- Update to version 4.6.8 For more details see changelog.txt and
  releasenotes.txt
  * This release includes defect repair from Shorewall 4.6.6.2 and
    earlier releases.
  * Previously, when the -n option was specified and NetworkManager
    was installed on the target system, the Shorewall-init installer
    would still create
    ${DESTDIR}etc/NetworkManager/dispatcher.d/01-shorewall, regardless
    of the setting of $CONFDIR. That has been corrected such that
    the directory
    ${DESTDIR}${CONFDIR}/NetworkManager/dispatcher.d/01-shorewall
    is created instead.
  * Previously, handling of the IPTABLES and IP6TABLES actions in
    the conntrack file was broken. nfw provided a fix on IRC.
  * The Shorewall-core and Shorewall6 installers would previously
    report incorrectly that the product release was not installed.
    Matt Darfeuille provided fixes. (forwarded request 294498 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.7 For more details see changelog.txt and
  releasenotes.txt
  * This release includes defect repair from Shorewall 4.6.6.2 and
    earlier releases.
  * The 'tunnels' file now supports 'tinc' tunnels.
  * Previously, the SAME action in the mangle file had a fixed
    timeout of 300 seconds (5 minutes). That action now allows
    specification of a different timeout.
  * It is now possible to add or delete addresses from an ipset
    with entries in the mangle file. The ADD and DEL actions have
    the same behavior in the mangle file as they do in the rules
    file. 
- Added systemd_version macro in anticipation of detecting the
  correct service file when systemd version is >= 214 (forwarded request 290980 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.6.2 For more details see changelog.txt and
  releasenotes.txt
  * The compiler failed to parse the construct +<ipset>[n] where n is
    an integer (e.g., +bad[2]).
  * Orion Paplawski has provided a patch that adds 'ko.xz' to the
    default MODULE_SUFFIX setting. This change deals with recent
    Fedora releases where the module names now end with ".ko.xz".
    In addition to Orion's patch, the sample configurations have
    been modified to specify MODULE_SUFFIX="ko ko.xz". (forwarded request 284604 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.6.1 For more details see changelog.txt and
  releasenotes.txt
  * Previously the SAVE and RESTORE actions were erroneously disallowed
    in the INPUT chain within the mangle file.
  * The manpage descriptions of the mangle SAVE and RESTORE actions
    incorrectly required a slash (/) prior to the mask value.
  * Race conditions could previously occur between the 'start'
    command and the 'enable' and 'disable' commands.
  * The 'update' command incorrectly added the INLINE_MATCHES
    option to shorewall.conf with a default value of 'Yes'. This
    caused 'start' to fail with invalid iptables rules when the
    alternate input format using ';' is used.
  * Previously the LOCKFILE setting was not propagated to the
    generated script. So when the script was run directly, the script
    unconditionally used ${VARDIR}/lock. (forwarded request 282633 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.6 For more details see changlelog.txt and
  releasenotes.txt As there are many new features with this release
  please consult the mentioned files.
  * Previously, a line beginning with 'shell' was interpreted as a
    shell script. Now, the line must begin with 'SHELL'
    (case-sensitive).
    Note that ?SHELL and BEGIN SHELL are still case-insensitive. (forwarded request 281596 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.5.5 For more details see changelog.txt and
  releasenotes.txt
  * This release adds Tuomo Soini's fix for Shorewall-init to 4.6.5.5.
    Previously, the ifupdown scripts were looking in the wrong
    directory for the firewall script. (forwarded request 280859 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.5.4 For more details see changelog.txt and
  releasenotes.txt
  * The '-c' option of the 'dump' and 'show routing' commands is
    now documented.
  * The handling of the 'DIGEST' environmental variable has been
    corrected in the Shorewall installer. Previously, specifying
    that option would not correctly update the Chains module which
    led to a Perl compilation failure.
  * Handling of ipset names in PORT columns has been corrected.
    Previously, such usage resulted in an invalid  iptables rule
    being generated. (forwarded request 280758 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.5.3 For more details see changelog.txt and
  releasenotes.txt
  * The Shorewall-init scripts were using the incorrect
    variable to set the state directory. Correction provided by
    Roberto Sanchez.
  * For normal dynamic zones, the 'add' command failed with a
    diagnostic such as:
      ERROR: Zone ast, interface net0 does not have a dynamic host
      list
  * When a mark range was used in the marks (tcrules) file, a
    run-time error occurred while attempting to load the generated
     ruleset. (forwarded request 265683 from toganm)

• Files Changed
• Browse Source

- Do not buildrequire openSUSE-release: it's a daily changing
  package and causes thus frequent rebuilds for no reason.
  configure and install both try to guess the target from
  /etc/os-release. So we simply inject BUILD=suse for the openSUSE
  case. (forwarded request 264937 from dimstar)

• Files Changed
• Browse Source

- Update to version 4.6.5.2 For more details see changelog.txt and
  releasenotes.txt
  * LOG_BACKEND=LOG failed at run-time for all but the most recent
    kernels.
- Changes in 4.6.5.1
  * The generated script can now detect an gateway address assigned
    by later versions of that program (Alan Barrett).
  * In 4.6.5, the bash-based configure script would issue the
    following diagnostic if SERVICEDIR was not specified in the
    shorewallrc file:
      ./configure: line 199: [SERVICEDIR]=: command not found
    This was compounded by the fact that all of the released
    shorewallrc files still specified SYSTEMDDIR rather than
    SERVICEDIR (Evangelos Foutras)
  * The shorewallrc.archlinux file now reflects a change in SBINDIR
    that occurred in Arch Linux in mid 2013 (Evangelos Foutras). (forwarded request 262800 from toganm)

• Files Changed
• Browse Source

- Update to versioin 4.6.4.3 For more details see changelog.txt and
  releasenotes.txt
  
  * The fix for LOG_BACKEND in 4.6.4.2 worked on some older
    distributions but not on newer ones. This release fixes the
    problem in the remaining cases. (forwarded request 259741 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.3.4 For more details see changelog.txt and
  releasenotes.txt
  * The 'Universal' configurations previously failed to start with
    the diagnostic
      ERROR: No network interface available: Firewall state not
      changed
   * A defect introduced in 4.6.3 prevented Shorewall-init from
     starting when required interfaces were present.
   * Some defect repair from 4.6.2.5 was inadvertently omitted from
     4.6.3. In particular, the fix for Shorewall-init on systems
     running  systemd was omitted. Those fixes have now been merged
     into this release. (forwarded request 250656 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.3.3 For more details see changelog.txt and
  releasenotes.txt
  * Including a PREROUTING SECTION in the accounting file
    unconditionally resulted in a fatal error:
    ERROR: The PREROUTING SECTION is not allowed when
           ACCOUNTING_TABLE=filter
  * Previously, the compiler could generate many superfluous rules
    to enforce the 'tcpflags', 'nosmurfs' and 'maclist' interface
    options. (forwarded request 249073 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.3.2 For more details see changelog.txt and
  releasenotes.txt
  * The shorewall[6]-actions manpages previously contained incorrect
    examples of the usage of table names with builtin actions.
    Incorrect:
    FOOBAR,filter,mangle
    Correct:
    FOOBAR   builtin,filters,mangle
  * Previously, if /etc/iproute2/rt_tables was not writeable, then
    KEEP_RT_TABLES=No behaved like KEEP_RT_TABLES=Yes. Now, a
    warning  message is issued if that file is not writeable and
    KEEP_RT_TABLES is set to No.
    WARNING: /etc/iproute2/rt_tables is missing or is not
    writeable
  * In earlier 4.6.3 versions, the help text from shorewall-lite
    and shorewall6-lite included two versions of the 'run' command.
      run <command> [ <parameter> ... ]
      ..
      run <function> [ <parameter> ... ]
    The second one has now been deleted.
  * New Features:
    Eric Teeter has contributed a Citrix Goto Meeting macro. (forwarded request 247477 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.3.1 For more details see changelog.txt and
  releasenotes.tx
  * The DNSAmp action released in 4.6.3 matched more packets than it
    should have. That has now been corrected.
  * The handling of REJECT in IP[6]TABLES rules has been clarified
    inthe shorewall-rules(5) and shorewall6-rules(5) manpages.
  * The following misleading error message has now been corrected:
      ERROR: The xxx TARGET is now allowed in the filter table
    The message now reads:
      ERROR: The xxx TARGET is not allowed in the filter table 
- Spec fixes
  * Fixed shorewall-init requires so it needs shoreline-firewall
    which is an alias for shorewall shorewall6 shorewall-lite and
    shorewall6-lite packages
  * shorewall-init package was missing a rc link (forwarded request 247001 from toganm)

• Files Changed
• Browse Source

Split 13.2 from Factory

• Files Changed
• Browse Source

- Update to version 4.6.2.5 For more details see changelog.txt and
  releasenotes.txt
  * Previously, when an interface specified the 'physical=' option and
    the physical interface name was specified in the INTERFACES
    column of the providers file, compilation would fail with diagnostics
    similar to the following:
    Use of uninitialized value $physicalal in pattern match
    (m//) at /usr/lib/perl5/vendor_perl/5.18.1/
              Shorewall/Providers.pm line 463, <$currentfile> line
    ERROR:ERROR A provider interface must have at least one
        associated zone /zoneopt/etc/shorewall/providers (line 2)
  * Shorewall-init now works correctly on systems with systemd.
    By Louis Lagendijk.
- Remove backported patches
  * PHYSICALNAME.patch
  * 0001-Modify-the-preceding-fix-to-work-with-wildcard-inter.patch (forwarded request 244766 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.2.4 For more details see changelog.txt and
  releasenotes.txt
  
  + Previously, inline matches were not allowed in action files, even
    though the documentation stated that they were allowed. (forwarded request 243938 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.2.3 For more details see changelog.txt and
  releasenotes.txt
  * Previously, the compiler would fail with a Perl diagnostic if:
    + Optimize Level 8 was enabled.
    + Perl 5.20 was being used. This is the current Perl version on
      Arch Linux.
    The diagnostic was:
      Can't use string ("nat") as a HASH ref while "strict refs" in
      use at /usr/share/shorewall/Shorewall/Chains.pm line 3486. (forwarded request 242812 from toganm)

• Files Changed
• Browse Source

- Update to version 4.6.2.2 For more details see changelog.txt and
  releasenotes.txt
  * The compiler now correctly detects the IPv6 "Header Match"
    capability when LOAD_MODULES_ONLY=No.
  * The compiler now correctly detects the IPv6 "Ipset Match"
    capability on systems running a 3.14 or later kernel.
  * The compiler now correctly detects "Arptables JF" capability
    when LOAD_MODULES_ONLY=No.
  * The tcfilter manpages previously failed to mention that
    BASIC_FILTERS=Yes is required to use ipsets in the tcfilters
    files. (forwarded request 242438 from toganm)

• Files Changed
• Browse Source