diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/changelog.txt shorewall-5.0.15/changelog.txt --- shorewall-5.0.14/changelog.txt 2016-11-03 15:07:35.454680685 -0700 +++ shorewall-5.0.15/changelog.txt 2016-12-02 15:21:56.472615101 -0800 @@ -1,3 +1,31 @@ +Changes in 5.0.15 Final + +1) Update release documents. + +2) Correct 'restore' exit status + +3) Correct optimizer defect in merge_rules(). + +Changes in 5.0.15 RC 2 + +1) Update release documents. + +2) Correct syntax error in Providers.pm. + +Changes in 5.0.15 RC 1 + +1) Update release documents. + +2) Use $PAGER in 'show macro'. + +3) Implement the -p option + +Changes in 5.0.15 Beta 1 + +1) Update release documents. + +2) Preserve shell variables over 'update'. + Changes in 5.0.14 Final 1) Update release documents. diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/configure shorewall-5.0.15/configure --- shorewall-5.0.14/configure 2016-11-03 15:07:35.458680664 -0700 +++ shorewall-5.0.15/configure 2016-12-02 15:21:56.472615101 -0800 @@ -28,7 +28,7 @@ # # Build updates this # -VERSION=5.0.14 +VERSION=5.0.15 case "$BASH_VERSION" in [4-9].*) diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/configure.pl shorewall-5.0.15/configure.pl --- shorewall-5.0.14/configure.pl 2016-11-03 15:07:35.462680643 -0700 +++ shorewall-5.0.15/configure.pl 2016-12-02 15:21:56.476615113 -0800 @@ -31,7 +31,7 @@ # Build updates this # use constant { - VERSION => '5.0.14' + VERSION => '5.0.15' }; my %params; diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/install.sh shorewall-5.0.15/install.sh --- shorewall-5.0.14/install.sh 2016-11-03 15:07:35.218681934 -0700 +++ shorewall-5.0.15/install.sh 2016-12-02 15:21:56.452615040 -0800 @@ -22,7 +22,7 @@ # along with this program; if not, see . # -VERSION=5.0.14 +VERSION=5.0.15 # # Change to the directory containing this script diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/lib.cli-std shorewall-5.0.15/lib.cli-std --- shorewall-5.0.14/lib.cli-std 2016-11-03 15:06:38.000000000 -0700 +++ shorewall-5.0.15/lib.cli-std 2016-12-02 14:47:03.000000000 -0800 @@ -318,21 +318,23 @@ [ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER - if [ -n "$PAGER" -a -t 1 ]; then - case $PAGER in - /*) - g_pager="$PAGER" - [ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist" - ;; - *) - g_pager=$(mywhich $PAGER 2> /dev/null) - [ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found" - ;; - esac + if [ -z "$g_nopager" ]; then + if [ -n "$PAGER" -a -t 1 ]; then + case $PAGER in + /*) + g_pager="$PAGER" + [ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist" + ;; + *) + g_pager=$(mywhich $PAGER 2> /dev/null) + [ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found" + ;; + esac - [ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable" + [ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable" - g_pager="| $g_pager" + g_pager="| $g_pager" + fi fi if [ -n "$DYNAMIC_BLACKLIST" ]; then diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall.8 shorewall-5.0.15/manpages/shorewall.8 --- shorewall-5.0.14/manpages/shorewall.8 2016-11-03 15:08:00.690547066 -0700 +++ shorewall-5.0.15/manpages/shorewall.8 2016-12-02 15:22:24.732700509 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL" "8" "11/03/2016" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL" "8" "12/02/2016" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -1662,7 +1662,9 @@ .sp -1 .IP " 3." 4.2 .\} -INCLUDEd files will be expanded inline in the output file\&. +With the exception of the +notrack\->conntrack +conversion, INCLUDEd files will be expanded inline in the output file\&. .RE .sp .RS 4 @@ -1675,6 +1677,53 @@ .\} Columns in the output file will be separated by a single tab character; there is no attempt made to otherwise align the columns\&. .RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 5.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 5." 4.2 +.\} +Prior to Shorewall 5\&.0\&.15, shell variables will be expanded in the output file\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04' 6.\h'+01'\c +.\} +.el \{\ +.sp -1 +.IP " 6." 4.2 +.\} +Prior to Shorewall 5\&.0\&.15, lines omitted by compiler directives (?if \&.\&.\&.\&., etc\&.) will not appear in the output file\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBImportant\fR +.ps -1 +.br +Because the translation of the \*(Aqblacklist\*(Aq and \*(Aqroutestopped\*(Aq files is not 1:1, omitted lines and compiler directives are not transferred to the converted files\&. If either are present, the compiler issues a warning: +.sp +.if n \{\ +.RS 4 +.\} +.nf + WARNING: "Omitted rules and compiler directives were not translated +.fi +.if n \{\ +.RE +.\} +.sp .5v +.RE +.RE .sp .5v .RE The diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-accounting.5 shorewall-5.0.15/manpages/shorewall-accounting.5 --- shorewall-5.0.14/manpages/shorewall-accounting.5 2016-11-03 15:07:37.338670708 -0700 +++ shorewall-5.0.15/manpages/shorewall-accounting.5 2016-12-02 15:21:57.616618605 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-accounting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACCOUNTIN" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACCOUNTIN" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-actions.5 shorewall-5.0.15/manpages/shorewall-actions.5 --- shorewall-5.0.14/manpages/shorewall-actions.5 2016-11-03 15:07:37.874667871 -0700 +++ shorewall-5.0.15/manpages/shorewall-actions.5 2016-12-02 15:21:58.208620416 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-actions .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ACTIONS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ACTIONS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-arprules.5 shorewall-5.0.15/manpages/shorewall-arprules.5 --- shorewall-5.0.14/manpages/shorewall-arprules.5 2016-11-03 15:07:38.378665202 -0700 +++ shorewall-5.0.15/manpages/shorewall-arprules.5 2016-12-02 15:21:58.788622190 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-arprules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ARPRULES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ARPRULES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-blrules.5 shorewall-5.0.15/manpages/shorewall-blrules.5 --- shorewall-5.0.14/manpages/shorewall-blrules.5 2016-11-03 15:07:38.898662449 -0700 +++ shorewall-5.0.15/manpages/shorewall-blrules.5 2016-12-02 15:21:59.392624036 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-blrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-BLRULES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-BLRULES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall.conf.5 shorewall-5.0.15/manpages/shorewall.conf.5 --- shorewall-5.0.14/manpages/shorewall.conf.5 2016-11-03 15:07:41.302649721 -0700 +++ shorewall-5.0.15/manpages/shorewall.conf.5 2016-12-02 15:22:02.200632604 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\&.CONF" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\&.CONF" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-conntrack.5 shorewall-5.0.15/manpages/shorewall-conntrack.5 --- shorewall-5.0.14/manpages/shorewall-conntrack.5 2016-11-03 15:07:41.910646501 -0700 +++ shorewall-5.0.15/manpages/shorewall-conntrack.5 2016-12-02 15:22:03.056635211 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall6-conntrack .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL6\-CONNTRAC" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL6\-CONNTRAC" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-ecn.5 shorewall-5.0.15/manpages/shorewall-ecn.5 --- shorewall-5.0.14/manpages/shorewall-ecn.5 2016-11-03 15:07:42.430643748 -0700 +++ shorewall-5.0.15/manpages/shorewall-ecn.5 2016-12-02 15:22:03.724637244 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-ecn .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ECN" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ECN" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-exclusion.5 shorewall-5.0.15/manpages/shorewall-exclusion.5 --- shorewall-5.0.14/manpages/shorewall-exclusion.5 2016-11-03 15:07:42.922641143 -0700 +++ shorewall-5.0.15/manpages/shorewall-exclusion.5 2016-12-02 15:22:04.372639215 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-exclusion .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-EXCLUSION" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-EXCLUSION" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-hosts.5 shorewall-5.0.15/manpages/shorewall-hosts.5 --- shorewall-5.0.14/manpages/shorewall-hosts.5 2016-11-03 15:07:43.426638474 -0700 +++ shorewall-5.0.15/manpages/shorewall-hosts.5 2016-12-02 15:22:05.020641184 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-hosts .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-HOSTS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-HOSTS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-init.8 shorewall-5.0.15/manpages/shorewall-init.8 --- shorewall-5.0.14/manpages/shorewall-init.8 2016-11-03 15:07:43.890636018 -0700 +++ shorewall-5.0.15/manpages/shorewall-init.8 2016-12-02 15:22:05.548642788 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-init .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Administrative Commands .\" Source: Administrative Commands .\" Language: English .\" -.TH "SHOREWALL\-INIT" "8" "11/03/2016" "Administrative Commands" "Administrative Commands" +.TH "SHOREWALL\-INIT" "8" "12/02/2016" "Administrative Commands" "Administrative Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-interfaces.5 shorewall-5.0.15/manpages/shorewall-interfaces.5 --- shorewall-5.0.14/manpages/shorewall-interfaces.5 2016-11-03 15:07:44.654631972 -0700 +++ shorewall-5.0.15/manpages/shorewall-interfaces.5 2016-12-02 15:22:06.404645387 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-interfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-INTERFACE" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-INTERFACE" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-ipsets.5 shorewall-5.0.15/manpages/shorewall-ipsets.5 --- shorewall-5.0.14/manpages/shorewall-ipsets.5 2016-11-03 15:07:45.154629325 -0700 +++ shorewall-5.0.15/manpages/shorewall-ipsets.5 2016-12-02 15:22:06.996647183 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-ipsets .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-IPSETS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-IPSETS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-maclist.5 shorewall-5.0.15/manpages/shorewall-maclist.5 --- shorewall-5.0.14/manpages/shorewall-maclist.5 2016-11-03 15:07:45.670626593 -0700 +++ shorewall-5.0.15/manpages/shorewall-maclist.5 2016-12-02 15:22:07.576648941 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-maclist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MACLIST" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MACLIST" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-mangle.5 shorewall-5.0.15/manpages/shorewall-mangle.5 --- shorewall-5.0.14/manpages/shorewall-mangle.5 2016-11-03 15:07:46.486622273 -0700 +++ shorewall-5.0.15/manpages/shorewall-mangle.5 2016-12-02 15:22:08.532651838 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-mangle .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MANGLE" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MANGLE" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-masq.5 shorewall-5.0.15/manpages/shorewall-masq.5 --- shorewall-5.0.14/manpages/shorewall-masq.5 2016-11-03 15:07:47.058619244 -0700 +++ shorewall-5.0.15/manpages/shorewall-masq.5 2016-12-02 15:22:09.200653860 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-masq .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MASQ" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MASQ" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-modules.5 shorewall-5.0.15/manpages/shorewall-modules.5 --- shorewall-5.0.14/manpages/shorewall-modules.5 2016-11-03 15:07:47.546616660 -0700 +++ shorewall-5.0.15/manpages/shorewall-modules.5 2016-12-02 15:22:09.820655736 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-modules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-MODULES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-MODULES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-nat.5 shorewall-5.0.15/manpages/shorewall-nat.5 --- shorewall-5.0.14/manpages/shorewall-nat.5 2016-11-03 15:07:48.078613843 -0700 +++ shorewall-5.0.15/manpages/shorewall-nat.5 2016-12-02 15:22:10.420657550 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-nat .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NAT" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NAT" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-nesting.5 shorewall-5.0.15/manpages/shorewall-nesting.5 --- shorewall-5.0.14/manpages/shorewall-nesting.5 2016-11-03 15:07:48.606611047 -0700 +++ shorewall-5.0.15/manpages/shorewall-nesting.5 2016-12-02 15:22:11.016659351 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-nesting .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NESTING" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NESTING" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-netmap.5 shorewall-5.0.15/manpages/shorewall-netmap.5 --- shorewall-5.0.14/manpages/shorewall-netmap.5 2016-11-03 15:07:49.114608358 -0700 +++ shorewall-5.0.15/manpages/shorewall-netmap.5 2016-12-02 15:22:11.664661307 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-netmap .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-NETMAP" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-NETMAP" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-params.5 shorewall-5.0.15/manpages/shorewall-params.5 --- shorewall-5.0.14/manpages/shorewall-params.5 2016-11-03 15:07:49.634605604 -0700 +++ shorewall-5.0.15/manpages/shorewall-params.5 2016-12-02 15:22:12.228663010 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-params .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PARAMS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PARAMS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-policy.5 shorewall-5.0.15/manpages/shorewall-policy.5 --- shorewall-5.0.14/manpages/shorewall-policy.5 2016-11-03 15:07:50.170602766 -0700 +++ shorewall-5.0.15/manpages/shorewall-policy.5 2016-12-02 15:22:12.860664916 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-policy .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-POLICY" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-POLICY" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-providers.5 shorewall-5.0.15/manpages/shorewall-providers.5 --- shorewall-5.0.14/manpages/shorewall-providers.5 2016-11-03 15:07:50.726599823 -0700 +++ shorewall-5.0.15/manpages/shorewall-providers.5 2016-12-02 15:22:13.516666894 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-providers .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROVIDERS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROVIDERS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-proxyarp.5 shorewall-5.0.15/manpages/shorewall-proxyarp.5 --- shorewall-5.0.14/manpages/shorewall-proxyarp.5 2016-11-03 15:07:51.234597133 -0700 +++ shorewall-5.0.15/manpages/shorewall-proxyarp.5 2016-12-02 15:22:14.076668581 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-proxyarp .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-PROXYARP" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-PROXYARP" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-routes.5 shorewall-5.0.15/manpages/shorewall-routes.5 --- shorewall-5.0.14/manpages/shorewall-routes.5 2016-11-03 15:07:51.746594422 -0700 +++ shorewall-5.0.15/manpages/shorewall-routes.5 2016-12-02 15:22:14.652670315 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-routes .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ROUTES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ROUTES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-rtrules.5 shorewall-5.0.15/manpages/shorewall-rtrules.5 --- shorewall-5.0.14/manpages/shorewall-rtrules.5 2016-11-03 15:07:52.246591774 -0700 +++ shorewall-5.0.15/manpages/shorewall-rtrules.5 2016-12-02 15:22:15.244672097 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-rtrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RTRULES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RTRULES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-rules.5 shorewall-5.0.15/manpages/shorewall-rules.5 --- shorewall-5.0.14/manpages/shorewall-rules.5 2016-11-03 15:07:53.578584723 -0700 +++ shorewall-5.0.15/manpages/shorewall-rules.5 2016-12-02 15:22:16.732676570 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-rules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-RULES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-RULES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-secmarks.5 shorewall-5.0.15/manpages/shorewall-secmarks.5 --- shorewall-5.0.14/manpages/shorewall-secmarks.5 2016-11-03 15:07:54.118581863 -0700 +++ shorewall-5.0.15/manpages/shorewall-secmarks.5 2016-12-02 15:22:17.328678360 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-secmarks .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-SECMARKS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-SECMARKS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-snat.5 shorewall-5.0.15/manpages/shorewall-snat.5 --- shorewall-5.0.14/manpages/shorewall-snat.5 2016-11-03 15:07:54.730578622 -0700 +++ shorewall-5.0.15/manpages/shorewall-snat.5 2016-12-02 15:22:18.036680485 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-snat .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-SNAT" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-SNAT" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-stoppedrules.5 shorewall-5.0.15/manpages/shorewall-stoppedrules.5 --- shorewall-5.0.14/manpages/shorewall-stoppedrules.5 2016-11-03 15:07:55.222576018 -0700 +++ shorewall-5.0.15/manpages/shorewall-stoppedrules.5 2016-12-02 15:22:18.612682213 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-stoppedrules .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-STOPPEDRU" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-STOPPEDRU" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tcclasses.5 shorewall-5.0.15/manpages/shorewall-tcclasses.5 --- shorewall-5.0.14/manpages/shorewall-tcclasses.5 2016-11-03 15:07:55.818572862 -0700 +++ shorewall-5.0.15/manpages/shorewall-tcclasses.5 2016-12-02 15:22:19.260684155 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcclasses .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCCLASSES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCCLASSES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tcdevices.5 shorewall-5.0.15/manpages/shorewall-tcdevices.5 --- shorewall-5.0.14/manpages/shorewall-tcdevices.5 2016-11-03 15:07:56.334570130 -0700 +++ shorewall-5.0.15/manpages/shorewall-tcdevices.5 2016-12-02 15:22:19.868685976 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcdevices .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCDEVICES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCDEVICES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tcfilters.5 shorewall-5.0.15/manpages/shorewall-tcfilters.5 --- shorewall-5.0.14/manpages/shorewall-tcfilters.5 2016-11-03 15:07:56.890567186 -0700 +++ shorewall-5.0.15/manpages/shorewall-tcfilters.5 2016-12-02 15:22:20.508687893 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcfilters .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCFILTERS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCFILTERS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tcinterfaces.5 shorewall-5.0.15/manpages/shorewall-tcinterfaces.5 --- shorewall-5.0.14/manpages/shorewall-tcinterfaces.5 2016-11-03 15:07:57.394564517 -0700 +++ shorewall-5.0.15/manpages/shorewall-tcinterfaces.5 2016-12-02 15:22:21.072689580 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcinterfaces .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCINTERFA" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCINTERFA" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tcpri.5 shorewall-5.0.15/manpages/shorewall-tcpri.5 --- shorewall-5.0.14/manpages/shorewall-tcpri.5 2016-11-03 15:07:57.910561785 -0700 +++ shorewall-5.0.15/manpages/shorewall-tcpri.5 2016-12-02 15:22:21.660691339 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tcpri .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TCPRI" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TCPRI" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-tunnels.5 shorewall-5.0.15/manpages/shorewall-tunnels.5 --- shorewall-5.0.14/manpages/shorewall-tunnels.5 2016-11-03 15:07:58.446558948 -0700 +++ shorewall-5.0.15/manpages/shorewall-tunnels.5 2016-12-02 15:22:22.256693120 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-tunnels .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-TUNNELS" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-TUNNELS" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-vardir.5 shorewall-5.0.15/manpages/shorewall-vardir.5 --- shorewall-5.0.14/manpages/shorewall-vardir.5 2016-11-03 15:07:58.950556279 -0700 +++ shorewall-5.0.15/manpages/shorewall-vardir.5 2016-12-02 15:22:22.832694840 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-vardir .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-VARDIR" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-VARDIR" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/manpages/shorewall-zones.5 shorewall-5.0.15/manpages/shorewall-zones.5 --- shorewall-5.0.14/manpages/shorewall-zones.5 2016-11-03 15:08:01.274543974 -0700 +++ shorewall-5.0.15/manpages/shorewall-zones.5 2016-12-02 15:22:25.404702511 -0800 @@ -2,12 +2,12 @@ .\" Title: shorewall-zones .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 11/03/2016 +.\" Date: 12/02/2016 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" -.TH "SHOREWALL\-ZONES" "5" "11/03/2016" "Configuration Files" "Configuration Files" +.TH "SHOREWALL\-ZONES" "5" "12/02/2016" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/compiler.pl shorewall-5.0.15/Perl/compiler.pl --- shorewall-5.0.14/Perl/compiler.pl 2016-11-03 15:06:38.000000000 -0700 +++ shorewall-5.0.15/Perl/compiler.pl 2016-12-02 14:47:03.000000000 -0800 @@ -1,6 +1,6 @@ #! /usr/bin/perl -w # -# The Shoreline Firewall Packet Filtering Firewall Compiler - V4.4 +# The Shoreline Firewall Packet Filtering Firewall Compiler # # (c) 2007,2008,2009,2010,2011,2014 - Tom Eastep (teastep@shorewall.net) # diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Chains.pm shorewall-5.0.15/Perl/Shorewall/Chains.pm --- shorewall-5.0.14/Perl/Shorewall/Chains.pm 2016-11-03 15:07:35.502680429 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Chains.pm 2016-12-02 15:21:56.512615223 -0800 @@ -298,7 +298,7 @@ Exporter::export_ok_tags('internal'); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; # # Chain Table @@ -1218,6 +1218,7 @@ if ( exists $fromref->{$option} ) { push( @{$toref->{matches}}, $option ) unless exists $toref->{$option}; $toref->{$option} = $fromref->{$option}; + $toref->{simple} = 0; } } diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Config.pm shorewall-5.0.15/Perl/Shorewall/Config.pm --- shorewall-5.0.14/Perl/Shorewall/Config.pm 2016-11-03 15:07:35.514680367 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Config.pm 2016-12-02 15:21:56.528615273 -0800 @@ -133,6 +133,7 @@ split_line split_line1 split_line2 + split_rawline2 first_entry open_file close_file @@ -174,6 +175,7 @@ $doing $done $currentline + $rawcurrentline $currentfilename $debug $file_format @@ -241,7 +243,7 @@ Exporter::export_ok_tags('internal'); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_145'; # # describe the current command, it's present progressive, and it's completion. @@ -564,6 +566,7 @@ our $inline_matches; our $currentline; # Current config file line image +our $rawcurrentline; # Current config file line with no variable expansion our $currentfile; # File handle reference our $currentfilename; # File NAME our $currentlinenumber; # Line number @@ -744,7 +747,7 @@ TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => "5.0.14", + VERSION => "5.0.15", CAPVERSION => 50004 , BLACKLIST_LOG_TAG => '', RELATED_LOG_TAG => '', @@ -2442,6 +2445,25 @@ @line; } +# +# Same as above, only it splits the raw current line +# +sub split_rawline2( $$;$$$ ) { + my $savecurrentline = $currentline; + + $currentline = $rawcurrentline; + # + # Delete trailing comment + # + $currentline =~ s/\s*#.*//; + + my @result = &split_line2( @_ ); + + $currentline = $savecurrentline; + + @result; +} + sub split_line1( $$;$$ ) { &split_line2( @_, undef ); } @@ -3026,9 +3048,9 @@ if ( $directive_callback ) { $directive_callback->( $keyword, $line ) - } else { - $omitting; } + + $omitting; } # @@ -3736,6 +3758,7 @@ if ( $omitting ) { print "OMIT=> $_\n" if $debug; + $directive_callback->( 'OMITTED', $_ ) if ( $directive_callback ); next; } @@ -3790,6 +3813,10 @@ # handle_first_entry if $first_entry; # + # Save Raw Image + # + $rawcurrentline = $currentline; + # # Expand Shell Variables using %params and %actparams # expand_variables( $currentline ) if $options & EXPAND_VARIABLES; @@ -3818,7 +3845,7 @@ fatal_error "Invalid SECTION name ($sectionname)" unless $sectionname =~ /^[-_\da-zA-Z]+$/; fatal_error "This file does not allow ?SECTION" unless $section_function; $section_function->($sectionname); - $directive_callback->( 'SECTION', $currentline ) if $directive_callback; + $directive_callback->( 'SECTION', $rawcurrentline ) if $directive_callback; next LINE; } else { fatal_error "Non-ASCII gunk in file" if ( $options && CHECK_GUNK ) && $currentline =~ /[^\s[:print:]]/; diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Misc.pm shorewall-5.0.15/Perl/Shorewall/Misc.pm --- shorewall-5.0.14/Perl/Shorewall/Misc.pm 2016-11-03 15:07:35.522680324 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Misc.pm 2016-12-02 15:21:56.540615309 -0800 @@ -48,7 +48,7 @@ generate_matrix ); our @EXPORT_OK = qw( initialize ); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; our $family; @@ -216,6 +216,7 @@ my $audit = $disposition =~ /^A_/; my $target = $disposition; my $orig_target = $target; + my $warnings = 0; my @rules; if ( @$zones || @$zones1 ) { @@ -237,12 +238,22 @@ return 0; } + directive_callback( + sub () + { + warning_message "Omitted rules and compiler directives were not translated" unless $warnings++; + } + ); + first_entry "Converting $fn..."; while ( read_a_line( NORMAL_READ ) ) { my ( $networks, $protocol, $ports, $options ) = - split_line( 'blacklist file', - { networks => 0, proto => 1, port => 2, options => 3 } ); + split_rawline2( 'blacklist file', + { networks => 0, proto => 1, port => 2, options => 3 }, + {}, + 4, + ); if ( $options eq '-' ) { $options = 'src'; @@ -300,6 +311,8 @@ } } + directive_callback(0); + if ( @rules ) { my $fn1 = find_writable_file( 'blrules' ); my $blrules; @@ -312,7 +325,7 @@ transfer_permissions( $fn, $fn1 ); print $blrules <<'EOF'; # -# Shorewall version 5.0 - Blacklist Rules File +# Shorewall - Blacklist Rules File # # For information about entries in this file, type "man shorewall-blrules" # @@ -394,7 +407,8 @@ if ( my $fn = open_file 'routestopped' ) { my ( @allhosts, %source, %dest , %notrack, @rule ); - my $seq = 0; + my $seq = 0; + my $warnings = 0; my $date = compiletime; my ( $stoppedrules, $fn1 ); @@ -406,7 +420,7 @@ transfer_permissions( $fn, $fn1 ); print $stoppedrules <<'EOF'; # -# Shorewall version 5 - Stopped Rules File +# Shorewall - Stopped Rules File # # For information about entries in this file, type "man shorewall-stoppedrules" # @@ -422,6 +436,13 @@ EOF } + directive_callback( + sub () + { + warning_message "Omitted rules and compiler directives were not translated" unless $warnings++; + } + ); + first_entry( sub { my $date = compiletime; @@ -436,13 +457,16 @@ while ( read_a_line ( NORMAL_READ ) ) { my ($interface, $hosts, $options , $proto, $ports, $sports ) = - split_line( 'routestopped file', - { interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 } ); + split_rawline2( 'routestopped file', + { interface => 0, hosts => 1, options => 2, proto => 3, dport => 4, sport => 5 }, + {}, + 6, + 0, + ); my $interfaceref; fatal_error 'INTERFACE must be specified' if $interface eq '-'; - fatal_error "Unknown interface ($interface)" unless $interfaceref = known_interface $interface; $hosts = ALLIP unless $hosts && $hosts ne '-'; my $routeback = 0; @@ -456,8 +480,6 @@ $hosts = ALLIP if $hosts eq '-'; for my $host ( split /,/, $hosts ) { - fatal_error "Ipsets not allowed with SAVE_IPSETS=Yes" if $host =~ /^!?\+/ && $config{SAVE_IPSETS}; - validate_host $host, 1; push @hosts, "$interface|$host|$seq"; push @rule, $rule; } @@ -501,6 +523,8 @@ push @allhosts, @hosts; } + directive_callback(0); + for my $host ( @allhosts ) { my ( $interface, $h, $seq ) = split /\|/, $host; my $rule = shift @rule; diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Nat.pm shorewall-5.0.15/Perl/Shorewall/Nat.pm --- shorewall-5.0.14/Perl/Shorewall/Nat.pm 2016-11-03 15:07:35.526680303 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Nat.pm 2016-12-02 15:21:56.544615322 -0800 @@ -42,7 +42,7 @@ Exporter::export_ok_tags('rules'); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; our @addresses_to_add; our %addresses_to_add; @@ -60,12 +60,12 @@ # # Process a single rule from the the masq file # -sub process_one_masq1( $$$$$$$$$$$$ ) +sub process_one_masq1( $$$$$$$$$$$ ) { - my ( $snat, $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = @_; + my ( $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = @_; my $pre_nat; - my $add_snat_aliases = ! $snat && $family == F_IPV4 && $config{ADD_SNAT_ALIASES}; + my $add_snat_aliases = $family == F_IPV4 && $config{ADD_SNAT_ALIASES}; my $destnets = ''; my $baserule = ''; my $inlinematches = ''; @@ -226,7 +226,7 @@ } elsif ( $addresses eq 'NONAT' ) { fatal_error "'persistent' may not be specified with 'NONAT'" if $persistent; fatal_error "'random' may not be specified with 'NONAT'" if $randomize; - $target = $snat ? 'CONTINUE' : 'RETURN'; + $target = 'RETURN'; $add_snat_aliases = 0; } elsif ( $addresses ) { my $addrlist = ''; @@ -249,33 +249,31 @@ # $target = 'SNAT '; - unless ( $snat ) { - if ( $interface =~ /^{([a-zA-Z_]\w*)}$/ ) { + if ( $interface =~ /^{([a-zA-Z_]\w*)}$/ ) { + # + # User-defined address variable + # + $conditional = conditional_rule( $chainref, $addr ); + $addrlist .= '--to-source ' . "\$${1}${ports} "; + } else { + if ( $conditional = conditional_rule( $chainref, $addr ) ) { # - # User-defined address variable + # Optional Interface -- rule is conditional # - $conditional = conditional_rule( $chainref, $addr ); - $addrlist .= '--to-source ' . "\$${1}${ports} "; + $addr = get_interface_address $interface; } else { - if ( $conditional = conditional_rule( $chainref, $addr ) ) { - # - # Optional Interface -- rule is conditional - # - $addr = get_interface_address $interface; - } else { - # - # Interface is not optional - # - $addr = record_runtime_address( $type, $interface ); - } - - if ( $ports ) { - $addr =~ s/ $//; - $addr = $family == F_IPV4 ? "${addr}${ports} " : "[$addr]$ports "; - } + # + # Interface is not optional + # + $addr = record_runtime_address( $type, $interface ); + } - $addrlist .= '--to-source ' . $addr; + if ( $ports ) { + $addr =~ s/ $//; + $addr = $family == F_IPV4 ? "${addr}${ports} " : "[$addr]$ports "; } + + $addrlist .= '--to-source ' . $addr; } } elsif ( $family == F_IPV4 ) { if ( $addr =~ /^.*\..*\..*\./ ) { @@ -362,39 +360,37 @@ # # And Generate the Rule(s) # - unless ( $snat ) { - expand_rule( $chainref , - POSTROUTE_RESTRICT , - $prerule , - $baserule . $inlinematches . $rule , - $networks , - $destnets , - $origdest , - $target , - '' , - '' , - $exceptionrule , - '' ) - unless unreachable_warning( 0, $chainref ); + expand_rule( $chainref , + POSTROUTE_RESTRICT , + $prerule , + $baserule . $inlinematches . $rule , + $networks , + $destnets , + $origdest , + $target , + '' , + '' , + $exceptionrule , + '' ) + unless unreachable_warning( 0, $chainref ); - conditional_rule_end( $chainref ) if $detectaddress || $conditional; + conditional_rule_end( $chainref ) if $detectaddress || $conditional; - if ( $add_snat_aliases ) { - my ( $interface, $alias , $remainder ) = split( /:/, $fullinterface, 3 ); - fatal_error "Invalid alias ($alias:$remainder)" if defined $remainder; - for my $address ( split_list $addresses, 'address' ) { - my ( $addrs, $port ) = split /:/, $address; - next unless $addrs; - next if $addrs eq 'detect'; - for my $addr ( ip_range_explicit $addrs ) { - unless ( $addresses_to_add{$addr} ) { - $addresses_to_add{$addr} = 1; - if ( defined $alias ) { - push @addresses_to_add, $addr, "$interface:$alias"; - $alias++; - } else { - push @addresses_to_add, $addr, $interface; - } + if ( $add_snat_aliases ) { + my ( $interface, $alias , $remainder ) = split( /:/, $fullinterface, 3 ); + fatal_error "Invalid alias ($alias:$remainder)" if defined $remainder; + for my $address ( split_list $addresses, 'address' ) { + my ( $addrs, $port ) = split /:/, $address; + next unless $addrs; + next if $addrs eq 'detect'; + for my $addr ( ip_range_explicit $addrs ) { + unless ( $addresses_to_add{$addr} ) { + $addresses_to_add{$addr} = 1; + if ( defined $alias ) { + push @addresses_to_add, $addr, "$interface:$alias"; + $alias++; + } else { + push @addresses_to_add, $addr, $interface; } } } @@ -402,8 +398,87 @@ } } + progress_message " Masq record \"$currentline\" $done"; + +} + +sub convert_one_masq1( $$$$$$$$$$$$ ) +{ + my ( $snat, $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = @_; + + my $pre_nat; + my $destnets = ''; + my $savelist; + # + # Leading '+' + # + $pre_nat = ( $interfacelist =~ s/^\+// ); + # + # Check for INLINE + # + if ( $interfacelist =~ /^INLINE\((.+)\)$/ ) { + $interfacelist = $1; + } + + $savelist = $interfacelist; + # + # Parse the remaining part of the INTERFACE column + # + if ( $family == F_IPV4 ) { + if ( $interfacelist =~ /^([^:]+)::([^:]*)$/ ) { + $destnets = $2; + $interfacelist = $1; + } elsif ( $interfacelist =~ /^([^:]+:[^:]+):([^:]+)$/ ) { + $destnets = $2; + $interfacelist = $1; + } elsif ( $interfacelist =~ /^([^:]+):$/ ) { + $interfacelist = $1; + } elsif ( $interfacelist =~ /^([^:]+):([^:]*)$/ ) { + my ( $one, $two ) = ( $1, $2 ); + if ( $2 =~ /\./ || $2 =~ /^%/ ) { + $interfacelist = $one; + $destnets = $two; + } + } + } elsif ( $interfacelist =~ /^(.+?):(.+)$/ ) { + $interfacelist = $1; + $destnets = $2; + } + # + # If there is no source or destination then allow all addresses + # + $networks = ALLIP if $networks eq '-'; + $destnets = ALLIP if $destnets eq '-'; + + my $target; + # + # Parse the ADDRESSES column + # + if ( $addresses ne '-' ) { + my $saveaddresses = $addresses; + if ( $addresses ne 'random' ) { + $addresses =~ s/:persistent$//; + $addresses =~ s/:random$//; + + if ( $addresses eq 'detect' ) { + $target = 'SNAT'; + } elsif ( $addresses eq 'NONAT' ) { + $target = 'CONTINUE'; + } elsif ( $addresses ) { + if ( $addresses =~ /^:/ ) { + $target = 'MASQUERADE'; + } else { + $target = 'SNAT'; + } + } + } + + $addresses = $saveaddresses; + } else { + $target = 'MASQUERADE'; + } + if ( $snat ) { - $target =~ s/ .*//; $target .= '+' if $pre_nat; if ( $addresses ne '-' && $addresses ne 'NONAT' ) { @@ -424,7 +499,7 @@ print $snat "$line\n"; } - progress_message " Masq record \"$currentline\" $done"; + progress_message " Masq record \"$rawcurrentline\" Converted"; } @@ -432,17 +507,37 @@ { my ( $snat ) = @_; - my ($interfacelist, $networks, $addresses, $protos, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = - split_line2( 'masq file', - { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 }, - {}, #Nopad - undef, #Columns - 1 ); #Allow inline matches + if ( $snat ) { + unless ( $rawcurrentline =~ /^\s*(?:#.*)?$/ ) { + # + # Line was not blank or all comment + # + my ($interfacelist, $networks, $addresses, $protos, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = + split_rawline2( 'masq file', + { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 }, + {}, #Nopad + undef, #Columns + 1 ); #Allow inline matches - fatal_error 'INTERFACE must be specified' if $interfacelist eq '-'; + if ( $interfacelist ne '-' ) { + for my $proto ( split_list $protos, 'Protocol' ) { + convert_one_masq1( $snat, $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ); + } + } + } + } else { + my ($interfacelist, $networks, $addresses, $protos, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ) = + split_line2( 'masq file', + { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9, probability => 10 }, + {}, #Nopad + undef, #Columns + 1 ); #Allow inline matches - for my $proto ( split_list $protos, 'Protocol' ) { - process_one_masq1( $snat, $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ); + fatal_error 'INTERFACE must be specified' if $interfacelist eq '-'; + + for my $proto ( split_list $protos, 'Protocol' ) { + process_one_masq1( $interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest, $probability ); + } } } @@ -497,7 +592,19 @@ my $have_masq_rules; - directive_callback( sub () { print $snat "$_[1]\n"; 0; } ); + directive_callback( + sub () + { + if ( $_[0] eq 'OMITTED' ) { + # + # Convert the raw rule + # + process_one_masq( $snat) if $snat; + } else { + print $snat "$_[1]\n"; 0; + } + } + ); first_entry( sub { @@ -510,7 +617,18 @@ } ); - process_one_masq($snat), $have_masq_rules++ while read_a_line( NORMAL_READ ); + while ( read_a_line( NORMAL_READ ) ) { + # + # Process the file normally + # + process_one_masq(0); + # + # Now Convert it + # + process_one_masq($snat); + + $have_masq_rules++; + } if ( $have_masq_rules ) { progress_message2 "Converted $fn to $fn1"; diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Providers.pm shorewall-5.0.15/Perl/Shorewall/Providers.pm --- shorewall-5.0.14/Perl/Shorewall/Providers.pm 2016-11-03 15:07:35.530680282 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Providers.pm 2016-12-02 15:21:56.556615358 -0800 @@ -47,7 +47,7 @@ map_provider_to_interface ); our @EXPORT_OK = qw( initialize provider_realm ); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; use constant { LOCAL_TABLE => 255, MAIN_TABLE => 254, @@ -220,7 +220,14 @@ ' esac', ); } else { - emit ( " run_ip route add table $number \$net \$route $realm" ); + emit ( ' case $net in', + ' fe80:*)', + ' ;;', + ' *)', + " run_ip route add table $number \$net \$route $realm", + ' ;;', + ' esac', + ); } emit ( ' ;;', @@ -291,7 +298,14 @@ ' esac', ); } else { - emit ( " run_ip route add table $id \$net \$route $realm" ); + emit ( ' case $net in', + ' fe80:*)', + ' ;;', + ' *)', + " run_ip route add table $id \$net \$route $realm", + ' ;;', + ' esac', + ); } emit ( ' ;;', @@ -1496,7 +1510,18 @@ if ( $balancing ) { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); - emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); + + if ( $family == F_IPV4 ) { + emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); + } else { + emit ( " if echo \$DEFAULT_ROUTE | grep -q 'nexthop.+nexthop'; then", + " qt \$IP -6 route delete default scope global table $table \$DEFAULT_ROUTE", + " run_ip -6 route add default scope global table $table \$DEFAULT_ROUTE", + ' else', + " run_ip -6 route replace default scope global table $table \$DEFAULT_ROUTE", + ' fi', + '' ); + } if ( $config{USE_DEFAULT_RT} ) { emit ( " while qt \$IP -$family route del default table $main; do", @@ -1549,7 +1574,13 @@ if ( $fallback ) { emit ( 'if [ -n "$FALLBACK_ROUTE" ]; then' ); - emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" ); + + if ( $family == F_IPV4 ) { + emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" ); + } else { + emit( " run_ip route delete default scope global table $default \$FALLBACK_ROUTE" ); + emit( " run_ip route add default scope global table $default \$FALLBACK_ROUTE" ); + } emit( " progress_message \"Fallback route '\$(echo \$FALLBACK_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Rules.pm shorewall-5.0.15/Perl/Shorewall/Rules.pm --- shorewall-5.0.14/Perl/Shorewall/Rules.pm 2016-11-03 15:07:35.542680218 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Rules.pm 2016-12-02 15:21:56.568615395 -0800 @@ -79,7 +79,7 @@ Exporter::export_ok_tags('Traffic'); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; # # Globals are documented in the initialize() function # @@ -5139,50 +5139,50 @@ my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); if ( $family == F_IPV4 ) { ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = - split_line2( 'tcrules file', - { mark => 0, - action => 0, - source => 1, - dest => 2, - proto => 3, - dport => 4, - sport => 5, - user => 6, - test => 7, - length => 8, - tos => 9, - connbytes => 10, - helper => 11, - probability => 12 , - scp => 13, - state => 14 }, - {}, - 15, - 1 ); + split_rawline2( 'tcrules file', + { mark => 0, + action => 0, + source => 1, + dest => 2, + proto => 3, + dport => 4, + sport => 5, + user => 6, + test => 7, + length => 8, + tos => 9, + connbytes => 10, + helper => 11, + probability => 12 , + scp => 13, + state => 14 }, + {}, + 15, + 1 ); $headers = '-'; } else { ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability, $dscp, $state ) = - split_line2( 'tcrules file', - { mark => 0, - action => 0, - source => 1, - dest => 2, - proto => 3, - dport => 4, - sport => 5, - user => 6, - test => 7, - length => 8, - tos => 9, - connbytes => 10, - helper => 11, - headers => 12, - probability => 13, - dscp => 14, - state => 15 }, - {}, - 16, - 1 ); + split_rawline2( 'tcrules file', + { mark => 0, + action => 0, + source => 1, + dest => 2, + proto => 3, + dport => 4, + sport => 5, + user => 6, + test => 7, + length => 8, + tos => 9, + connbytes => 10, + helper => 11, + headers => 12, + probability => 13, + dscp => 14, + state => 15 }, + {}, + 16, + 1 ); } for my $proto (split_list( $protos, 'Protocol' ) ) { diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Perl/Shorewall/Tc.pm shorewall-5.0.15/Perl/Shorewall/Tc.pm --- shorewall-5.0.14/Perl/Shorewall/Tc.pm 2016-11-03 15:07:35.546680197 -0700 +++ shorewall-5.0.15/Perl/Shorewall/Tc.pm 2016-12-02 15:21:56.576615420 -0800 @@ -43,7 +43,7 @@ our @ISA = qw(Exporter); our @EXPORT = qw( process_tc setup_tc ); our @EXPORT_OK = qw( process_tc_rule initialize ); -our $VERSION = '5.0_14'; +our $VERSION = '5.0_15'; our %flow_keys = ( 'src' => 1, 'dst' => 1, @@ -2150,6 +2150,50 @@ } } +sub convert_one_tos( $ ) { + my ( $mangle ) = @_; + + my ($src, $dst, $proto, $ports, $sports , $tos, $mark ) = + split_rawline2( 'tos file entry', + { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, tos => 5, mark => 6 }, + undef, + 7 ); + + my $chain_designator = 'P'; + + decode_tos($tos, 1); + + my ( $srczone , $source , $remainder ); + + if ( $family == F_IPV4 ) { + ( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); + fatal_error 'Invalid SOURCE' if defined $remainder; + } elsif ( $src =~ /^(.+?):<(.*)>\s*$/ || $src =~ /^(.+?):\[(.*)\]\s*$/ ) { + $srczone = $1; + $source = $2; + } else { + $srczone = $src; + } + + if ( $srczone eq firewall_zone ) { + $chain_designator = 'O'; + $src = $source || '-'; + } else { + $src =~ s/^all:?//; + } + + $dst =~ s/^all:?//; + + $src = '-' unless supplied $src; + $dst = '-' unless supplied $dst; + $proto = '-' unless supplied $proto; + $ports = '-' unless supplied $ports; + $sports = '-' unless supplied $sports; + $mark = '-' unless supplied $mark; + + print $mangle "TOS($tos):$chain_designator\t$src\t$dst\t$proto\t$ports\t$sports\t-\t$mark\n" +} + sub convert_tos($$) { my ( $mangle, $fn1 ) = @_; @@ -2167,6 +2211,25 @@ } if ( my $fn = open_file 'tos' ) { + directive_callback( + sub () + { + if ( $_[0] eq 'OMITTED' ) { + # + # Convert the raw rule + # + if ( $rawcurrentline =~ /^\s*(?:#.*)?$/ ) { + print $mangle "$_[1]\n"; + } else { + convert_one_tos( $mangle ); + $have_tos = 1; + } + } else { + print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; + } + } + ); + first_entry( sub { my $date = compiletime; @@ -2180,48 +2243,12 @@ while ( read_a_line( NORMAL_READ ) ) { + convert_one_tos( $mangle ); $have_tos = 1; - - my ($src, $dst, $proto, $ports, $sports , $tos, $mark ) = - split_line( 'tos file entry', - { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, tos => 5, mark => 6 } ); - - my $chain_designator = 'P'; - - decode_tos($tos, 1); - - my ( $srczone , $source , $remainder ); - - if ( $family == F_IPV4 ) { - ( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); - fatal_error 'Invalid SOURCE' if defined $remainder; - } elsif ( $src =~ /^(.+?):<(.*)>\s*$/ || $src =~ /^(.+?):\[(.*)\]\s*$/ ) { - $srczone = $1; - $source = $2; - } else { - $srczone = $src; - } - - if ( $srczone eq firewall_zone ) { - $chain_designator = 'O'; - $src = $source || '-'; - } else { - $src =~ s/^all:?//; - } - - $dst =~ s/^all:?//; - - $src = '-' unless supplied $src; - $dst = '-' unless supplied $dst; - $proto = '-' unless supplied $proto; - $ports = '-' unless supplied $ports; - $sports = '-' unless supplied $sports; - $mark = '-' unless supplied $mark; - - print $mangle "TOS($tos):$chain_designator\t$src\t$dst\t$proto\t$ports\t$sports\t-\t$mark\n" - } + directive_callback(0); + if ( $have_tos ) { progress_message2 "Converted $fn to $fn1"; if ( rename $fn, "$fn.bak" ) { @@ -2337,7 +2364,24 @@ # ( $mangle, $fn1 ) = open_mangle_for_output( $fn ); - directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } ); + directive_callback( + sub () + { + if ( $_[0] eq 'OMITTED' ) { + # + # Convert the raw rule + # + if ( $rawcurrentline =~ /^\s*(?:#.*)?$/ ) { + print $mangle "$_[1]\n"; + } else { + process_tc_rule; + $have_tcrules++; + } + } else { + print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; + } + } + ); first_entry( sub { diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/releasenotes.txt shorewall-5.0.15/releasenotes.txt --- shorewall-5.0.14/releasenotes.txt 2016-11-03 15:07:35.454680685 -0700 +++ shorewall-5.0.15/releasenotes.txt 2016-12-02 15:21:56.472615101 -0800 @@ -1,7 +1,7 @@ ---------------------------------------------------------------------------- - S H O R E W A L L 5 . 0 . 1 4 R C 3 + S H O R E W A L L 5 . 0 . 1 5 ------------------------------ - N o v e m b e r 0 1, 2 0 1 6 + D e c e m b e r 0 5, 2 0 1 6 ---------------------------------------------------------------------------- I. PROBLEMS CORRECTED IN THIS RELEASE @@ -14,47 +14,42 @@ I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- -1) This release includes defect repair up through Shorewall 5.0.13.4. +1) This release includes defect repair through Shorewall 5.0.14.1. -2) When the address variable for an optional interface was used, and - the interface did not have an IP address when the firewall was - started, then enabling the interface did not previously - create/alter the rules that use the address variable. Also, if the - IP address of a disabled interface changed, enabling the interface - did not update/add rules using the interface's gateway address - variable. +2) Previously, when the 'update' command transformed a superseded + file's contents into a newer file, with the exception of the + 'notrack' -> 'conntrack' conversion, the transformation was + incomplete: - Now, if the IP address of a disabled optional interface - changes from its value (if any) when the netfilter ruleset was - instantiated, then after a successful 'enable', the ruleset is - automatically reloaded if the interface's address variable was - used. + a) All shell variables were expanded in the converted file. - Similarly, if 'detect' is specified as the GATEWAY for an optional - provider, then if the gateway at the time that the provider is - successfully enabled is different from that (if any) when the - netfilter ruleset was instantiated, then the ruleset is - automatically reloaded if the provider interface's run-time gateway - variable was used. + b) Any lines omitted by compiler directives ( ?if.... etc. ) were + also omitted from the converted file. - As part of this change, if an IP address is specified as the - GATEWAY for a provider, then the run-time gateway variable for the - provider's interface is expanded at compile time rather than at - runtime. + These deficiencies have been corrected. Now, shell variables are + preserved in the converted file and omitted lines are now + translated. - Example: + EXCEPTIONS: Because the translations of the 'blacklist' and + 'routestopped' files are not 1:1, omitted lines and compiler + directives are not transferred to the converted files. If either + are present, the compiler issues a warning: - #PROVIDER NUMBER MARK DUPLICATE INTRFACE GATEWAY OPTIONS COPY - foo 1 1 - eth0 1.2.3.4 primary - + WARNING: "Omitted rules and compiler directives were not + translated - Then %eth0 will be expanded at compile time to '1.2.3.4'. +3) In earlier versions, when USE_DEFAULT_RT=No in shorewall6.conf, + the generated script would attempt to copy fe80:* routes from the + DUPLICATE routing table to provider tables, which could fail. + Now, the generated script ignores these routes. -3) Previously, the ADDRESS column in /etc/shorewall[6]/masq was - documented as allowing a list of addresses and/or address ranges. - That feature depended on iptables support which is no longer - present in current distributions. The code now disallows more than - one address[-range] and the documentation has been changed - accordingly. +4) Previously, if the 'restore' command failed, the failure was not + corrected reflected in the exit status. The exit status now + correctly indicates the outcome of the command. + +5) A defect in OPTIMIZE level 4 processing, could previously result in + the incorrect omission of a -i, -o, -s or -d rule option in an + optimized rules. That defect has been corrected. ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G @@ -67,38 +62,22 @@ correctly in configurations with USE_DEFAULT_RT=No and optional providers listed in the DUPLICATE column. +3) While the 'ip' utility now accepts IPv6 routes with multiple + 'nexthop' destinations, these routes are not balanced. They are + rather instantiated as a sequence of single routes with different + metrics. Furthermore, the 'ip route replace' command fails on + such routes. Beginning with Shorewall6 5.0.15, the generated script + will use a "delete..add.." sequence on these routes rather than a + single "replace" command. + ---------------------------------------------------------------------------- I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- -1) /etc/shorewall[6]/masq has been superseded by - /etc/shorewall[6]/snat. The new 'snat' file is similar to most of - the other configuration files in that the first column specifies - the ACTION to be performed, the second contains the SOURCE and so - on. - - The 'shorewall[6] update' command will convert an existing masq - file into the equivalent 'snat' file and will rename masq to - masq.bak. - - See shorewall[6]-snat(5) for details. - -2) Actions (both inline and regular) are now supported out of the new - snat file. Like other actions, these 'SNAT actions' must be - declared in the /etc/shorewall[6]/actions file where the new 'nat' - option must be specified. - - Like other actions, the action rules are placed in a file named - action.. Those rules have the same format as those in the - snat file with two restrictions: - - 1. The '+' is not allowed in the ACTION column to specify that the - rules should be applied before one-to-one NAT. It must rather be - specified when the action is invoked. +1) The 'show macro' command now uses the configured PAGER, if any. - 2. Interface names are not permitted in the DEST column, so all of - the rules apply to the interface(s) specified when the action was - invoked. +2) The PAGER may now be deactivated through use of the '-p' option + (e.g., "shorewall -p show" ). ---------------------------------------------------------------------------- I V. M I G R A T I O N I S S U E S @@ -259,6 +238,85 @@ ---------------------------------------------------------------------------- V. N O T E S F R O M O T H E R 5 . 0 R E L E A S E S ---------------------------------------------------------------------------- + P R O B L E M S C O R R E C T E D I N 5 . 0 . 1 4 +---------------------------------------------------------------------------- + +1) This release includes defect repair up through Shorewall 5.0.13.4. + +2) When the address variable for an optional interface was used, and + the interface did not have an IP address when the firewall was + started, then enabling the interface did not previously + create/alter the rules that use the address variable. Also, if the + IP address of a disabled interface changed, enabling the interface + did not update/add rules using the interface's gateway address + variable. + + Now, if the IP address of a disabled optional interface + changes from its value (if any) when the netfilter ruleset was + instantiated, then after a successful 'enable', the ruleset is + automatically reloaded if the interface's address variable was + used. + + Similarly, if 'detect' is specified as the GATEWAY for an optional + provider, then if the gateway at the time that the provider is + successfully enabled is different from that (if any) when the + netfilter ruleset was instantiated, then the ruleset is + automatically reloaded if the provider interface's run-time gateway + variable was used. + + As part of this change, if an IP address is specified as the + GATEWAY for a provider, then the run-time gateway variable for the + provider's interface is expanded at compile time rather than at + runtime. + + Example: + + #PROVIDER NUMBER MARK DUPLICATE INTRFACE GATEWAY OPTIONS COPY + foo 1 1 - eth0 1.2.3.4 primary - + + Then %eth0 will be expanded at compile time to '1.2.3.4'. + +3) Previously, the ADDRESS column in /etc/shorewall[6]/masq was + documented as allowing a list of addresses and/or address ranges. + That feature depended on iptables support which is no longer + present in current distributions. The code now disallows more than + one address[-range] and the documentation has been changed + accordingly. + +---------------------------------------------------------------------------- + N E W F E A T U R E S I N 5 . 0 . 1 4 +---------------------------------------------------------------------------- + +1) /etc/shorewall[6]/masq has been superseded by + /etc/shorewall[6]/snat. The new 'snat' file is similar to most of + the other configuration files in that the first column specifies + the ACTION to be performed, the second contains the SOURCE and so + on. + + The 'shorewall[6] update' command will convert an existing masq + file into the equivalent 'snat' file and will rename masq to + masq.bak. + + See shorewall[6]-snat(5) for details. + +2) Actions (both inline and regular) are now supported out of the new + snat file. Like other actions, these 'SNAT actions' must be + declared in the /etc/shorewall[6]/actions file where the new 'nat' + option must be specified. + + Like other actions, the action rules are placed in a file named + action.. Those rules have the same format as those in the + snat file with two restrictions: + + 1. The '+' is not allowed in the ACTION column to specify that the + rules should be applied before one-to-one NAT. It must rather be + specified when the action is invoked. + + 2. Interface names are not permitted in the DEST column, so all of + the rules apply to the interface(s) specified when the action was + invoked. + +---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 5 . 0 . 1 3 ---------------------------------------------------------------------------- diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Samples/two-interfaces/snat shorewall-5.0.15/Samples/two-interfaces/snat --- shorewall-5.0.14/Samples/two-interfaces/snat 2016-11-03 15:06:38.000000000 -0700 +++ shorewall-5.0.15/Samples/two-interfaces/snat 2016-12-02 14:47:03.000000000 -0800 @@ -20,4 +20,4 @@ MASQUERADE 10.0.0.0/8,\ 169.254.0.0/16,\ 172.16.0.0/12,\ - 1 92.168.0.0/16 eth0 + 92.168.0.0/16 eth0 diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/Samples/two-interfaces/snat.annotated shorewall-5.0.15/Samples/two-interfaces/snat.annotated --- shorewall-5.0.14/Samples/two-interfaces/snat.annotated 2016-11-03 15:08:15.942466310 -0700 +++ shorewall-5.0.15/Samples/two-interfaces/snat.annotated 2016-12-02 15:22:43.016754524 -0800 @@ -436,4 +436,4 @@ MASQUERADE 10.0.0.0/8,\ 169.254.0.0/16,\ 172.16.0.0/12,\ - 1 92.168.0.0/16 eth0 + 92.168.0.0/16 eth0 diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/shorewall.spec shorewall-5.0.15/shorewall.spec --- shorewall-5.0.14/shorewall.spec 2016-11-03 15:07:35.454680685 -0700 +++ shorewall-5.0.15/shorewall.spec 2016-12-02 15:21:56.472615101 -0800 @@ -1,6 +1,6 @@ %define name shorewall -%define version 5.0.14 -%define release 0RC3 +%define version 5.0.15 +%define release 0base Summary: Shoreline Firewall is an iptables-based firewall for Linux systems. Name: %{name} @@ -149,6 +149,16 @@ %doc COPYING INSTALL changelog.txt releasenotes.txt Samples %changelog +* Fri Dec 02 2016 Tom Eastep tom@shorewall.net +- Updated to 5.0.15-0base +* Thu Dec 01 2016 Tom Eastep tom@shorewall.net +- Updated to 5.0.15-0RC2 +* Sun Nov 27 2016 Tom Eastep tom@shorewall.net +- Updated to 5.0.15-0RC1 +* Thu Nov 17 2016 Tom Eastep tom@shorewall.net +- Updated to 5.0.15-0Beta2 +* Sun Nov 06 2016 Tom Eastep tom@shorewall.net +- Updated to 5.0.15-0Beta1 * Mon Oct 31 2016 Tom Eastep tom@shorewall.net - Updated to 5.0.14-0RC3 * Sat Oct 29 2016 Tom Eastep tom@shorewall.net diff -Naurd -X /home/teastep/shorewall/tools/build/exclude.txt shorewall-5.0.14/uninstall.sh shorewall-5.0.15/uninstall.sh --- shorewall-5.0.14/uninstall.sh 2016-11-03 15:07:35.222681913 -0700 +++ shorewall-5.0.15/uninstall.sh 2016-12-02 15:21:56.456615052 -0800 @@ -26,7 +26,7 @@ # You may only use this script to uninstall the version # shown below. Simply run this script to remove Shorewall Firewall -VERSION=5.0.14 +VERSION=5.0.15 PRODUCT=shorewall usage() # $1 = exit status