Hello community, here is the log from the commit of package SuSEfirewall2 for openSUSE:Factory checked in at 2012-06-25 12:03:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/SuSEfirewall2 (Old) and /work/SRC/openSUSE:Factory/.SuSEfirewall2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "SuSEfirewall2", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/SuSEfirewall2/SuSEfirewall2.changes 2012-05-31 17:10:40.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.SuSEfirewall2.new/SuSEfirewall2.changes 2012-06-25 12:03:08.000000000 +0200 @@ -1,0 +2,15 @@ +Tue Jun 19 11:38:32 UTC 2012 - [email protected] + +- fix logging in test mode + +------------------------------------------------------------------- +Mon Jun 18 09:30:51 UTC 2012 - [email protected] + +- allow icmpv6 in FW_SERVICES_*_* + +------------------------------------------------------------------- +Mon Jun 18 09:24:18 UTC 2012 - [email protected] + +- allow ICMPv6 Multicast Listener Query (bnc#767392) + +------------------------------------------------------------------- Old: ---- SuSEfirewall2-3.6.289.tar.bz2 New: ---- SuSEfirewall2-3.6.292.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ SuSEfirewall2.spec ++++++ --- /var/tmp/diff_new_pack.BV8Esd/_old 2012-06-25 12:03:10.000000000 +0200 +++ /var/tmp/diff_new_pack.BV8Esd/_new 2012-06-25 12:03:10.000000000 +0200 @@ -19,7 +19,7 @@ Name: SuSEfirewall2 -Version: 3.6.289 +Version: 3.6.292 Release: 1 License: GPL-2.0+ Group: Productivity/Networking/Security ++++++ SuSEfirewall2-3.6.289.tar.bz2 -> SuSEfirewall2-3.6.292.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/SuSEfirewall2-3.6.289/SuSEfirewall2 new/SuSEfirewall2-3.6.292/SuSEfirewall2 --- old/SuSEfirewall2-3.6.289/SuSEfirewall2 2012-05-29 15:10:20.000000000 +0200 +++ new/SuSEfirewall2-3.6.292/SuSEfirewall2 2012-06-19 13:31:34.000000000 +0200 @@ -371,7 +371,7 @@ safe_icmp_replies="echo-reply destination-unreachable time-exceeded parameter-problem timestamp-reply address-mask-reply protocol-unreachable redirect" safe_icmpv6_replies="echo-reply destination-unreachable packet-too-big time-exceeded parameter-problem" -stateless_icmpv6_types="router-solicitation router-advertisement neighbour-solicitation neighbour-advertisement redirect" +stateless_icmpv6_types="router-solicitation router-advertisement neighbour-solicitation neighbour-advertisement redirect 130" ############### @@ -527,7 +527,23 @@ sport='' rsport='' fi - ;; + ;; + icmpv6) + if [ -n "$port" ]; then + port="--icmpv6-type $port" + rport="$port" + else + port='' + rport='' + fi + if [ -n "$sport" ]; then + sport="--icmpv6-type $sport" + rsport="$sport" + else + sport='' + rsport='' + fi + ;; *) if [ -n "$port" ]; then error "port is only valid with tcp, udp or icmp in ${var}" @@ -1276,7 +1292,7 @@ if [ "$ignore" != yes ]; then for port in $ignore; do [ $port = no ] && continue - $IPTABLES $match -p udp --dport $port -j DROP + $IPTABLES $match -p udp --dport $port -j "$DROP" done if [ "$allow" != 'yes' ]; then @@ -1285,7 +1301,7 @@ fi if [ "$allow" != 'yes' ]; then - $IPTABLES $match -j DROP # no need to send icmp for broadcasts + $IPTABLES $match -j "$DROP" # no need to send icmp for broadcasts fi done } @@ -2236,8 +2252,6 @@ ############### -parse_logging - setlock if [ "$ACTION" = "bootlock" -o "$ACTION" = "bootunlock" ]; then @@ -2245,6 +2259,18 @@ die 0 fi +if [ "$MODE" = "test" ]; then + DROP="ACCEPT" + REJECT="ACCEPT" + FW_LOG_DROP_ALL=yes + FW_LOG_DROP_CRIT=yes + FW_LOG_ACCEPT_ALL=no + FW_LOG_ACCEPT_CRIT=no + warning "SuSEfirewall2 is running in TEST MODE, no packet filtering is done!" +fi + +parse_logging + if [ "$ACTION" = "basic" ]; then # Reset the filter rules set_basic_rules @@ -2262,16 +2288,6 @@ die 0 "Firewall rules successfully set in simple mode" fi -if [ "$MODE" = "test" ]; then - DROP="ACCEPT" - REJECT="ACCEPT" - FW_LOG_DROP_ALL=yes - FW_LOG_DROP_CRIT=yes - FW_LOG_ACCEPT_ALL=no - FW_LOG_ACCEPT_CRIT=no - warning "SuSEfirewall2 is running in TEST MODE, no packet filtering is done!" -fi - if [ "$ACTION" = "stop" ]; then if [ "$FW_STOP_KEEP_ROUTING_STATE" != "yes" ]; then setproc 0 /proc/sys/net/ipv4/ip_forward -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
