diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/changelog.txt shorewall6-5.0.9/changelog.txt
--- shorewall6-5.0.8/changelog.txt 2016-04-23 06:42:06.811009000 -0700
+++ shorewall6-5.0.9/changelog.txt 2016-06-04 14:49:09.867662682 -0700
@@ -1,3 +1,49 @@
+Changes in 5.0.9 Final
+
+1) Update release documents
+
+2) Document DOCKER fix.
+
+Changes in 5.0.9 RC 1
+
+1) Update release documents
+
+2) Cross-check core version during compilation.
+
+3) Cross-check Shorewall6 version during IPv6 compilation.
+
+4) Turn on AUTOMAKE in the sample configurations.
+
+5) Date/time in 'date' format.
+
+Changes in 5.0.9 Beta 2
+
+1) Update release documents
+
+2) Improve compile date/time implementation
+
+3) Add VERBOSE_MESSAGES option.
+
+4) Allow NFLOG in the mangle file
+
+Changes in 5.0.9 Beta 1
+
+1) Update release documents
+
+2) Fix handling of optional provider with no IP address
+
+3) Correct typos in the Events article
+
+4) Implement standard error messages in the CLI
+
+5) Include compile time and date in the output of 'status'
+
+6) Apply Matt Darfeuille's patch set.
+
+Changes in 5.0.8 Final
+
+1) Update release documents
+
Changes in 5.0.8 RC 2
1) Update release documents.
@@ -16,9 +62,7 @@
8) Add an ESTABLISHED,RELATED rule for o => docker0
-9) ?WARNING and ?INFO
-
-10) Warning on optional provider in the DUPLICATE column
+9) Add ?WARNING and ?INFO directives.
Changes in 5.0.8 RC 1
@@ -28,7 +72,7 @@
3) Correct many issues with save/restore of ipsets.
-4) Update DHCP article (refresh -> restart)
+4) Update DHCP article (refresh -> reload)
5) Correct start command's handling of AUTOMAKE.
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configfiles/mangle.annotated shorewall6-5.0.9/configfiles/mangle.annotated
--- shorewall6-5.0.8/configfiles/mangle.annotated 2016-04-23 06:43:15.331009000 -0700
+++ shorewall6-5.0.9/configfiles/mangle.annotated 2016-06-04 14:50:27.763279142 -0700
@@ -319,7 +319,7 @@
# then
# 0xc0a80403 >> 0 = 0xc0a80403
# 0xc0a80403 LAND 0xFF = 0x03
-# 0x03 LOR 0x0x10100 = 0x10103 or class ID 1:103
+# 0x03 LOR 0x10100 = 0x10103 or class ID 1:103
#
# It is important to realize that, while class IDs are composed of a
# major and a minor value, the set of values must be unique. That is, the
@@ -380,6 +380,21 @@
# then ( 2 ** MASK_BITS ) - 1 is assumed (MASK_BITS is set in
# shorewall6.conf(5)).
#
+# NFLOG[(nflog-parameters)]
+#
+# Added in Shorewall 5.0.9. Logs matching packets using NFLOG. The
+# nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
# RESTORE[(mask)]
#
# Restore the packet's mark from the connection's mark using the supplied
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configfiles/rules.annotated shorewall6-5.0.9/configfiles/rules.annotated
--- shorewall6-5.0.8/configfiles/rules.annotated 2016-04-23 06:43:18.215009000 -0700
+++ shorewall6-5.0.9/configfiles/rules.annotated 2016-06-04 14:50:31.098002571 -0700
@@ -328,9 +328,21 @@
# logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html.
#
-# Similar to LOG:NFLOG[(nflog-parameters)], except that the log level is
-# not changed when this ACTION is used in an action or macro and the
-# invocation of that action or macro specifies a log level.
+# The nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
+# NFLOG is similar to LOG:NFLOG[(nflog-parameters)], except that the log
+# level is not changed when this ACTION is used in an action or macro and
+# the invocation of that action or macro specifies a log level.
#
# NFQUEUE[([queuenumber1[:queuenumber2][,bypass]]|bypass)]
#
@@ -919,7 +931,7 @@
#
# Hop-by-hop options extension header.
#
-# route, ipv6-route or 41
+# route, ipv6-route or 43
#
# IPv6 Route extension header.
#
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configfiles/shorewall6.conf shorewall6-5.0.9/configfiles/shorewall6.conf
--- shorewall6-5.0.8/configfiles/shorewall6.conf 2016-04-19 10:42:50.000000000 -0700
+++ shorewall6-5.0.9/configfiles/shorewall6.conf 2016-05-22 17:50:51.000000000 -0700
@@ -213,6 +213,8 @@
USE_RT_NAMES=No
+VERBOSE_MESSAGES=Yes
+
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configfiles/shorewall6.conf.annotated shorewall6-5.0.9/configfiles/shorewall6.conf.annotated
--- shorewall6-5.0.8/configfiles/shorewall6.conf.annotated 2016-04-23 06:43:18.911009000 -0700
+++ shorewall6-5.0.9/configfiles/shorewall6.conf.annotated 2016-06-04 14:50:31.898656457 -0700
@@ -1487,6 +1487,16 @@
#
# Without these entries, the firewall will fail to start.
#
+VERBOSE_MESSAGES=Yes
+#
+# VERBOSE_MESSAGES=[Yes|No]
+#
+# Added in Shorewall 5.0.9. When Yes (the default), messages produced by the
+# ?INFO and ?WARNING directives include the filename and linenumber of the
+# directive. When set to No, that additional information is omitted. The
+# setting may be overridden on a directive by directive basis by following ?
+# INFO or ?WARNING with '!' (no intervening white space).
+#
WARNOLDCAPVERSION=Yes
#
# WARNOLDCAPVERSION=[Yes|No]
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configure shorewall6-5.0.9/configure
--- shorewall6-5.0.8/configure 2016-04-23 06:42:06.803009000 -0700
+++ shorewall6-5.0.9/configure 2016-06-04 14:49:09.863659412 -0700
@@ -28,7 +28,7 @@
#
# Build updates this
#
-VERSION=5.0.8
+VERSION=5.0.9
case "$BASH_VERSION" in
[4-9].*)
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/configure.pl shorewall6-5.0.9/configure.pl
--- shorewall6-5.0.8/configure.pl 2016-04-23 06:42:06.803009000 -0700
+++ shorewall6-5.0.9/configure.pl 2016-06-04 14:49:09.867662682 -0700
@@ -31,7 +31,7 @@
# Build updates this
#
use constant {
- VERSION => '5.0.8'
+ VERSION => '5.0.9'
};
my %params;
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/install.sh shorewall6-5.0.9/install.sh
--- shorewall6-5.0.8/install.sh 2016-04-23 06:42:06.811009000 -0700
+++ shorewall6-5.0.9/install.sh 2016-06-04 14:49:09.867662682 -0700
@@ -22,7 +22,7 @@
# along with this program; if not, see .
#
-VERSION=5.0.8
+VERSION=5.0.9
#
# Change to the directory containing this script
@@ -514,7 +514,7 @@
# Install the Standard Actions file
#
install_file actions.std ${DESTDIR}${SHAREDIR}/$PRODUCT/actions.std 0644
-echo "Standard actions file installed as ${DESTDIR}${SHAREDIR}d/$PRODUCT/actions.std"
+echo "Standard actions file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/actions.std"
cd configfiles
@@ -1177,6 +1177,8 @@
# Install the Man Pages
#
+if [ -n "$MANDIR" ]; then
+
cd manpages
[ -n "$INSTALLD" ] || mkdir -p ${DESTDIR}${MANDIR}/man5/ ${DESTDIR}${MANDIR}/man8/
@@ -1196,6 +1198,7 @@
cd ..
echo "Man Pages Installed"
+fi
if [ -d ${DESTDIR}${CONFDIR}/logrotate.d ]; then
run_install $OWNERSHIP -m 0644 logrotate ${DESTDIR}${CONFDIR}/logrotate.d/$PRODUCT
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6.8 shorewall6-5.0.9/manpages/shorewall6.8
--- shorewall6-5.0.8/manpages/shorewall6.8 2016-04-23 06:43:12.211009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6.8 2016-06-04 14:50:24.356496861 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Administrative Commands
.\" Source: Administrative Commands
.\" Language: English
.\"
-.TH "SHOREWALL6" "8" "04/23/2016" "Administrative Commands" "Administrative Commands"
+.TH "SHOREWALL6" "8" "06/04/2016" "Administrative Commands" "Administrative Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-accounting.5 shorewall6-5.0.9/manpages/shorewall6-accounting.5
--- shorewall6-5.0.8/manpages/shorewall6-accounting.5 2016-04-23 06:42:51.651009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-accounting.5 2016-06-04 14:50:00.472991476 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-accounting
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-ACCOUNTI" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-ACCOUNTI" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-actions.5 shorewall6-5.0.9/manpages/shorewall6-actions.5
--- shorewall6-5.0.8/manpages/shorewall6-actions.5 2016-04-23 06:42:52.179009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-actions.5 2016-06-04 14:50:01.089494967 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-actions
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-ACTIONS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-ACTIONS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-blrules.5 shorewall6-5.0.9/manpages/shorewall6-blrules.5
--- shorewall6-5.0.8/manpages/shorewall6-blrules.5 2016-04-23 06:42:52.719009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-blrules.5 2016-06-04 14:50:01.710001728 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-blrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-BLRULES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-BLRULES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6.conf.5 shorewall6-5.0.9/manpages/shorewall6.conf.5
--- shorewall6-5.0.8/manpages/shorewall6.conf.5 2016-04-23 06:42:54.595009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6.conf.5 2016-06-04 14:50:03.903793372 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\&.CONF" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\&.CONF" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -2093,6 +2093,11 @@
.RE
.RE
.PP
+\fBVERBOSE_MESSAGES=\fR[\fBYes\fR|\fBNo\fR]
+.RS 4
+Added in Shorewall 5\&.0\&.9\&. When Yes (the default), messages produced by the ?INFO and ?WARNING directives include the filename and linenumber of the directive\&. When set to No, that additional information is omitted\&. The setting may be overridden on a directive by directive basis by following ?INFO or ?WARNING with \*(Aq!\*(Aq (no intervening white space)\&.
+.RE
+.PP
\fBVERBOSITY=\fR[\fInumber\fR]
.RS 4
Shorewall6 has traditionally been very noisy (produced lots of output)\&. You may set the default level of verbosity using the VERBOSITY OPTION\&.
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-conntrack.5 shorewall6-5.0.9/manpages/shorewall6-conntrack.5
--- shorewall6-5.0.8/manpages/shorewall6-conntrack.5 2016-04-23 06:42:55.219009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-conntrack.5 2016-06-04 14:50:04.632388407 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-conntrack
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-CONNTRAC" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-CONNTRAC" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-exclusion.5 shorewall6-5.0.9/manpages/shorewall6-exclusion.5
--- shorewall6-5.0.8/manpages/shorewall6-exclusion.5 2016-04-23 06:42:55.739009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-exclusion.5 2016-06-04 14:50:05.236882090 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-exclusion
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-EXCLUSIO" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-EXCLUSIO" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-hosts.5 shorewall6-5.0.9/manpages/shorewall6-hosts.5
--- shorewall6-5.0.8/manpages/shorewall6-hosts.5 2016-04-23 06:42:56.267009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-hosts.5 2016-06-04 14:50:05.861392120 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-hosts
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-HOSTS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-HOSTS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-interfaces.5 shorewall6-5.0.9/manpages/shorewall6-interfaces.5
--- shorewall6-5.0.8/manpages/shorewall6-interfaces.5 2016-04-23 06:42:56.863009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-interfaces.5 2016-06-04 14:50:06.537944653 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-interfaces
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-INTERFAC" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-INTERFAC" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-ipsets.5 shorewall6-5.0.9/manpages/shorewall6-ipsets.5
--- shorewall6-5.0.8/manpages/shorewall6-ipsets.5 2016-04-23 06:42:57.419009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-ipsets.5 2016-06-04 14:50:07.170461223 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall-ipsets
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL\-IPSETS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL\-IPSETS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-maclist.5 shorewall6-5.0.9/manpages/shorewall6-maclist.5
--- shorewall6-5.0.8/manpages/shorewall6-maclist.5 2016-04-23 06:42:57.935009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-maclist.5 2016-06-04 14:50:07.774954906 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-maclist
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-MACLIST" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-MACLIST" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-mangle.5 shorewall6-5.0.9/manpages/shorewall6-mangle.5
--- shorewall6-5.0.8/manpages/shorewall6-mangle.5 2016-04-23 06:42:58.747009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-mangle.5 2016-06-04 14:50:08.715723220 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-mangle
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-MANGLE" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-MANGLE" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -462,7 +462,7 @@
0xc0a80403 LAND 0xFF = 0x03
.RE
.RS 4
-0x03 LOR 0x0x10100 = 0x10103 or class ID
+0x03 LOR 0x10100 = 0x10103 or class ID
1:103
.RE
It is important to realize that, while class IDs are composed of a
@@ -521,6 +521,46 @@
\m[blue]\fBshorewall6\&.conf\fR\m[]\&\s-2\u[2]\d\s+2(5))\&.
.RE
.PP
+\fBNFLOG\fR[(\fInflog\-parameters\fR)]
+.RS 4
+Added in Shorewall 5\&.0\&.9\&. Logs matching packets using NFLOG\&. The
+\fInflog\-parameters\fR
+are a comma\-separated list of up to 3 numbers:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The first number specifies the netlink group (0\-65535)\&. If omitted (e\&.g\&., NFLOG(,0,10)) then a value of 0 is assumed\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The second number specifies the maximum number of bytes to copy\&. If omitted, 0 (no limit) is assumed\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The third number specifies the number of log messages that should be buffered in the kernel before they are sent to user space\&. The default is 1\&.
+.RE
+.RE
+.PP
\fBRESTORE\fR[(\fImask\fR)]
.RS 4
Restore the packet\*(Aqs mark from the connection\*(Aqs mark using the supplied mask if any\&. Your kernel and iptables must include CONNMARK support\&.
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-masq.5 shorewall6-5.0.9/manpages/shorewall6-masq.5
--- shorewall6-5.0.8/manpages/shorewall6-masq.5 2016-04-23 06:42:59.319009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-masq.5 2016-06-04 14:50:09.384269214 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-masq
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-MASQ" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-MASQ" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-modules.5 shorewall6-5.0.9/manpages/shorewall6-modules.5
--- shorewall6-5.0.8/manpages/shorewall6-modules.5 2016-04-23 06:42:59.831009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-modules.5 2016-06-04 14:50:09.988762897 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-modules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-MODULES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-MODULES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-nat.5 shorewall6-5.0.9/manpages/shorewall6-nat.5
--- shorewall6-5.0.8/manpages/shorewall6-nat.5 2016-04-23 06:43:00.375009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-nat.5 2016-06-04 14:50:10.617276197 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-nat
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-NAT" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-NAT" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-nesting.5 shorewall6-5.0.9/manpages/shorewall6-nesting.5
--- shorewall6-5.0.8/manpages/shorewall6-nesting.5 2016-04-23 06:43:00.895009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-nesting.5 2016-06-04 14:50:11.225773149 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-nesting
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-NESTING" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-NESTING" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-netmap.5 shorewall6-5.0.9/manpages/shorewall6-netmap.5
--- shorewall6-5.0.8/manpages/shorewall6-netmap.5 2016-04-23 06:43:01.427009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-netmap.5 2016-06-04 14:50:11.830266832 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-netmap
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-NETMAP" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-NETMAP" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-params.5 shorewall6-5.0.9/manpages/shorewall6-params.5
--- shorewall6-5.0.8/manpages/shorewall6-params.5 2016-04-23 06:43:01.947009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-params.5 2016-06-04 14:50:12.434760515 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-params
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-PARAMS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-PARAMS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-policy.5 shorewall6-5.0.9/manpages/shorewall6-policy.5
--- shorewall6-5.0.8/manpages/shorewall6-policy.5 2016-04-23 06:43:02.507009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-policy.5 2016-06-04 14:50:13.075283623 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-policy
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-POLICY" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-POLICY" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-providers.5 shorewall6-5.0.9/manpages/shorewall6-providers.5
--- shorewall6-5.0.8/manpages/shorewall6-providers.5 2016-04-23 06:43:03.067009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-providers.5 2016-06-04 14:50:13.735823078 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-providers
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-PROVIDER" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-PROVIDER" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-proxyndp.5 shorewall6-5.0.9/manpages/shorewall6-proxyndp.5
--- shorewall6-5.0.8/manpages/shorewall6-proxyndp.5 2016-04-23 06:43:03.583009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-proxyndp.5 2016-06-04 14:50:14.360333109 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-proxyndp
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-PROXYNDP" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-PROXYNDP" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-routes.5 shorewall6-5.0.9/manpages/shorewall6-routes.5
--- shorewall6-5.0.8/manpages/shorewall6-routes.5 2016-04-23 06:43:04.087009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-routes.5 2016-06-04 14:50:14.968830061 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-routes
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-ROUTES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-ROUTES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-rtrules.5 shorewall6-5.0.9/manpages/shorewall6-rtrules.5
--- shorewall6-5.0.8/manpages/shorewall6-rtrules.5 2016-04-23 06:43:04.619009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-rtrules.5 2016-06-04 14:50:15.569320475 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-rtrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-RTRULES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-RTRULES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-rules.5 shorewall6-5.0.9/manpages/shorewall6-rules.5
--- shorewall6-5.0.8/manpages/shorewall6-rules.5 2016-04-23 06:43:05.703009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-rules.5 2016-06-04 14:50:16.758291494 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-rules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-RULES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-RULES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -416,7 +416,44 @@
Added in Shorewall 4\&.5\&.9\&.3\&. Queues matching packets to a back end logging daemon via a netlink socket then continues to the next rule\&. See
\m[blue]\fBhttp://www\&.shorewall\&.net/shorewall_logging\&.html\fR\m[]\&\s-2\u[7]\d\s+2\&.
.sp
-Similar to\fB LOG:NFLOG\fR[(\fInflog\-parameters\fR)], except that the log level is not changed when this ACTION is used in an action or macro and the invocation of that action or macro specifies a log level\&.
+The
+\fInflog\-parameters\fR
+are a comma\-separated list of up to 3 numbers:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The first number specifies the netlink group (0\-65535)\&. If omitted (e\&.g\&., NFLOG(,0,10)) then a value of 0 is assumed\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The second number specifies the maximum number of bytes to copy\&. If omitted, 0 (no limit) is assumed\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The third number specifies the number of log messages that should be buffered in the kernel before they are sent to user space\&. The default is 1\&.
+.RE
+.sp
+NFLOG is similar to\fB LOG:NFLOG\fR[(\fInflog\-parameters\fR)], except that the log level is not changed when this ACTION is used in an action or macro and the invocation of that action or macro specifies a log level\&.
.RE
.PP
\fBNFQUEUE\fR[([\fIqueuenumber\fR1[:\fIqueuenumber2\fR][,bypass]]|bypass)]
@@ -1185,7 +1222,7 @@
Hop\-by\-hop options extension header\&.
.RE
.PP
-\fBroute\fR, \fBipv6\-route\fR or \fB41\fR
+\fBroute\fR, \fBipv6\-route\fR or \fB43\fR
.RS 4
IPv6 Route extension header\&.
.RE
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-secmarks.5 shorewall6-5.0.9/manpages/shorewall6-secmarks.5
--- shorewall6-5.0.8/manpages/shorewall6-secmarks.5 2016-04-23 06:43:06.271009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-secmarks.5 2016-06-04 14:50:17.394811332 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-secmarks
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-SECMARKS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-SECMARKS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-stoppedrules.5 shorewall6-5.0.9/manpages/shorewall6-stoppedrules.5
--- shorewall6-5.0.8/manpages/shorewall6-stoppedrules.5 2016-04-23 06:43:06.827009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-stoppedrules.5 2016-06-04 14:50:18.043340979 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-stoppedrules
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-STOPPEDR" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-STOPPEDR" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tcclasses.5 shorewall6-5.0.9/manpages/shorewall6-tcclasses.5
--- shorewall6-5.0.8/manpages/shorewall6-tcclasses.5 2016-04-23 06:43:07.419009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tcclasses.5 2016-06-04 14:50:18.755922936 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tcclasses
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TCCLASSE" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TCCLASSE" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tcdevices.5 shorewall6-5.0.9/manpages/shorewall6-tcdevices.5
--- shorewall6-5.0.8/manpages/shorewall6-tcdevices.5 2016-04-23 06:43:07.955009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tcdevices.5 2016-06-04 14:50:19.416462391 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tcdevices
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TCDEVICE" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TCDEVICE" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tcfilters.5 shorewall6-5.0.9/manpages/shorewall6-tcfilters.5
--- shorewall6-5.0.8/manpages/shorewall6-tcfilters.5 2016-04-23 06:43:08.507009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tcfilters.5 2016-06-04 14:50:20.064992038 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tcfilters
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TCFILTER" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TCFILTER" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tcinterfaces.5 shorewall6-5.0.9/manpages/shorewall6-tcinterfaces.5
--- shorewall6-5.0.8/manpages/shorewall6-tcinterfaces.5 2016-04-23 06:43:09.023009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tcinterfaces.5 2016-06-04 14:50:20.681495529 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tcinterfaces
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TCINTERF" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TCINTERF" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tcpri.5 shorewall6-5.0.9/manpages/shorewall6-tcpri.5
--- shorewall6-5.0.8/manpages/shorewall6-tcpri.5 2016-04-23 06:43:09.547009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tcpri.5 2016-06-04 14:50:21.310008829 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tcpri
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TCPRI" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TCPRI" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-tunnels.5 shorewall6-5.0.9/manpages/shorewall6-tunnels.5
--- shorewall6-5.0.8/manpages/shorewall6-tunnels.5 2016-04-23 06:43:10.107009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-tunnels.5 2016-06-04 14:50:21.938522128 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-tunnels
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-TUNNELS" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-TUNNELS" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-vardir.5 shorewall6-5.0.9/manpages/shorewall6-vardir.5
--- shorewall6-5.0.8/manpages/shorewall6-vardir.5 2016-04-23 06:43:10.631009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-vardir.5 2016-06-04 14:50:22.543015812 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-vardir
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-VARDIR" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-VARDIR" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/manpages/shorewall6-zones.5 shorewall6-5.0.9/manpages/shorewall6-zones.5
--- shorewall6-5.0.8/manpages/shorewall6-zones.5 2016-04-23 06:43:12.815009000 -0700
+++ shorewall6-5.0.9/manpages/shorewall6-zones.5 2016-06-04 14:50:25.049062472 -0700
@@ -2,12 +2,12 @@
.\" Title: shorewall6-zones
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.78.1
-.\" Date: 04/23/2016
+.\" Date: 06/04/2016
.\" Manual: Configuration Files
.\" Source: Configuration Files
.\" Language: English
.\"
-.TH "SHOREWALL6\-ZONES" "5" "04/23/2016" "Configuration Files" "Configuration Files"
+.TH "SHOREWALL6\-ZONES" "5" "06/04/2016" "Configuration Files" "Configuration Files"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/releasenotes.txt shorewall6-5.0.9/releasenotes.txt
--- shorewall6-5.0.8/releasenotes.txt 2016-04-23 06:42:06.811009000 -0700
+++ shorewall6-5.0.9/releasenotes.txt 2016-06-04 14:49:09.867662682 -0700
@@ -1,7 +1,7 @@
----------------------------------------------------------------------------
- S H O R E W A L L 5 . 0 . 8
+ S H O R E W A L L 5 . 0 . 9
----------------------------
- A p r i l 2 4 , 2 0 1 6
+ J u n e 0 4 , 2 0 1 6
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -14,7 +14,265 @@
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
-1) This release includes defect repair through Shorewall 5.0.7.2.
+1) This release contains defect repair through Shorewall 5.0.8.2.
+
+----------------------------------------------------------------------------
+ I I. K N O W N P R O B L E M S R E M A I N I N G
+----------------------------------------------------------------------------
+
+1) On systems running Upstart, shorewall-init cannot reliably secure
+ the firewall before interfaces are brought up.
+
+2) The 'enable', 'reenable' and 'disable' commands do not work
+ correctly in configurations with USE_DEFAULT_RT=No and optional
+ providers listed in the DUPLICATE column.
+
+3) Previously, if:
+
+ - DOCKER=Yes
+ - docker0 was defined in /etc/shorewall/interfaces
+ - Docker was not running
+
+ then Shorewall would fail to start with an error similar to this
+
+ iptables-restore v1.4.21: Couldn't load target `DOCKER':
+ No such file or directory
+ Error occurred at line: 29
+ Try `iptables-restore -h' or
+ 'iptables-restore --help' for more information.
+ ERROR: /sbin/iptables-restore Failed.
+
+ This has been corrected such that Shorewall starts correctly under
+ these conditions.
+
+----------------------------------------------------------------------------
+ I I I. N E W F E A T U R E S I N T H I S R E L E A S E
+----------------------------------------------------------------------------
+
+1) The file 'lib.core' has been renamed 'lib.runtime' to more
+ accurately reflect the file's role.
+
+2) The CLI now produces helpful error messages rather than simply
+ dumping out the complete usage syntax.
+
+3) The 'status' and 'version -a" command outputs now include the time
+ and date when the current firewall script was compiled.
+
+ This feature implements a new 'info' command that is recognized by
+ the compiled script. That command produces output similar to the
+ following:
+
+ compiled Thu Apr 28 14:18:58 2016 by Shorewall version 5.0.9
+
+ Note 1: The time and date of compilation will only be displayed
+ after the firewall script has been compiled using this or a later
+ Shorewall release.
+
+ Note 2: Information about the current firewall script is only
+ displayed by the 'version -a' command when the command is executed
+ by root.
+
+ Caution: If you execute 'shorewall compile', a subsequent 'status'
+ command will display the compilation information for the newly
+ compiled script and not for the one that was used to instantiate
+ the running firewall configuration. Note that the compilation
+ date/time, in this case, will be later than the started date/time:
+
+ Example:
+
+ State:Started Sun Apr 24 12:22:18 PDT 2016 from /etc/shorewall/
+ (/var/lib/shorewall/firewall compiled Thu Apr 28 14:18:58 2016
+ by Shorewall version 5.0.9)
+
+4) The ?INFO and ?WARNING directives added in Shorewall 5.0.8 include
+ the current filename and line number in the generated message. That
+ behavior can be suppressed by using ?INFO! AND ?WARNING!
+ instead. Additionally, the default behavior can be changed by
+ setting VERBOSE_MESSAGES=No in shorewall[6].conf. In that case,
+ including the exclaimation point causes the filename and line
+ number to be included.
+
+5) NFLOG(...) is now supported in the mangle files.
+
+6) The compiler now checks the version of the installed Shorewall-core
+ and issues a warning message if there is a mis-match.
+
+ Example (folded to fit within 72 columns):
+
+ WARNING: Version Mismatch: Shorewall-core is version 5.0.8.2,
+ while the Shorewall version is 5.0.9-Beta2
+
+ When compiling for IPv6, the Shorewall6 version is also verified
+ and a similar warning is issued in the case of a mismatch.
+
+7) The sample configurations now have AUTOMAKE enabled.
+
+8) Full date and time strings generated by the compiler are now in
+ 'date' format rather than Perl's 'localtime' format.
+
+----------------------------------------------------------------------------
+ I V. M I G R A T I O N I S S U E S
+----------------------------------------------------------------------------
+
+1) If you are migrating from Shorewall 4.4.x or earlier, please see
+ http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.21/releasenotes.txt
+
+2) It is strongly recommended that you first upgrade your installation
+ to a 4.6 release >= 4.6.12 prior to upgrading to Shorewall 5.0.
+
+ Once you are on the Shorewall 4.6 release:
+
+ - shorewall update -A
+
+ If you also run Shorewall6:
+
+ - shorewall6 update -A
+
+ These steps are necessary because Shorewall 5.0:
+
+ - Does not contain support for the 'tcrules' and 'tos' files --
+ existing 'tcrules' and 'tos' files must be converted to an
+ equivalent set of 'mangle' file entries.
+
+ - Does not contain support for the 'blacklist' file -- it must
+ be converted to an equivalent 'blrules' file.
+
+ - Does not contain support for the 'notrack' file -- it must be
+ converted to an equivalent 'conntrack' file.
+
+ - Does not contain support for the 'routestopped' file -- it must
+ be converted to an equivalent 'stoppedrules' file.
+
+ Note that you can run the update command(s) after you upgrade to
+ Shorewall 5 but your firewall will not work correctly until
+ you do those update(s).
+
+3) The following configuration options have been eliminated:
+
+ - EXPORTPARAMS
+ - IPSECFILE
+ - LEGACY_FASTSTART
+ - LOGRATE *
+ - LOGBURST *
+ - WIDE_TC_MARKS *
+ - HIGH_ROUTE_MARKS *
+ - BLACKLISTNEWONLY *
+
+ A fatal error results if those flagged with an asterisk ("*")
+ appear in the .conf file -- run the 'shorewall[6] update' command
+ to convert their settings to use supported options.
+
+ A warning is issued if any of the rest appear in the .conf file.
+ 'shorewall[6] update' will drop them from the file.
+
+4) To make the command names more accurately reflect what they do,
+ several changes have been included:
+
+ a) Beginning with this release, the 'restart' command now does a
+ true restart and is equivalent to a 'stop' followed by a
+ 'start'.
+
+ b) The pre-5.0.0 'load' command has been renamed 'remote_start'.
+
+ c) The pre-5.0.0 'reload' command has been renamed 'remote_reload'.
+
+ c) The 'reload' command now performs the same function as the
+ pre-5.0.0 'restart' command.
+
+ d) A 'remote_restart' command has been added to Shorewall and
+ Shorewall6 to allow a remote 'restart' after updating the
+ remote firewall system's compiled script.
+
+ For those that can't get used to the idea of using 'reload' in
+ place of 'restart', a RESTART option has been added. The
+ option defaults to 'reload' for compatibility with earlier
+ releases. If set to 'restart', then the 'restart' command
+ does a true restart (stop followed by start)
+
+5) While the WORKAROUNDS setting is still present in the
+ shorewall[6].conf file:
+
+ a) It's default setting has been changed to No.
+
+ b) All workarounds for old distributions have been eliminated.
+
+6) Beginning with Shorewall 5.0.0, all macros and actions are assumed
+ to be FORMAT-2. FORMAT-1 macros and actions are no longer supported
+ and will be silently processed as if they were FORMAT-2. For most
+ macros and actions, this change will be of no concern, but may cause
+ compilation errors in rare cases.
+
+ To review, FORMAT-1 actions have the following columns:
+
+ TARGET
+ SOURCE
+ DEST
+ PROTO
+ DEST PORT(S)
+ SOURCE PORT(S)
+ RATE
+ USER/GROUP
+ MARK
+
+ FORMAT-1 macros have these columns:
+
+ TARGET
+ SOURCE
+ DEST
+ PROTO
+ DEST PORT(S)
+ SOURCE PORT(S)
+ RATE
+ USER/GROUP
+
+ FORMAT-2 actions and macros, on the other hand, have:
+
+ TARGET
+ SOURCE
+ DEST
+ PROTO
+ DEST PORT(S)
+ SOURCE PORT(S)
+ ORIGINAL DEST
+ RATE
+ USER/GROUP
+ MARK
+ CONNLIMIT
+ TIME
+ HEADERS (Only valid for IPv6)
+ SWITCH
+ HELPER
+
+ To summarize, if your action or macro only uses the first 6
+ columns (which most do), then it will process fine as
+ FORMAT-2. Otherwise, it must be modified to place specifications in
+ the proper columns.
+
+7) COMMENT, FORMAT and SECTION lines must now begin with a question
+ mark ("?"). The 'update' command will change all bare COMMENT,
+ FORMAT and SECTION lines to include the question mark.
+
+8) Beginning with Shorewall 5.0.8, the IPv6 default treatment of Auth
+ (TCP 113) is now consistent with IPv4; nothing special is done with
+ these requests, so they are simply logged and dropped.
+
+ IMPORTANT: If you want to continue to reject Auth requests, you
+ can do so by chaning your DROP_DEFAULT setting to make the second
+ parameter REJECT. For example, if you currently have:
+
+ DROP_DEFAULT=Drop
+
+ you can change it to:
+
+ DROP_DEFAULT="Drop(-,REJECT)"
+
+----------------------------------------------------------------------------
+ V. N O T E S F R O M O T H E R 5 . 0 R E L E A S E S
+----------------------------------------------------------------------------
+ P R O B L E M S C O R R E C T E D I N 5 . 0 . 8
+----------------------------------------------------------------------------
+
+1) This release includes defect repair through Shorewall 5.0.7.2
2) If a physical interface name was used in the INTERFACE column of an
entry in /etc/shorewall/masq, then previously a Perl diagnostic was
@@ -147,34 +405,8 @@
restart
safe-*
-16) In the last several releases, the following Known Problem
- Remaining has been listed:
-
- The 'enable', 'reenable' and 'disable' commands do now work
- correctly in configurations with USE_DEFAULT_RT=No.
-
- That description is a bit broader than is necessary and is now
- restricted to the case where an optional provider is listed in the
- DUPLICATE column (see below). Additionally, the compiler now
- generates a warning in that case:
-
- WARNING: An optional provider (xxxx) is listed in the
- DUPLICATE column - enable and disable will not work
- correctly on that provider
-
-----------------------------------------------------------------------------
- I I. K N O W N P R O B L E M S R E M A I N I N G
-----------------------------------------------------------------------------
-
-1) On systems running Upstart, shorewall-init cannot reliably secure
- the firewall before interfaces are brought up.
-
-2) The 'enable', 'reenable' and 'disable' commands do not work
- correctly in configurations with USE_DEFAULT_RT=No and optional
- providers listed in the DUPLICATE column.
-
----------------------------------------------------------------------------
- I I I. N E W F E A T U R E S I N T H I S R E L E A S E
+ N E W F E A T U R E S I N 5 . 0 . 8
----------------------------------------------------------------------------
1) Support for later versions of miniupnpd has been added in the form
@@ -248,8 +480,8 @@
?INFO
The is written to STDERR prefaced by the directive name
- (WARNING or INFO) followed by a colon (':'). It is also written to
- the STARTUP_LOG if:
+ (WARNING or INFO) followed by a colon (':'). It is also written to the
+ STARTUP_LOG if:
- A STARTUP_LOG has been configured
- The command is start, try, restart, reload, refresh or one of the
@@ -259,164 +491,6 @@
aborted.
----------------------------------------------------------------------------
- I V. M I G R A T I O N I S S U E S
-----------------------------------------------------------------------------
-
-1) If you are migrating from Shorewall 4.4.x or earlier, please see
- http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.21/releasenotes.txt
-
-2) It is strongly recommended that you first upgrade your installation
- to a 4.6 release >= 4.6.12 prior to upgrading to Shorewall 5.0.
-
- Once you are on the Shorewall 4.6 release:
-
- - shorewall update -A
-
- If you also run Shorewall6:
-
- - shorewall6 update -A
-
- These steps are necessary because Shorewall 5.0:
-
- - Does not contain support for the 'tcrules' and 'tos' files --
- existing 'tcrules' and 'tos' files must be converted to an
- equivalent set of 'mangle' file entries.
-
- - Does not contain support for the 'blacklist' file -- it must
- be converted to an equivalent 'blrules' file.
-
- - Does not contain support for the 'notrack' file -- it must be
- converted to an equivalent 'conntrack' file.
-
- - Does not contain support for the 'routestopped' file -- it must
- be converted to an equivalent 'stoppedrules' file.
-
- Note that you can run the update command(s) after you upgrade to
- Shorewall 5 but your firewall will not work correctly until
- you do those update(s).
-
-3) The following configuration options have been eliminated:
-
- - EXPORTPARAMS
- - IPSECFILE
- - LEGACY_FASTSTART
- - LOGRATE *
- - LOGBURST *
- - WIDE_TC_MARKS *
- - HIGH_ROUTE_MARKS *
- - BLACKLISTNEWONLY *
-
- A fatal error results if those flagged with an asterisk ("*")
- appear in the .conf file -- run the 'shorewall[6] update' command
- to convert their settings to use supported options.
-
- A warning is issued if any of the rest appear in the .conf file.
- 'shorewall[6] update' will drop them from the file.
-
-4) To make the command names more accurately reflect what they do,
- several changes have been included:
-
- a) Beginning with this release, the 'restart' command now does a
- true restart and is equivalent to a 'stop' followed by a
- 'start'.
-
- b) The pre-5.0.0 'load' command has been renamed 'remote_start'.
-
- c) The pre-5.0.0 'reload' command has been renamed 'remote_reload'.
-
- c) The 'reload' command now performs the same function as the
- pre-5.0.0 'restart' command.
-
- d) A 'remote_restart' command has been added to Shorewall and
- Shorewall6 to allow a remote 'restart' after updating the
- remote firewall system's compiled script.
-
- For those that can't get used to the idea of using 'reload' in
- place of 'restart', a RESTART option has been added. The
- option defaults to 'reload' for compatibility with earlier
- releases. If set to 'restart', then the 'restart' command
- does a true restart (stop followed by start)
-
-5) While the WORKAROUNDS setting is still present in the
- shorewall[6].conf file:
-
- a) It's default setting has been changed to No.
-
- b) All workarounds for old distributions have been eliminated.
-
-6) Beginning with Shorewall 5.0.0, all macros and actions are assumed
- to be FORMAT-2. FORMAT-1 macros and actions are no longer supported
- and will be silently processed as if they were FORMAT-2. For most
- macros and actions, this change will be of no concern, but may cause
- compilation errors in rare cases.
-
- To review, FORMAT-1 actions have the following columns:
-
- TARGET
- SOURCE
- DEST
- PROTO
- DEST PORT(S)
- SOURCE PORT(S)
- RATE
- USER/GROUP
- MARK
-
- FORMAT-1 macros have these columns:
-
- TARGET
- SOURCE
- DEST
- PROTO
- DEST PORT(S)
- SOURCE PORT(S)
- RATE
- USER/GROUP
-
- FORMAT-2 actions and macros, on the other hand, have:
-
- TARGET
- SOURCE
- DEST
- PROTO
- DEST PORT(S)
- SOURCE PORT(S)
- ORIGINAL DEST
- RATE
- USER/GROUP
- MARK
- CONNLIMIT
- TIME
- HEADERS (Only valid for IPv6)
- SWITCH
- HELPER
-
- To summarize, if your action or macro only uses the first 6
- columns (which most do), then it will process fine as
- FORMAT-2. Otherwise, it must be modified to place specifications in
- the proper columns.
-
-7) COMMENT, FORMAT and SECTION lines must now begin with a question
- mark ("?"). The 'update' command will change all bare COMMENT,
- FORMAT and SECTION lines to include the question mark.
-
-8) Beginning with Shorewall 5.0.8, the IPv6 default treatment of Auth
- (TCP 113) is now consistent with IPv4; nothing special is done with
- these requests, so they are simply logged and dropped.
-
- IMPORTANT: If you want to continue to reject Auth requests, you
- can do so by chaning your DROP_DEFAULT setting to make the second
- parameter REJECT. For example, if you currently have:
-
- DROP_DEFAULT=Drop
-
- you can change it to:
-
- DROP_DEFAULT="Drop(-,REJECT)"
-
-----------------------------------------------------------------------------
- V. N O T E S F R O M O T H E R 5 . 0 R E L E A S E S
-----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 5 . 0 . 7
----------------------------------------------------------------------------
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/one-interface/rules.annotated shorewall6-5.0.9/Samples6/one-interface/rules.annotated
--- shorewall6-5.0.8/Samples6/one-interface/rules.annotated 2016-04-23 06:43:22.275009000 -0700
+++ shorewall6-5.0.9/Samples6/one-interface/rules.annotated 2016-06-04 14:50:35.609687213 -0700
@@ -332,9 +332,21 @@
# logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html.
#
-# Similar to LOG:NFLOG[(nflog-parameters)], except that the log level is
-# not changed when this ACTION is used in an action or macro and the
-# invocation of that action or macro specifies a log level.
+# The nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
+# NFLOG is similar to LOG:NFLOG[(nflog-parameters)], except that the log
+# level is not changed when this ACTION is used in an action or macro and
+# the invocation of that action or macro specifies a log level.
#
# NFQUEUE[([queuenumber1[:queuenumber2][,bypass]]|bypass)]
#
@@ -923,7 +935,7 @@
#
# Hop-by-hop options extension header.
#
-# route, ipv6-route or 41
+# route, ipv6-route or 43
#
# IPv6 Route extension header.
#
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/one-interface/shorewall6.conf shorewall6-5.0.9/Samples6/one-interface/shorewall6.conf
--- shorewall6-5.0.8/Samples6/one-interface/shorewall6.conf 2016-04-19 10:42:50.000000000 -0700
+++ shorewall6-5.0.9/Samples6/one-interface/shorewall6.conf 2016-05-22 17:50:51.000000000 -0700
@@ -130,7 +130,7 @@
AUTOHELPERS=Yes
-AUTOMAKE=No
+AUTOMAKE=Yes
BLACKLIST="NEW,INVALID,UNTRACKED"
@@ -214,6 +214,8 @@
USE_RT_NAMES=No
+VERBOSE_MESSAGES=Yes
+
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/one-interface/shorewall6.conf.annotated shorewall6-5.0.9/Samples6/one-interface/shorewall6.conf.annotated
--- shorewall6-5.0.8/Samples6/one-interface/shorewall6.conf.annotated 2016-04-23 06:43:22.679009000 -0700
+++ shorewall6-5.0.9/Samples6/one-interface/shorewall6.conf.annotated 2016-06-04 14:50:36.026027234 -0700
@@ -677,7 +677,7 @@
# The macros for those applications requiring a helper automatically
# specify the appropriate HELPER where required.
#
-AUTOMAKE=No
+AUTOMAKE=Yes
#
# AUTOMAKE=[Yes|No]
#
@@ -1488,6 +1488,16 @@
#
# Without these entries, the firewall will fail to start.
#
+VERBOSE_MESSAGES=Yes
+#
+# VERBOSE_MESSAGES=[Yes|No]
+#
+# Added in Shorewall 5.0.9. When Yes (the default), messages produced by the
+# ?INFO and ?WARNING directives include the filename and linenumber of the
+# directive. When set to No, that additional information is omitted. The
+# setting may be overridden on a directive by directive basis by following ?
+# INFO or ?WARNING with '!' (no intervening white space).
+#
WARNOLDCAPVERSION=Yes
#
# WARNOLDCAPVERSION=[Yes|No]
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/three-interfaces/rules.annotated shorewall6-5.0.9/Samples6/three-interfaces/rules.annotated
--- shorewall6-5.0.8/Samples6/three-interfaces/rules.annotated 2016-04-23 06:43:24.039009000 -0700
+++ shorewall6-5.0.9/Samples6/three-interfaces/rules.annotated 2016-06-04 14:50:37.407155184 -0700
@@ -332,9 +332,21 @@
# logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html.
#
-# Similar to LOG:NFLOG[(nflog-parameters)], except that the log level is
-# not changed when this ACTION is used in an action or macro and the
-# invocation of that action or macro specifies a log level.
+# The nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
+# NFLOG is similar to LOG:NFLOG[(nflog-parameters)], except that the log
+# level is not changed when this ACTION is used in an action or macro and
+# the invocation of that action or macro specifies a log level.
#
# NFQUEUE[([queuenumber1[:queuenumber2][,bypass]]|bypass)]
#
@@ -923,7 +935,7 @@
#
# Hop-by-hop options extension header.
#
-# route, ipv6-route or 41
+# route, ipv6-route or 43
#
# IPv6 Route extension header.
#
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/three-interfaces/shorewall6.conf shorewall6-5.0.9/Samples6/three-interfaces/shorewall6.conf
--- shorewall6-5.0.8/Samples6/three-interfaces/shorewall6.conf 2016-04-19 10:42:50.000000000 -0700
+++ shorewall6-5.0.9/Samples6/three-interfaces/shorewall6.conf 2016-05-22 17:50:51.000000000 -0700
@@ -129,7 +129,7 @@
AUTOHELPERS=Yes
-AUTOMAKE=No
+AUTOMAKE=Yes
BLACKLIST="NEW,INVALID,UNTRACKED"
@@ -213,6 +213,8 @@
USE_RT_NAMES=No
+VERBOSE_MESSAGES=Yes
+
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/three-interfaces/shorewall6.conf.annotated shorewall6-5.0.9/Samples6/three-interfaces/shorewall6.conf.annotated
--- shorewall6-5.0.8/Samples6/three-interfaces/shorewall6.conf.annotated 2016-04-23 06:43:24.451009000 -0700
+++ shorewall6-5.0.9/Samples6/three-interfaces/shorewall6.conf.annotated 2016-06-04 14:50:37.843511552 -0700
@@ -676,7 +676,7 @@
# The macros for those applications requiring a helper automatically
# specify the appropriate HELPER where required.
#
-AUTOMAKE=No
+AUTOMAKE=Yes
#
# AUTOMAKE=[Yes|No]
#
@@ -1487,6 +1487,16 @@
#
# Without these entries, the firewall will fail to start.
#
+VERBOSE_MESSAGES=Yes
+#
+# VERBOSE_MESSAGES=[Yes|No]
+#
+# Added in Shorewall 5.0.9. When Yes (the default), messages produced by the
+# ?INFO and ?WARNING directives include the filename and linenumber of the
+# directive. When set to No, that additional information is omitted. The
+# setting may be overridden on a directive by directive basis by following ?
+# INFO or ?WARNING with '!' (no intervening white space).
+#
WARNOLDCAPVERSION=Yes
#
# WARNOLDCAPVERSION=[Yes|No]
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/two-interfaces/rules.annotated shorewall6-5.0.9/Samples6/two-interfaces/rules.annotated
--- shorewall6-5.0.8/Samples6/two-interfaces/rules.annotated 2016-04-23 06:43:26.199009000 -0700
+++ shorewall6-5.0.9/Samples6/two-interfaces/rules.annotated 2016-06-04 14:50:39.636976254 -0700
@@ -332,9 +332,21 @@
# logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html.
#
-# Similar to LOG:NFLOG[(nflog-parameters)], except that the log level is
-# not changed when this ACTION is used in an action or macro and the
-# invocation of that action or macro specifies a log level.
+# The nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
+# NFLOG is similar to LOG:NFLOG[(nflog-parameters)], except that the log
+# level is not changed when this ACTION is used in an action or macro and
+# the invocation of that action or macro specifies a log level.
#
# NFQUEUE[([queuenumber1[:queuenumber2][,bypass]]|bypass)]
#
@@ -923,7 +935,7 @@
#
# Hop-by-hop options extension header.
#
-# route, ipv6-route or 41
+# route, ipv6-route or 43
#
# IPv6 Route extension header.
#
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/two-interfaces/shorewall6.conf shorewall6-5.0.9/Samples6/two-interfaces/shorewall6.conf
--- shorewall6-5.0.8/Samples6/two-interfaces/shorewall6.conf 2016-04-19 10:42:50.000000000 -0700
+++ shorewall6-5.0.9/Samples6/two-interfaces/shorewall6.conf 2016-05-22 17:50:51.000000000 -0700
@@ -129,7 +129,7 @@
AUTOHELPERS=Yes
-AUTOMAKE=No
+AUTOMAKE=Yes
BLACKLIST="NEW,INVALID,UNTRACKED"
@@ -213,6 +213,8 @@
USE_RT_NAMES=No
+VERBOSE_MESSAGES=Yes
+
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/two-interfaces/shorewall6.conf.annotated shorewall6-5.0.9/Samples6/two-interfaces/shorewall6.conf.annotated
--- shorewall6-5.0.8/Samples6/two-interfaces/shorewall6.conf.annotated 2016-04-23 06:43:26.663009000 -0700
+++ shorewall6-5.0.9/Samples6/two-interfaces/shorewall6.conf.annotated 2016-06-04 14:50:40.061322813 -0700
@@ -676,7 +676,7 @@
# The macros for those applications requiring a helper automatically
# specify the appropriate HELPER where required.
#
-AUTOMAKE=No
+AUTOMAKE=Yes
#
# AUTOMAKE=[Yes|No]
#
@@ -1487,6 +1487,16 @@
#
# Without these entries, the firewall will fail to start.
#
+VERBOSE_MESSAGES=Yes
+#
+# VERBOSE_MESSAGES=[Yes|No]
+#
+# Added in Shorewall 5.0.9. When Yes (the default), messages produced by the
+# ?INFO and ?WARNING directives include the filename and linenumber of the
+# directive. When set to No, that additional information is omitted. The
+# setting may be overridden on a directive by directive basis by following ?
+# INFO or ?WARNING with '!' (no intervening white space).
+#
WARNOLDCAPVERSION=Yes
#
# WARNOLDCAPVERSION=[Yes|No]
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/Universal/rules.annotated shorewall6-5.0.9/Samples6/Universal/rules.annotated
--- shorewall6-5.0.8/Samples6/Universal/rules.annotated 2016-04-23 06:43:28.183009000 -0700
+++ shorewall6-5.0.9/Samples6/Universal/rules.annotated 2016-06-04 14:50:41.794738474 -0700
@@ -328,9 +328,21 @@
# logging daemon via a netlink socket then continues to the next rule.
# See http://www.shorewall.net/shorewall_logging.html.
#
-# Similar to LOG:NFLOG[(nflog-parameters)], except that the log level is
-# not changed when this ACTION is used in an action or macro and the
-# invocation of that action or macro specifies a log level.
+# The nflog-parameters are a comma-separated list of up to 3 numbers:
+#
+# ☆ The first number specifies the netlink group (0-65535). If omitted
+# (e.g., NFLOG(,0,10)) then a value of 0 is assumed.
+#
+# ☆ The second number specifies the maximum number of bytes to copy. If
+# omitted, 0 (no limit) is assumed.
+#
+# ☆ The third number specifies the number of log messages that should
+# be buffered in the kernel before they are sent to user space. The
+# default is 1.
+#
+# NFLOG is similar to LOG:NFLOG[(nflog-parameters)], except that the log
+# level is not changed when this ACTION is used in an action or macro and
+# the invocation of that action or macro specifies a log level.
#
# NFQUEUE[([queuenumber1[:queuenumber2][,bypass]]|bypass)]
#
@@ -919,7 +931,7 @@
#
# Hop-by-hop options extension header.
#
-# route, ipv6-route or 41
+# route, ipv6-route or 43
#
# IPv6 Route extension header.
#
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/Universal/shorewall6.conf shorewall6-5.0.9/Samples6/Universal/shorewall6.conf
--- shorewall6-5.0.8/Samples6/Universal/shorewall6.conf 2016-04-19 10:42:50.000000000 -0700
+++ shorewall6-5.0.9/Samples6/Universal/shorewall6.conf 2016-05-22 17:50:51.000000000 -0700
@@ -129,7 +129,7 @@
AUTOHELPERS=Yes
-AUTOMAKE=No
+AUTOMAKE=Yes
BLACKLIST="NEW,INVALID,UNTRACKED"
@@ -213,6 +213,8 @@
USE_RT_NAMES=No
+VERBOSE_MESSAGES=Yes
+
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/Samples6/Universal/shorewall6.conf.annotated shorewall6-5.0.9/Samples6/Universal/shorewall6.conf.annotated
--- shorewall6-5.0.8/Samples6/Universal/shorewall6.conf.annotated 2016-04-23 06:43:28.559009000 -0700
+++ shorewall6-5.0.9/Samples6/Universal/shorewall6.conf.annotated 2016-06-04 14:50:42.247107919 -0700
@@ -676,7 +676,7 @@
# The macros for those applications requiring a helper automatically
# specify the appropriate HELPER where required.
#
-AUTOMAKE=No
+AUTOMAKE=Yes
#
# AUTOMAKE=[Yes|No]
#
@@ -1487,6 +1487,16 @@
#
# Without these entries, the firewall will fail to start.
#
+VERBOSE_MESSAGES=Yes
+#
+# VERBOSE_MESSAGES=[Yes|No]
+#
+# Added in Shorewall 5.0.9. When Yes (the default), messages produced by the
+# ?INFO and ?WARNING directives include the filename and linenumber of the
+# directive. When set to No, that additional information is omitted. The
+# setting may be overridden on a directive by directive basis by following ?
+# INFO or ?WARNING with '!' (no intervening white space).
+#
WARNOLDCAPVERSION=Yes
#
# WARNOLDCAPVERSION=[Yes|No]
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/shorewall6.spec shorewall6-5.0.9/shorewall6.spec
--- shorewall6-5.0.8/shorewall6.spec 2016-04-23 06:42:06.799009000 -0700
+++ shorewall6-5.0.9/shorewall6.spec 2016-06-04 14:49:09.863659412 -0700
@@ -1,5 +1,5 @@
%define name shorewall6
-%define version 5.0.8
+%define version 5.0.9
%define release 0base
Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
@@ -111,8 +111,14 @@
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
%changelog
-* Tue Apr 19 2016 Tom Eastep tom@shorewall.net
-- Updated to 5.0.8-0base
+* Thu May 12 2016 Tom Eastep tom@shorewall.net
+- Updated to 5.0.9-0base
+* Thu May 05 2016 Tom Eastep tom@shorewall.net
+- Updated to 5.0.9-0RC1
+* Thu Apr 28 2016 Tom Eastep tom@shorewall.net
+- Updated to 5.0.9-0Beta2
+* Mon Apr 18 2016 Tom Eastep tom@shorewall.net
+- Updated to 5.0.9-0Beta1
* Fri Apr 15 2016 Tom Eastep tom@shorewall.net
- Updated to 5.0.8-0RC2
* Mon Apr 11 2016 Tom Eastep tom@shorewall.net
diff -Naurdw -X /home/teastep/shorewall/tools/build/exclude.txt shorewall6-5.0.8/uninstall.sh shorewall6-5.0.9/uninstall.sh
--- shorewall6-5.0.8/uninstall.sh 2016-04-23 06:42:06.799009000 -0700
+++ shorewall6-5.0.9/uninstall.sh 2016-06-04 14:49:09.863659412 -0700
@@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Shorewall Firewall
-VERSION=5.0.8
+VERSION=5.0.9
PRODUCT=shorewall6
Product=Shorewall6