Hello community,
here is the log from the commit of package shorewall for openSUSE:Factory
checked in at Thu Aug 11 15:58:21 CEST 2011.
--------
New Changes file:
--- /dev/null 2010-08-26 16:28:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/shorewall/shorewall.changes 2011-06-16
09:06:17.000000000 +0200
@@ -0,0 +1,531 @@
+-------------------------------------------------------------------
+Thu Jun 16 06:59:20 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.20.3. Changes in this release are
+ * Deprecated options have been removed from the .conf files.
+ They remain in the man pages.
+ * A simple configuration like the 'Universal' sample that includes a
+ single wildcard interface ('+' in the INTERFACE column) produces a
+ ruleset that blocks all incoming packets.
+
+ As part of correcting this defect, which was introduced in
+ 4.4.20.2, one or more superfluous rules (which could never
+ match) have been eliminated from most configurations.
+
+
+-------------------------------------------------------------------
+Wed Jun 15 06:57:32 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.20.2
+ * A defect introduced in 4.4.20 could cause the following failure at
+ start/restart:
+
+ ERROR: Command "tc qdisc add dev eth0 parent 1:11 handle 1:
+ sfq quantum 12498 limit 127 perturb 10" failed
+ * The 'sfilter' interface option introduced in 4.4.20 was only
+ applied to forwarded traffic. Now it is also applied to traffic
+ addressed to the firewall itself.
+ * Issues with iptables-restore is corrected
+ * IPSEC traffic is now (correctly) excluded from sfilter.
+ * The following incorrect warning message has been eliminated:
+
+ WARNING: sfilter is ineffective with FASTACCEPT=Yes
+
+
+-------------------------------------------------------------------
+Tue Jun 7 14:14:12 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.20.1
+ * The address of the Free Software Foundation has been corrected in
+ the License files.
+ * The shorewall[6].conf file installed in
+ /usr/share/shorewall[6]/configfiles is no longer modified for use
+ with Shorewall[6]-lite. When creating a new configuration for a
+ remote forewall, two lines need to be modified in the copy
+
+ CONFIG_PATH=/usr/share/shorewall (or shorewall6)
+ STARTUP_LOG=/var/log/shorewall-lite-init.log
+ (or shorewall6-lite-init.log)
+
+
+-------------------------------------------------------------------
+Mon Jun 6 07:30:14 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.20
+ *Removed backported patches for openSUSE specific locations as
+ they are incorporated in upstream.
+
+- Changes in 4.4.20 (for more read changelog.txt and releasenotes.txt)
+ * Support for the AUDIT target has been added. AUDIT is a feature of
+ the 2.6.39 kernel and iptables 1.4.10 that allows security auditing
+ of access decisions.
+
+-------------------------------------------------------------------
+Wed May 18 11:03:16 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.19.4
+ * Previously, the compiler would allow a degenerate entry (only the
+ BAND specified) in /etc/shorewall/tcpri. Such an entry now raises a
+ compilation error.
+ * Previously, it was possible to specify tcfilters and tcrules that
+ classified traffic with the class-id of a non-leaf HFSC class. Such
+ classes are not capabable of handling packets.
+ Shorewall now generates a compile-time warning in this case and
+ ignores the entry.
+
+ If a non-leaf class is specified as the default class, then
+ Shorewall now generates a compile-time error since that
+ configuration allows no network traffic to flow.
+
+ * Traditionally, Shorewall has not checked for the existance of
+ ipsets mentioned in the configuration, potentially resulting in a
+ run-time start/restart failure. Now, the compiler will issue a
+ WARNING if:
+
+ a) The compiler is being run by root.
+ b) The compilation isn't producing a script to run on a remote
+ system under a -lite product.
+ c) An ipset appearing in the configuration does not exist on the
+ local system.
+
+* As previously implemented, the 'refresh' command could fail or
+ could result in a ruleset other than what was intended. If there
+ had been changes in the ruleset since it was originally
+ started/restarted/restored that added or deleted sequenced chains
+ (chains such as ~lognnn and ~exclnnn), the resulting ruleset could
+ jump to the wrong such chains or could fail to 'refresh'
+ successfully.
+
+ This issue has been corrected as follows. When a 'refresh' is done
+ and individual chains are involved, then each table that contains
+ both sequenced chains and one of the chains being refreshed is
+ refreshed in its entirety.
+
+ For example, if 'shorwall refresh foo' is issued and the filter
+ table (which is the default) contains any sequenced chains, then
+ the entire table is reloaded. Note that this reload operation is
+ atomic so no packets are passed through an inconsistent
+ configuration.
+
+ * When 'shorewall6 refresh' was run previously, a harmless
+ 'ip6tables: Chain exists' message was generated.
+
+- Reworked backported patches so shorewall still uses openSUSE specific
+ locations
+- Fix the zone definitions in shorewall6/Samples6/zones examples
+
+-------------------------------------------------------------------
+Wed May 11 16:17:38 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.19.3
+ * incompatibility with gawk has been corrected
+ * Previously, an entry in the USER/GROUP column in the rules and
+ tcrules files could cause run-time start/restart failures if the
+ rule(s) being added did not have the firewall as the source (rules
+ file) and were not being added to the POSTROUTING chain (:T
+ designator in the tcrules file). This error is now caught by
+ the compiler.
+ * Shorewall now insures that a route to a default gateway exists in
+ the main table before it attempts to add a default route through
+ that gateway in a provider table. This prevents start/restart
+ failures in the rare event that such a route does not exist.
+ * CLASSIFY TC rules can apply to traffic exiting only the interface
+ associated with the class-id specified in the first column.
+
+ * Fixes start of shorewall6 (bnc#693162)
+
+-------------------------------------------------------------------
+Fri May 6 08:03:49 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.19.2 For more details see changelog.txt and
+ releasenotes.txt
+
+ * In Shorewall-shell, there was the ability to specify IPSET names in
+ the ORIGINAL DEST column of DNAT and REDIRECT rules. That ability,
+ inadvertently dropped in Shorewall-perl, has been restored
+ * Several problems with complex TC have been corrected:
+ * Double exclusion involving ipset lists was previously not detected,
+ resulting in anomalous behavior.
+-------------------------------------------------------------------
+Mon Apr 18 09:42:37 UTC 2011 - tog...@opensuse.org
+
+- Update to 4.4.19.1
+ * Eliminate silly duplicate rule when stopped.
+ * Don't believe that all nexthop routes are default routes.
+ * Restore :<low port>-<high port> in masq file.
+ * Correct default route safe/restore.
+
+- backported paths related patches from git as they are in mainstream
+ now
+-------------------------------------------------------------------
+Wed Apr 13 17:23:31 UTC 2011 - tog...@opensuse.org
+
+- Shorewall packages have their openSUSE specific locations now
+
+ * Executable files in /usr/lib/shorewall*. These include;
+
+ getparams
+ compiler.pl
+ wait4ifup
+ shorecap
+ ifupdown
+
+ * Perl Modules in /usr/lib/perl5/vendor_perl/PERL_VERSION/Shorewall.
+
+- Updated to 4.4.19 (for more info please consult changelog.txt and
+ releasenotes.txt)
+
+* Corrected a problem in optimize level 4 that resulted in the following
+ compile-time failure
+ Can't use an undefined value as an ARRAY reference at
+ /usr/share/shorewall/Shorewall/Chains.pm line 862.
+
+ * If a DNAT or REDIRECT rule applied to a source zone with an interface
+ defined with 'physical=+', then the nat table 'dnat' chain might have
+ been created but not referenced. This prevented the DNAT or REDIRECT
+ rule from working correctly.
+
+ * Previously, if a variable set in /etc/shorewall/params was given a value
+ containing shell metacharacters, then the compiled script would contain
+ syntax errors.
+
+ * The pathname of the 'conntrack' binary was erroneously printed in the
+ output of 'shorewall6 show connections'.
+
+ * Correct a problem whereby incorrect Netfilter rules were generated when
+ a bridge with ports was given a logical name.
+
++++ 334 more lines (skipped)
++++ between /dev/null
++++ and /mounts/work_src_done/STABLE/shorewall/shorewall.changes
calling whatdependson for head-i586
New:
----
README.openSUSE
init-4.4.14.patch
install-4.4.14.patch
shorewall-4.4.14.rpmlintrc
shorewall-4.4.20.3.tar.bz2
shorewall-docs-html-4.4.20.3.tar.bz2
shorewall-init-4.4.14.init.patch
shorewall-init-4.4.20.3.tar.bz2
shorewall-lite-4.4.14.init.patch
shorewall-lite-4.4.20.3.tar.bz2
shorewall.changes
shorewall.spec
shorewall6-4.4.20.3.tar.bz2
shorewall6-init-4.4.14.patch
shorewall6-lite-4.4.14.init.patch
shorewall6-lite-4.4.20.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shorewall.spec ++++++
#
# spec file for package shorewall
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: shorewall
Version: 4.4.20.3
Release: 1
License: GPL-2.0
Summary: Shoreline Firewall is an iptables-based firewall for Linux
systems
Url: http://www.shorewall.net/
Group: Productivity/Networking/Security
Source0:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-%version.tar.bz2
Source1:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-lite-%version.tar.bz2
Source2:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-init-%version.tar.bz2
Source3:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%{name}6-lite-%version.tar.bz2
Source4:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%{name}6-%version.tar.bz2
Source5:
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.20/%name-docs-html-%version.tar.bz2
Source6: %name-4.4.14.rpmlintrc
Source7: README.openSUSE
# PATCH-FIX-UPSTREAM init-4.4.14 tog...@opensuse.org -- Required-Stop and Short
descriprtion
Patch0: init-4.4.14.patch
# PATCH-FIX-UPSTREAM shorewall-lite-4.4.14.init.patch tog...@opensuse.org
Required-Stop and Short descriprtion
Patch1: shorewall-lite-4.4.14.init.patch
# PATCH-FIX-UPSTREAM shorewall6-init-4.4.14.patch tog...@opensuse.org
Required-Stop and Short descriprtion
Patch2: shorewall6-init-4.4.14.patch
# PATCH-FIX-UPSTREAM shorewall6-lite-4.4.14.init.patch tog...@opensuse.org
Required-Stop and Short descriprtion
Patch3: shorewall6-lite-4.4.14.init.patch
# PATCH-FIX-UPSTREAM shorewall-init-4.4.14.init.patch tog...@opensuse.org added
reload which is start actually
Patch4: shorewall-init-4.4.14.init.patch
# PATCH-FIX-OPENSUSE install-4.4.14.patch tog...@opensuse.org -- use of fillup
template
Patch5: install-4.4.14.patch
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: xtables-addons
Requires: iproute2
Requires: iptables
%if 0%{?suse_version} < 1140
Requires: perl = %{perl_version}
%else
%{perl_requires}
%endif
Requires: logrotate
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
Conflicts: SuSEfirewall2
%description
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%package lite
Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux
systems
Group: Productivity/Networking/Security
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: bc
Requires: iproute2
Requires: iptables
Requires: logrotate
Conflicts: SuSEfirewall2
%description lite
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall Lite is a companion product to Shorewall that allows network
administrators to centralize the configuration of Shorewall-based firewalls.
%package -n %{name}6
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux
systems
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: logrotate
Conflicts: SuSEfirewall2
Group: Productivity/Networking/Security
%description -n %{name}6
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based IPv6 firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
%package -n %{name}6-lite
Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for
Linux systems
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: logrotate
Conflicts: SuSEfirewall2
Group: Productivity/Networking/Security
%description -n %{name}6-lite
The Shoreline Firewall 6, more commonly known as "Shorewall6", is a Netfilter
(ip6tables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall6 Lite is a companion product to Shorewall6 that allows network
administrators to centralize the configuration of Shorewall6-based firewalls.
%package init
Summary: Adds functionality to Shoreline Firewall (Shorewall)
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: logrotate
Requires: %name > 4.4.9
Requires: %{name}6 > 4.4.9
Group: Productivity/Networking/Security
%description init
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
Shorewall Init is a companion product to Shorewall that allows for tigher
control of connections during boot and that integrates Shorewall with
ifup/ifdown and NetworkManager.
%package docs
Summary: HTML documentation for shorewall configuration
Group: Documentation/Other
License: FDLv1.2+
%description docs
HTML documentation for the Shoreline Firewall. Highly recommend to read before
starting to configure shorewall
%prep
%setup -q -c -a1 -a2 -a3 -a4 -a5
# apply patches to shorewall
pushd %name-%version
%patch0
popd
# apply patches to shorewall-lite
pushd %name-lite-%version
%patch1
popd
# apply patches to shorewall6
pushd %{name}6-%version
%patch2
popd
# apply patches to shorewall-lite
pushd %{name}6-lite-%version
%patch3
popd
# apply patches to shorewall-lite
pushd %name-init-%version
%patch4
%patch5
popd
chmod -x %name-docs-html-%version/images/*.png
chmod -x %{name}6-%version/tunnel
chmod -x %{name}6-%version/ipv6
chmod -x %name-%version/Contrib/swping.init
chmod -x %name-%version/Contrib/tunnel
cp %{S:7} %name-%version/.
%build
%install
export LIBEXEC=%_libexecdir ;\
export PERLLIB=%perl_vendorlib ;\
export OWNER="root" ; \
export GROUP="root"
pushd %name-%version
PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh
popd
pushd %name-lite-%version
PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh
popd
pushd %{name}6-%version
PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh
popd
pushd %{name}6-lite-%version
PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh
popd
pushd %name-init-%version
PREFIX=%buildroot DEST=%_initddir %_buildshell install.sh
popd
%clean
rm -rf %buildroot
%post
%{fillup_and_insserv -f %name}
%preun
%{stop_on_removal %name}
rm -f %_sysconfdir/%name/startup_disabled
%postun
%restart_on_update %name
%insserv_cleanup
%stop_on_removal
%post -n %{name}6
%{fillup_and_insserv -f %{name}6}
%preun -n %{name}6
%{stop_on_removal %{name}6}
rm -f %_sysconfdir/%name/startup_disabled
%postun -n %{name}6
%restart_on_update %{name}6
%insserv_cleanup
%stop_on_removal
%post -n %name-lite
%{fillup_and_insserv -f %name-lite}
%preun -n %name-lite
%{stop_on_removal %name-lite}
rm -f %_sysconfdir/%name/startup_disabled
%postun -n %name-lite
%restart_on_update %name-lite
%insserv_cleanup
%stop_on_removal
%post -n %{name}6-lite
%{fillup_and_insserv -f %{name}6-lite}
%preun -n %{name}6-lite
%{stop_on_removal %{name}6-lite}
rm -f %_sysconfdir/%name/startup_disabled
%postun -n %{name}6-lite
%restart_on_update %{name}6-lite
%insserv_cleanup
%stop_on_removal
%post init
%{fillup_and_insserv -n %name-init}
cp -pf %_libexecdir/%name-init/ifupdown
%_sysconfdir/sysconfig/network/scripts/%name
ln -sf %_sysconfdir/sysconfig/network/scripts/%name
%_sysconfdir/sysconfig/network/if-up.d/%name
ln -sf %_sysconfdir/sysconfig/network/scripts/%name
%_sysconfdir/sysconfig/network/if-down.d/%name
if [ -d %_sysconfdir/NetworkManager/dispatcher.d/ ]; then
cp -pf %_libexecdir/%name-init/ifupdown
%_sysconfdir/NetworkManager/dispatcher.d/01-%name
fi
%postun init
%restart_on_update %name-init
%insserv_cleanup
%stop_on_removal
%preun init
%{stop_on_removal %name-init}
rm -f %_sysconfdir/NetworkManager/dispatcher.d/01-%name
%files
%defattr(-,root,root,-)
%attr(0544,root,root) %_initddir/%name
%dir %_sysconfdir/%name
%dir %_datadir/%name
%dir %_libexecdir/%name
%dir %_datadir/%name/configfiles
%dir %_datadir/%name/Shorewall
%attr(0700,root,root) %dir %{_localstatedir}/lib/%name
%config(noreplace) %_sysconfdir/%name/*
%config(noreplace) %_sysconfdir/logrotate.d/%name
%attr(0755,root,root) /sbin/%name
%_datadir/%name/version
%_datadir/%name/actions.std
%_datadir/%name/action.Drop
%_datadir/%name/action.Reject
%_datadir/%name/action.template
%_datadir/%name/action.A_Drop
%_datadir/%name/action.A_Reject
%attr(- ,root,root) %_datadir/%name/functions
%_datadir/%name/lib.*
%_datadir/%name/macro.*
%_datadir/%name/modules
%_datadir/%name/modules.*
%_datadir/%name/helpers
%_datadir/%name/configpath
%_libexecdir/%name/getparams
%attr(0755,root,root) %_libexecdir/%name/wait4ifup
%attr(755,root,root) %_libexecdir/%name/compiler.pl
%_datadir/%name/prog.*
%dir %perl_vendorlib/Shorewall
%perl_vendorlib/Shorewall/*.pm
%_datadir/%name/configfiles/*
%_mandir/man5/%name-[a-k,m-z]*.5*
%_mandir/man5/%name.conf.5*
%_mandir/man8/%name.8*
%doc %name-%version/COPYING
%doc %name-%version/INSTALL
%doc %name-%version/changelog.txt
%doc %name-%version/releasenotes.txt
%doc %name-%version/Contrib/*
%doc %name-%version/Samples
%doc %name-%version/README.openSUSE
%files lite
%defattr(-,root,root,-)
%dir %_sysconfdir/%name-lite
%config(noreplace) %_sysconfdir/%name-lite/%name-lite.conf
%config %_sysconfdir/%name-lite/Makefile
%attr(0544,root,root) %_initddir/%name-lite
%dir %_datadir/%name-lite
%dir %_libexecdir/%name-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%name-lite
%config(noreplace) %_sysconfdir/logrotate.d/%name-lite
%attr(0755,root,root) /sbin/%name-lite
%_datadir/%name-lite/version
%_datadir/%name-lite/configpath
%attr(- ,root,root) %_datadir/%name-lite/functions
%_datadir/%name-lite/lib.*
%_datadir/%name-lite/modules
%_datadir/%name-lite/modules.*
%_datadir/%name-lite/helpers
%attr(0544,root,root) %_libexecdir/%name-lite/shorecap
%attr(0755,root,root) %_libexecdir/%name-lite/wait4ifup
%_mandir/man5/%name-lite*.5*
%_mandir/man8/%name-lite.8.*
%doc %name-lite-%version/COPYING
%doc %name-lite-%version/changelog.txt
%doc %name-lite-%version/releasenotes.txt
%files -n %{name}6
%defattr(-,root,root,-)
%attr(0544,root,root) %_initddir/%{name}6
%dir %_sysconfdir/%{name}6
%dir %_datadir/%{name}6
%dir %_libexecdir/%{name}6
%dir %_datadir/%{name}6/configfiles
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6
%config(noreplace) %_sysconfdir/%{name}6/*
%attr(0600,root,root) %config %_sysconfdir/%{name}6/Makefile
%config(noreplace) %_sysconfdir/logrotate.d/%{name}6
%attr(0755,root,root) /sbin/%{name}6
%_datadir/%{name}6/version
%_datadir/%{name}6/actions.std
%_datadir/%{name}6/action.AllowICMPs
%_datadir/%{name}6/action.Drop
%_datadir/%{name}6/action.Reject
%_datadir/%{name}6/action.template
%_datadir/%{name}6/action.A_Drop
%_datadir/%{name}6/action.A_Reject
%_datadir/%{name}6/action.A_AllowICMPs
%attr(- ,root,root) %_datadir/%{name}6/functions
%_datadir/%{name}6/lib.*
%_datadir/%{name}6/macro.*
%_datadir/%{name}6/modules
%_datadir/%{name}6/modules.*
%_datadir/%{name}6/helpers
%_datadir/%{name}6/configpath
%attr(0755,root,root) %_libexecdir/%{name}6/wait4ifup
%_datadir/%{name}6/configfiles/*
%_mandir/man5/%{name}6-[a-k,m-z]*.5*
%_mandir/man5/%{name}6.conf.5*
%_mandir/man8/%{name}6.8*
%doc %{name}6-%version/COPYING
%doc %{name}6-%version/INSTALL
%doc %{name}6-%version/changelog.txt
%doc %{name}6-%version/releasenotes.txt
%doc %{name}6-%version/tunnel
%doc %{name}6-%version/ipsecvpn
%doc %{name}6-%version/ipv6
%doc %{name}6-%version/Samples6
%files -n %{name}6-lite
%defattr(-,root,root,-)
%_mandir/man5/%{name}6-lite*.5*
%_mandir/man8/%{name}6-lite.8*
%doc %{name}6-lite-%version/COPYING
%doc %{name}6-lite-%version/changelog.txt
%doc %{name}6-lite-%version/releasenotes.txt
%dir %_sysconfdir/%{name}6-lite
%config(noreplace) %_sysconfdir/%{name}6-lite/%{name}6-lite.conf
%config %_sysconfdir/%{name}6-lite/Makefile
%attr(0544,root,root) %_initddir/%{name}6-lite
%dir %_datadir/%{name}6-lite
%dir %_libexecdir/%{name}6-lite
%attr(0700,root,root) %dir %{_localstatedir}/lib/%{name}6-lite
%config(noreplace) %_sysconfdir/logrotate.d/%{name}6-lite
%attr(0755,root,root) /sbin/%{name}6-lite
%_datadir/%{name}6-lite/version
%_datadir/%{name}6-lite/configpath
%attr(- ,root,root) %_datadir/%{name}6-lite/functions
%_datadir/%{name}6-lite/lib.base
%_datadir/%{name}6-lite/lib.cli
%_datadir/%{name}6-lite/lib.common
%_datadir/%{name}6-lite/modules
%_datadir/%{name}6-lite/modules.*
%_datadir/%{name}6-lite/helpers
%attr(0544,root,root) %_libexecdir/%{name}6-lite/shorecap
%attr(0755,root,root) %_libexecdir/%{name}6-lite/wait4ifup
%files init
%defattr(-,root,root,-)
%_localstatedir/adm/fillup-templates/sysconfig.%name-init
%attr(0544,root,root) %config(noreplace) %_sysconfdir/init.d/%name-init
%dir %_datadir/%name-init
%dir %_libexecdir/%name-init
%ghost %dir %_sysconfdir/NetworkManager
%ghost %dir %_sysconfdir/NetworkManager/dispatcher.d
%ghost %attr(0755,root,root) %_sysconfdir/NetworkManager/dispatcher.d/01-%name
%_datadir/%name-init/version
%attr(0544,root,root) %_libexecdir/%name-init/ifupdown
%_mandir/man8/%name-init.8*
%doc %name-init-%version/COPYING
%doc %name-init-%version/changelog.txt
%doc %name-init-%version/releasenotes.txt
%files docs
%defattr(-,root,root,-)
%doc %name-docs-html-%version/*
%changelog
++++++ README.openSUSE ++++++
WARNING
========
Some openSUSE packages include a service file for ease of the
SuSEfirewall2 configuration and opening the necessary ports.
You have to open the required ports yourself using the Shorewall
configuration files.
SuSEfirewall2 is integrated with Yast so configuration can be done via
a GUI. This is not the case for Shorewall.
Enabling Firewall in /etc/sysconfig/network/config or in individual
ifcfg-xxx files is not enough. /etc/sysconfig/shorewall should be
configured.
As the shorewall web page states
"Shorewall is not the easiest to use of the available iptables
configuration tools but I believe that it is the most flexible
and powerful. So if you are looking for a simple point-and-click
set-and-forget Linux firewall solution that requires a minimum of
networking knowledge, check out alternatives."
Now that you are warned remember to have fun
++++++ init-4.4.14.patch ++++++
--- init.sh.orig
+++ init.sh
@@ -1,5 +1,4 @@
#!/bin/sh
-RCDLINKS="2,S41 3,S41 6,K41"
#
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.2
#
@@ -41,13 +40,14 @@ RCDLINKS="2,S41 3,S41 6,K41"
# description: Packet filtering firewall
### BEGIN INIT INFO
-# Provides: shorewall
-# Required-Start: $local_fs $remote_fs $syslog
-# Should-Start: VMware $time $named
-# Required-Stop:
-# Default-Start: 2 3 5
-# Default-Stop: 0 1 6
-# Description: starts and stops the shorewall firewall
+# Provides: shorewall
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 2 3 5
+# Default-Stop: 0 6
+# Short-Description: Configure the firewall at boot time
+# Description: Configure the firewall according to the rules specified in
+# /etc/shorewall
### END INIT INFO
################################################################################
++++++ install-4.4.14.patch ++++++
--- install.sh.orig
+++ install.sh
@@ -250,9 +250,10 @@ else
fi
fi
- if [ -d ${DESTDIR}/etc/sysconfig -a ! -f
${DESTDIR}/etc/sysconfig/shorewall-init ]; then
- install_file sysconfig ${DESTDIR}/etc/sysconfig/shorewall-init 0644
- fi
+# if [ -d ${DESTDIR}/etc/sysconfig -a ! -f
${DESTDIR}/etc/sysconfig/shorewall-init ]; then
+ mkdir -p ${DESTDIR}/var/adm/fillup-templates
+ install_file sysconfig
${DESTDIR}/var/adm/fillup-templates/sysconfig.shorewall-init 0644
+# fi
fi
#
++++++ shorewall-4.4.14.rpmlintrc ++++++
addFilter("non-executable-script /usr/share/shorewall/prog.header*")
addFilter("non-executable-script /usr/share/shorewall/lib.*")
addFilter("non-executable-script /usr/share/shorewall6/lib.*")
addFilter("non-executable-script /usr/share/shorewall-lite/lib.*")
addFilter("non-executable-script /usr/share/shorewall6-lite/lib.*")
addFilter("non-executable-script /etc/shorewall/scfilter")
addFilter("non-executable-script /etc/shorewall6/scfilter")
addFilter("non-executable-script /usr/share/shorewall/configfiles/scfilter")
addFilter("non-executable-script /usr/share/shorewall6/configfiles/scfilter")
addFilter("files-duplicate /usr/share/shorewall6/configfiles/scfilter")
addFilter("script-without-shebang /etc/shorewall-lite/shorewall-lite.conf")
addFilter("script-without-shebang /etc/shorewall6-lite/shorewall6-lite.conf")
addFilter("perl5-naming-policy-not-applied")
++++++ shorewall-init-4.4.14.init.patch ++++++
--- init.sh.orig
+++ init.sh
@@ -26,10 +26,10 @@
#
### BEGIN INIT INFO
# Provides: shorewall-init
-# Required-start: $local_fs
-# Required-stop: $local_fs
+# Required-Start: $local_fs
+# Required-Stop: $local_fs
# Default-Start: 2 3 5
-# Default-Stop:
+# Default-Stop: 0 1 2 6
# Short-Description: Initialize the firewall at boot time
# Description: Place the firewall in a safe state at boot time
# prior to bringing up the network.
@@ -90,14 +90,14 @@ shorewall_stop () {
}
case "$1" in
- start)
+ start|reload)
shorewall_start
;;
stop)
shorewall_stop
;;
*)
- echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+ echo "Usage: /etc/init.d/shorewall-init {start|stop|reload}"
exit 1
esac
++++++ shorewall-lite-4.4.14.init.patch ++++++
--- init.sh.orig
+++ init.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-RCDLINKS="2,S41 3,S41 6,K41"
+# RCDLINKS="2,S41 3,S41 6,K41"
#
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
#
@@ -43,10 +43,11 @@ RCDLINKS="2,S41 3,S41 6,K41"
### BEGIN INIT INFO
# Provides: shorewall-lite
# Required-Start: $network
-# Required-Stop:
+# Required-Stop: $null
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall firewall
+# Short-Description: Packet filtering firewall
### END INIT INFO
################################################################################
++++++ shorewall6-init-4.4.14.patch ++++++
--- init.sh.orig
+++ init.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-RCDLINKS="2,S41 3,S41 6,K41"
+#RCDLINKS="2,S41 3,S41 6,K41"
#
# The Shoreline Firewall (Shorewall6) Packet Filtering Firewall - V4.2
#
@@ -44,10 +44,12 @@ RCDLINKS="2,S41 3,S41 6,K41"
# Provides: shorewall6
# Required-Start: $local_fs $remote_fs $syslog
# Should-Start: VMware $time $named
-# Required-Stop:
+# Should-Stop: $null
+# Required-Stop: $null
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall6 firewall
+# Short-Description: Packet filtering firewall
### END INIT INFO
################################################################################
++++++ shorewall6-lite-4.4.14.init.patch ++++++
--- init.sh.orig
+++ init.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-RCDLINKS="2,S41 3,S41 6,K41"
+#RCDLINKS="2,S41 3,S41 6,K41"
#
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.1
#
@@ -43,10 +43,11 @@ RCDLINKS="2,S41 3,S41 6,K41"
### BEGIN INIT INFO
# Provides: shorewall6-lite
# Required-Start: $network
-# Required-Stop:
+# Required-Stop: $null
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall firewall
+# Short-Description: Packet filtering firewall
### END INIT INFO
################################################################################
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
