8.* %doc %name-lite-%version/COPYING %doc %name-lite-%version/changelog.txt %doc %name-lite-%version/releasenotes.txt %files -n %{name}6 %defattr(-,root,root,-) %attr(0544,root,root) %_initddir/%{name}6 %dir %_sysconfdir/%{name}6 %dir %_datadir/%{name}6 %dir %_libexecdir/%{name}6 %dir %_datadir/%{name}6/configfiles %attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6 %config(noreplace) %_sysconfdir/%{name}6/* %attr(0600,root,root) %config %_sysconfdir/%{name}6/Makefile %config(noreplace) %_sysconfdir/logrotate.d/%{name}6 %attr(0755,root,root) /sbin/%{name}6 %_datadir/%{name}6/version %_datadir/%{name}6/actions.std %_datadir/%{name}6/action.AllowICMPs %_datadir/%{name}6/action.Drop %_datadir/%{name}6/action.Reject %_datadir/%{name}6/action.template %_datadir/%{name}6/action.A_Drop %_datadir/%{name}6/action.A_Reject %_datadir/%{name}6/action.A_AllowICMPs %attr(- ,root,root) %_datadir/%{name}6/functions %_datadir/%{name}6/lib.* %_datadir/%{name}6/macro.* %_datadir/%{name}6/modules %_datadir/%{name}6/modules.* %_datadir/%{name}6/helpers %_datadir/%{name}6/configpath %attr(0755,root,root) %_libexecdir/%{name}6/wait4ifup %_datadir/%{name}6/configfiles/* %_mandir/man5/%{name}6-[a-k,m-z]*.5* %_mandir/man5/%{name}6.conf.5* %_mandir/man8/%{name}6.8* %doc %{name}6-%version/COPYING %doc %{name}6-%version/INSTALL %doc %{name}6-%version/changelog.txt %doc %{name}6-%version/releasenotes.txt %doc %{name}6-%version/tunnel %doc %{name}6-%version/ipsecvpn %doc %{name}6-%version/ipv6 %doc %{name}6-%version/Samples6 %files -n %{name}6-lite %defattr(-,root,root,-) %_mandir/man5/%{name}6-lite*.5* %_mandir/man8/%{name}6-lite.8* %doc %{name}6-lite-%version/COPYING %doc %{name}6-lite-%version/changelog.txt %doc %{name}6-lite-%version/releasenotes.txt %dir %_sysconfdir/%{name}6-lite %config(noreplace) %_sysconfdir/%{name}6-lite/%{name}6-lite.conf %config %_sysconfdir/%{name}6-lite/Makefile %attr(0544,root,root) %_initddir/%{name}6-lite %dir %_datadir/%{name}6-lite %dir %_libexecdir/%{name}6-lite %attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6-lite %config(noreplace) %_sysconfdir/logrotate.d/%{name}6-lite %attr(0755,root,root) /sbin/%{name}6-lite %_datadir/%{name}6-lite/version %_datadir/%{name}6-lite/configpath %attr(- ,root,root) %_datadir/%{name}6-lite/functions %_datadir/%{name}6-lite/lib.base %_datadir/%{name}6-lite/lib.cli %_datadir/%{name}6-lite/lib.common %_datadir/%{name}6-lite/modules %_datadir/%{name}6-lite/modules.* %_datadir/%{name}6-lite/helpers %attr(0544,root,root) %_libexecdir/%{name}6-lite/shorecap %attr(0755,root,root) %_libexecdir/%{name}6-lite/wait4ifup %files init %defattr(-,root,root,-) %_localstatedir/adm/fillup-templates/sysconfig.%name-init %attr(0544,root,root) %config(noreplace) %_sysconfdir/init.d/%name-init %dir %_datadir/%name-init %dir %_libexecdir/%name-init %ghost %dir %_sysconfdir/NetworkManager %ghost %dir %_sysconfdir/NetworkManager/dispatcher.d %ghost %attr(0755,root,root) %_sysconfdir/NetworkManager/dispatcher.d/01-%name %_datadir/%name-init/version %attr(0544,root,root) %_libexecdir/%name-init/ifupdown %_mandir/man8/%name-init.8* %doc %name-init-%version/COPYING %doc %name-init-%version/changelog.txt %doc %name-init-%version/releasenotes.txt %files docs %defattr(-,root,root,-) %doc %name-docs-html-%version/* %changelog ++++++ README.openSUSE ++++++ WARNING ======== Some openSUSE packages include a service file for ease of the SuSEfirewall2 configuration and opening the necessary ports. You have to open the required ports yourself using the Shorewall configuration files. SuSEfirewall2 is integrated with Yast so configuration can be done via a GUI. This is not the case for Shorewall. Enabling Firewall in /etc/sysconfig/network/config or in individual ifcfg-xxx files is not enough. /etc/sysconfig/shorewall should be configured. As the shorewall web page states "Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, check out alternatives." Now that you are warned remember to have fun ++++++ init-4.4.14.patch ++++++ --- init.sh.orig +++ init.sh @@ -1,5 +1,4 @@ #!/bin/sh -RCDLINKS="2,S41 3,S41 6,K41" # # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.2 # @@ -41,13 +40,14 @@ RCDLINKS="2,S41 3,S41 6,K41" # description: Packet filtering firewall ### BEGIN INIT INFO -# Provides: shorewall -# Required-Start: $local_fs $remote_fs $syslog -# Should-Start: VMware $time $named -# Required-Stop: -# Default-Start: 2 3 5 -# Default-Stop: 0 1 6 -# Description: starts and stops the shorewall firewall +# Provides: shorewall +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 5 +# Default-Stop: 0 6 +# Short-Description: Configure the firewall at boot time +# Description: Configure the firewall according to the rules specified in +# /etc/shorewall ### END INIT INFO ################################################################################ ++++++ install-4.4.14.patch ++++++ --- install.sh.orig +++ install.sh @@ -250,9 +250,10 @@ else fi fi - if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then - install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644 - fi +# if [ -d ${DESTDIR}/etc/sysconfig -a ! -f ${DESTDIR}/etc/sysconfig/shorewall-init ]; then + mkdir -p ${DESTDIR}/var/adm/fillup-templates + install_file sysconfig ${DESTDIR}/var/adm/fillup-templates/sysconfig.shorewall-init 0644 +# fi fi # ++++++ shorewall-4.4.14.rpmlintrc ++++++ addFilter("non-executable-script /usr/share/shorewall/prog.header*") addFilter("non-executable-script /usr/share/shorewall/lib.*") addFilter("non-executable-script /usr/share/shorewall6/lib.*") addFilter("non-executable-script /usr/share/shorewall-lite/lib.*") addFilter("non-executable-script /usr/share/shorewall6-lite/lib.*") addFilter("non-executable-script /etc/shorewall/scfilter") addFilter("non-executable-script /etc/shorewall6/scfilter") addFilter("non-executable-script /usr/share/shorewall/configfiles/scfilter") addFilter("non-executable-script /usr/share/shorewall6/configfiles/scfilter") addFilter("files-duplicate /usr/share/shorewall6/configfiles/scfilter") addFilter("script-without-shebang /etc/shorewall-lite/shorewall-lite.conf") addFilter("script-without-shebang /etc/shorewall6-lite/shorewall6-lite.conf") addFilter("perl5-naming-policy-not-applied") ++++++ shorewall-init-4.4.14.init.patch ++++++ --- init.sh.orig +++ init.sh @@ -26,10 +26,10 @@ # ### BEGIN INIT INFO # Provides: shorewall-init -# Required-start: $local_fs -# Required-stop: $local_fs +# Required-Start: $local_fs +# Required-Stop: $local_fs # Default-Start: 2 3 5 -# Default-Stop: +# Default-Stop: 0 1 2 6 # Short-Description: Initialize the firewall at boot time # Description: Place the firewall in a safe state at boot time # prior to bringing up the network. @@ -90,14 +90,14 @@ shorewall_stop () { } case "$1" in - start) + start|reload) shorewall_start ;; stop) shorewall_stop ;; *) - echo "Usage: /etc/init.d/shorewall-init {start|stop}" + echo "Usage: /etc/init.d/shorewall-init {start|stop|reload}" exit 1 esac ++++++ shorewall-lite-4.4.14.init.patch ++++++ --- init.sh.orig +++ init.sh @@ -1,5 +1,5 @@ #!/bin/sh -RCDLINKS="2,S41 3,S41 6,K41" +# RCDLINKS="2,S41 3,S41 6,K41" # # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1 # @@ -43,10 +43,11 @@ RCDLINKS="2,S41 3,S41 6,K41" ### BEGIN INIT INFO # Provides: shorewall-lite # Required-Start: $network -# Required-Stop: +# Required-Stop: $null # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: starts and stops the shorewall firewall +# Short-Description: Packet filtering firewall ### END INIT INFO ################################################################################ ++++++ shorewall6-init-4.4.14.patch ++++++ --- init.sh.orig +++ init.sh @@ -1,5 +1,5 @@ #!/bin/sh -RCDLINKS="2,S41 3,S41 6,K41" +#RCDLINKS="2,S41 3,S41 6,K41" # # The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.2 # @@ -44,10 +44,12 @@ RCDLINKS="2,S41 3,S41 6,K41" # Provides: shorewall6 # Required-Start: $local_fs $remote_fs $syslog # Should-Start: VMware $time $named -# Required-Stop: +# Should-Stop: $null +# Required-Stop: $null # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: starts and stops the shorewall6 firewall +# Short-Description: Packet filtering firewall ### END INIT INFO ################################################################################ ++++++ shorewall6-lite-4.4.14.init.patch ++++++ --- init.sh.orig +++ init.sh @@ -1,5 +1,5 @@ #!/bin/sh -RCDLINKS="2,S41 3,S41 6,K41" +#RCDLINKS="2,S41 3,S41 6,K41" # # The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1 # @@ -43,10 +43,11 @@ RCDLINKS="2,S41 3,S41 6,K41" ### BEGIN INIT INFO # Provides: shorewall6-lite # Required-Start: $network -# Required-Stop: +# Required-Stop: $null # Default-Start: 2 3 5 # Default-Stop: 0 1 6 # Description: starts and stops the shorewall firewall +# Short-Description: Packet filtering firewall ### END INIT INFO ################################################################################ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org