Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

shorewall-5.2.8-2.15 RPM for noarch

From OpenSuSE Ports Tumbleweed for noarch

Name: shorewall Distribution: openSUSE:Factory:zSystems
Version: 5.2.8 Vendor: obs://build.opensuse.org/openSUSE:Factory:zSystems
Release: 2.15 Build date: Sat May 29 12:01:08 2021
Group: Productivity/Networking/Security Build host: s390zp22
Size: 1981946 Source RPM: shorewall-5.2.8-2.15.src.rpm
Url: http://www.shorewall.net/
Summary: An iptables-based firewall for Linux systems
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
(iptables) based firewall that can be used on a dedicated firewall system,
a multi-function gateway/ router/server or on a standalone GNU/Linux system.

Provides

Requires

License

GPL-2.0-only

Changelog

* Mon Nov 09 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Rework xt_geo_ip fixes by using dynamic patching with find
    which is less burden and confusing than manual patches series.
  - Add dynamic patching for *.service with removing like upstream
    the obsolete StandardOutput=syslog until new release
* Sun Nov 08 2020 Togan Muftuoglu <toganm@opensuse.org>
  - Correct the xt_geo_ip locations
  - Correct output to journal
* Sat Sep 26 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.8 (Upgrade your configuration)
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.8/releasenotes.txt
    + Certain restrictions that apply to wildcard interfaces (interface
      name ends in '+') were previously not enforced when the logical
      interface name did not end in '+' but the physical interface name
      did end in '+'.  That has been corrected.
    + To ensure that error messages appear in the correct place in the
      output stream, stderr is now redirected to stdout when the
      configured PAGER is used by a command.
    + Since Shorewall 5.1.0, the Shorewall uninstall.sh script has
      incorrectly removed ${SBINDIR}/shorewall, while the Shorewall-core
      uninstall.sh script has failed to remove that file. Both scripts
      have been corrected.
    + Previously, the Shorewall CLI included a spurious hyphen ('-')
      between the product name (e.g., 'Shorewall6') and the version when
      printing a command output banner.
    + The shorewall-snat(5) manpage previously stated that a
      comma-separated list of IP address could be specified for
      SNAT. That statement was in error and has been removed. As part of
      this change, IPv4 Example 6 has been updated to use the
      PROBABILITY column.
    - New features
      + 'show tc' command now shows the classifiers associated with
      each interface (as displayed by the 'show classifiers'
      command). This integrated qdisc/filter information is also included
      in the output of the 'dump' command. This change deprecates the
      'show classifiers' ('show filters') command, as that command's
      output is now included in the 'show tc' output.
      + Shorewall6 has traditionally generated rules for IPv6 anycast
      addresses. These rules include:
      a)  Packets with these destination IP addresses are dropped by
      REJECT rules.
      b)  Packets with these source IP addresses are dropped by the
      'nosmurfs' interface option and by the 'dropSmurfs' action.
      c)  Packets with these destination IP addresses are not logged
      during policy enforcement.
      d)  Packets with these destination IP addresses are processes by
      the 'Broadcast' action.
      Beginning with this release, individual network interfaces can be
      excluded from this treatment through use of the 'omitanycast'
      option in /etc/shorewall6/interfaces.
      Note: This option was named 'noanycast' in earlier Beta releases.
      + Duplicate function names have been eliminated between the
      Shorewall-core lib.cli shell library and the Shorewall lib.cli-std
      library.
      + The 'status' command in Shorewall[6]-lite now precedes the
      configuration directory name with the administrative host name
      separated with a colon (":").
      + Tuomo Soini has contributed a macro that handles NFS v1.4 (no
      dynamic ports).
  - Packaging:
    + Add buildrequires for pkgconfig (missing)
    + Use macro for sbindir
* Sat Aug 22 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.7
    + **Upgrade your configuration**
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.7/releasenotes.txt
    + Previously, it was not possible to classify traffic by destination
      IP address when using an Intermediate Functional Block (IFB) for
      traffic shaping. This is because such classification takes place
      before the traffic passes through the mangle PREROUTING chain.
      Such filtering is now possible by setting the 'connmark' option in
      the tcdevices file. This option causes the current connection mark
      to be copied to the packet mark prior to filtering, thus allowing
      the packet mark to be used for classification.
      This change adds a new CONNMARK_ACTION capability which is
      required to be able to specify the 'connmark' option.
    + The tcpri file now supports ?FORMAT 2 which inserts an SPORT
      column directly to the right of the PORT column. As part of this
      change, the PORT column is renamed to DPORT while allowing both
      'port' and 'dport' to be used in the alternate input format. See
      shorewall-tcpri(5) and
      http://shorewall.org/simple_traffic_shaping.html for additional
      information.
    + The Simple TC document is now linked to FAQs 97 and 97a.
* Tue Jul 07 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.6
    + **Upgrade your configuration**
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.6/releasenotes.txt
    + When compiling for export, the compiler generates a firewall.conf
      file which is later installed on the remote firewall system as
      ${VARDIR}/firewall.conf. Previously, the CLI on that firewall was
      not processing the file, resulting in some features not being
      available:
    - Default values for VERBOSITY, LOGFILE, LOGFORMAT, PATH,
      SHOREWALL_SHELL, SUBSYSLOCK, RESTOREFILE, RESTART,
      DYNAMIC_BLACKLIST and PAGER are not supplied.
    - scfilter file supplied at compile time.
    - dumpfilter file supplied at compile time.
      That has been corrected.
    + A bug in iptables (see
      https://git.netfilter.org/iptables/commit/?id=d1555a0906e35ba8d170613d5a43da64e527dbe1)
      prevents the '--queue-cpu-fanout' option from being applied unless
      that option is the last one specified. Unfortunately, Shorewall
      places the '--queue-bypass' option last if that option is also
      specified.
      This release works around this issue by ensuring that the
      '--queue-cpu-fanout' option appears last.
    + The -D 'compile', 'check', 'reload' and 'Restart'  option was
      previously omitted from the output of 'shorewall help'. It is now
      included. As part of this change, an incorrect and conflicting
      description of the -D option was removed from the 'remote-restart'
      section of shorewall(8).
    + Previously, when EXPAND_POLICIES=No, chains that enforced ACCEPT
      policies were not completely optimized by optimize level 2 (ACCEPT
      rules preceding the final unconditional ACCEPT were not
      deleted). That has been corrected such that these rules are now
      optimized.
* Thu Jul 02 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.5.2
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.5/releasenotes.txt
    + 5.2.5.2
      Previously, ";;+" was mishandled in the snat file; the generated
      rule incorrectly included the leading "+". That has been corrected
      so that the generated rule is now correct.
      Example (SNAT OpenVPN server traffic leaving on eth0):
      SNAT(192.2.0.4)    -      eth0     ;;+ -p udp --sport 1194
    + 5.2.5.1
    - The change in 5.2.5 base which changed the 'user' facility to the
      'daemon' facility in Shorewall syslog messages did not change the
      messages with severity 'err'. That has been corrected such that
      all syslog messages now use the 'daemon' facility.
    - The actions.std file contains "?IF...?ELSE...?ENDIF" sequences
      that provide different action options depending on the availabilty
      of certain capabilities. This has resulted in the Broadcast and
      Multicast options being listed twice in the output of
      "shorewall[6] show actions". Beginning with this release, this
      duplication is eliminated. Note, however, that the options shown
      will be incomplete if they were continued onto another line, and
      may be incorrect for Broadcast and Multicast.
    - A typo in shorewall-providers(5) has been corrected.
    + 5.2.5 Base
    - Previously, Shorewall-init installed a 'shorewall' script in
      /etc/network/if-down.d on Debian and derivatives. This script was
      unnecessary and required Debian-specific code in the generated
      firewall script. The Shorewall-init script is no longer installed
      and the generated firewall script is now free of
      distribution-specific code.
    - Also on Debian and derivatives, Shorewall-init installed
      /etc//NetworkManager/dispatcher.d/01-shorewall which was also
      unnecessary.  Beginning with this release, that file is no longer
      installed.
    - Previously, if the dynamic-blacklisting default timeout was set in
      a variable in the params file and the variable was used in setting
      DYNAMIC_BLACKLIST, then the 'allow' command would fail with
      the message:
      ERROR: Invalid value (ipset-only,disconnect,timeout=) for
      DYNAMIC_BLACKLIST
      That has been corrected.
    - When EXPAND_POLICIES=No in shorewall[6].conf, policies in complex
      rulesets are enforced in chains such as 'net-all' and
      'all-all'. Previously, these chains included redundant
      state-oriented rules. In addition to being redundant. these rules
      could actually break complex IPv6 configurations. The extra rules are
      now omitted.
* Tue May 26 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix version 5.2.4.5
    + The description of the 'optional' option has been expanded in
      shorewall-interfaces(5).
    + Previously, the AUTOMAKE option did not work properly when
      /etc/shorewall[6] was a symbolic link. That has been corrected.
  - Packaging
    + Remove broken %pretrans, move content to %pre
    + Remove use of %release in rpm scriptlet
    + This will avoid constant rebuild.
* Thu Apr 30 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix version 5.2.4.4
    + When DYNAMIC_BLACKLIST=ipset... or when SAVE_IPSETS=Yes in
      shorewall[6].conf, 'shorewall[6] start' could hang. Fixed.
    + 'shorewall[6] start' would not automatically create dynamic
      blacklisting ipsets. That has been corrected.
  - This version will served also as maintenance upgrade for Leap
* Wed Apr 22 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.4.2
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
    + Fixes for debian
  - Update to version 5.2.4.1
    + Fixes for openSUSE shorewall-init
    will now ignore 'start' and 'stop' commands, for running firewalls
    + Spurious messages have been removed
  - Packaging
    + Move /usr/sbin/shorewall to shorewall-core so -lite version
      doesn't need main shorewall package
    + To make shorewall remote-* command working we patch lib.cli-std
      to use /usr/sbin instead of /sbin + commented spec
    + Desactivate for the moment the upgrade warning. we need to
      find a 100% working solution.
    + use %{var} form everywhere
* Tue Apr 14 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Add perl-base as buildrequirement to force choice of SHA-DIGEST
    new problem in TW
  - To fix boo#1166114 never restart shorewall-init.service
    macro service_del_postun is replaced by simplier systemd_postun
  - Remove conflict between main and lite package.
    A managing station need main to build configuration and can use
    - lite to execute it. Users are in charge of choosing which
    service has to be started and used. ❤ Freedom
* Sat Apr 04 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Remove shorewall require from shorewall-init (was a forgoten
    action)
* Tue Mar 31 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to version 5.2.4
    https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
    + Previously, when a Shorewall6 firewall was placed into the
      'stopped' state, ICMP6 packets required by RFC 4890 were not
      automatically accepted by the generated ruleset.
      Beginning with this release, those packets are automatically
      accepted.
    + Previously, the output of 'shorewall[6] help' displayed the
      superseded 'load' command. That text has been deleted.
    + The QOSExample.html file in the documentation and on the web site
      previously showed tcrules content for the /etc/shorewall/mangle
      file (recall that 'mangle' superseded 'tcrules'). That page has
      been corrected.
    + The 'Starting and Stopping' and 'Configuration file basics'
      documents have been updated to align them with the current product
      behavior.
    +  The 'ipsets' document has been updated to clarify the use of
      ipsets in the stoppedrules file.
  - Packaging
    + shorewall-init package has a removed %service_del_postun
      macro to close bug boo#1166114 Restarting this service can
      lock down admin out of the system.
    + shorewall(6) and shorewall(6)-lite conflict has they shouldn't
      be installed together on the same system.
    + conf_update flag is set to 1 to activate update reminder
    + Adjust and cleanup requires
* Sun Mar 15 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Add version to requires in -lite version
* Wed Mar 11 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to minor bugfix version 5.2.3.7
    + When DOCKER=Yes, if both the DOCKER-ISOLATE and
      DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-*
      chains were not preserved through shorewall state changes.
      That has been corrected so that both chains are preserved if
      present.
    + Previously, the compiler always detected the OLD_CONNTRACK_MATCH
      capability as being available in IPv6. When OLD_CONNTRACK_MATCH
      was available, the compiler also mishandled inversion ('!') in the
      ORIGDEST columns, leading to an assertion failure.
      Both the incorrect capability detection and the mishandled
      inversion have been corrected.
    + During 'enable' processing, if address variables associated with
      the interface have values different than those when the firewall
      was last started/restarted/reloaded, then a 'reload' is performed
      rather than a simple 'enable'. The logic that checks for those
      changes was incorrect in some configurations, leading to unneeded
      reload operations. That has been corrected.
    + When MANGLE_ENABLED=No in shorewall[6].conf, some features
      requiring use of the mangle table can be allowed, even though the
      mangle table is not updated. That has been corrected such that use
      of such features will raise an error.
    + When the IfEvent(...,reset) action was invoked, the compiler
      previously emitted a spurious "Resetting..." message. That message
      has been suppressed.
  - Packaging
    + Do not provide anymore unsused notrack file
    + Introduce define conf_need_update to track when we activate the
    post update warning for users when there's minor or major version
    update of shorewall bnc#1166114
* Mon Feb 17 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.6
    + Fix for possible start failure when both Docker containers
      and Libvirt VMs were in use.
* Mon Feb 03 2020 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut through the -mini flavors.
* Thu Jan 23 2020 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.5
    + A typo in the FTP documentation has been corrected.
    + The recommended mss setting when using IPSec with ipcomp
      has been corrected.
    + A number of incorrect links in the manpages have been
      corrected.
    + The 'bypass' option is now allowed when specifying an
      NFQUEUE policy. Previously, specifying that option resulted
      in an error.
    + Corrected IPv6 Address Range parsing.
    + Previously, such ranges were required to be of the form
      [<addr1>-<addr2>] rather than the more standard form
      [<addr1>]-[<addr2>]. In the snat file (and in nat actions),
      the latter form was actually flagged as an error while in
      other contexts, it resulted in a less obvious error being
      raised.
    + The manpages have been updated to refer to
      https://shorewall.org rather than http://www.shorewall.org.
  - Refresh spec file
* Wed Sep 04 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.4
    + Update release documents.
    + Correct handling of multi-queue NFQUEUE as a policy.
    + Correct handling of multi-queue NFQUEUE as a macro parameter.
    + Make 'AUTOMAKE=No' the update default.
    + Correct the description of the 'bypass' NFQUEUE option in
      shorewall-rules(5).
* Mon Apr 15 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.3
    Previously, if an ipset was specified in an SPORT column, the
    compiler would raise an error similar to:
    ERROR: Invalid ipset name () /etc/shorewall/rules (line 44)
  - Update to bugfix minor 5.2.3.2
    Shorewall 5.2 automatically converts an existing 'masq' file to an
    equivalent 'snat' file. Regrettably, Shorewall 5.2.3 broke that
    automatic update, such that the following error message was issued:
    Use of uninitialized value $Shorewall::Nat::raw::currentline in
    pattern match (m//) at /usr/share/shorewall/Shorewall/Nat.pm
    line 511, <$currentfile> line nnn. and the generated 'masq'
    file contains only initial comments. That has been corrected.
* Wed Feb 27 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to bugfix minor 5.2.3.1 release
    + An issue in the implementation of policy file zone exclusion,
      released in 5.2.3 has been resolved. In the original release,
      if more than one zone was excluded then the following error was
      raised:
      ERROR: 'all' is not allowed in a source zone list
      etc/shorewall/policy (line ...)
* Sat Feb 23 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to new 5.2.3 bugfix release
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.3/releasenotes.txt
    This is the retirement of Tom Eastep see.
    https://sourceforge.net/p/shorewall/mailman/message/36589782/
  - Removed module* in file section
  - Clean-up changes and spec (trailing slashes)
* Sun Feb 03 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to new 5.2.2 bugfix release
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.2/releasenotes.txt
  - Packaging:
    + As seen with upstream recommend running shorewall update on
      all version update
    + to be done: run update automatically
* Fri Jan 04 2019 Bruno Friedmann <bruno@ioda-net.ch>
  - Update to major version 5.2.1.4
    A lot of changes occurs since last package please consult
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.1/releasenotes.txt
    and the know problem list at
    http://www.shorewall.net/pub/shorewall/5.2/shorewall-5.2.1/known_problems.txt
  - Update your configuration shorewall update
  - Packaging: renew spec file with spec-cleaner
* Sun Apr 15 2018 bruno@ioda-net.ch
  - Changes in 5.1.12.3
    Problems Corrected:
    When 'reset' and 'dst' were specified to the IfEvent action,
    the action would incorrectly attempt to reset the event for the
    SOURCE IP address rather than the DEST address. That has been
    corrected.
* Mon Mar 05 2018 bruno@ioda-net.ch
  - spec :
    + Minimal changes with spec-cleaner
    + Stop conflicting with other firewall (SuSEFirewall2, firewalld)
      User can have several management tools, and it help preparing
      a migration
  - Run shorewall(6) update -A to update your configurations
    Check and adapt them before restarting.
  - Changes in 5.1.12.3
    + Update release documents.
    + Ensure that mutex gets released at exit.
  - Changes in 5.1.12.2
    + Alter documentation to prefer ';;' over ';' in INLINE and
      IP[6]TABLES rules.
    + Make 'update' convert ';' to ';;' in INLINE, IPTABLES and
      IP6TABLES rules.
    + Correct typo that resulted in an "unknown function" Perl
      diagnostic.
    + Correct "Invalid policy" message.
    + Fix omitted SYN limiting.
  - Changes in 5.1.12.1
    + Replace macro.SSDPServer with corrected macro.SSDPserver.
  - Changes in 5.1.12 Final
    + Update release documents.
    + Add INLINE_MATCHES=Yes to the deprecated list.
  - Changes in 5.1.12 RC 1
    + Update release documents.
    + Minor performance enhancements to Optimize Category 8.
    + Always report IPSET_MATCH.
  - Changes in 5.1.12 Beta 2
    + Delete undocumented OPTIMIZE_USE_FIRST option.
    + Merge 5.1.11.
    + Suppress trailing whitespace.
    + Avoid awkward blank lines.
  - Changes in 5.1.12 Beta 1
    + Code and manpage cleanup.
    + Allow SNAT in the INPUT chain.
  - Changes in 5.1.11 Final
    + Update release documents.
  - Changes in 5.1.11 RC 1
    + Update versions and copyrights.
    + Clear the connection mark on forwarded IPSEC tunneled connections
    + Make TRACK_PROVIDERS=Yes the default.
  - Changes in 5.1.11 Beta 2
    + Be selective about verification of the conntrack utility when
    + DYNAMIC_BLACKLIST=ipset,disconnect...
    + Don't require shorewall to be started for 'allow' with
      ipset-based DBL.
    + Make address variables play nice with the 'clear' command.
    + Don't unconditionally enable forwarding during 'clear'.
  - Changes in 5.1.11 Beta 1
    + Allow non-root to run some 'show' commands.
    + Use synchain name in log messages rather than base chain name.
    + Assume :syn for TCP CT entries in the conntrack file and HELPER.
    + Limit depth of 'find' search when AUTOMAKE=Yes.
  - Changes in 5.1.10.2
    + Limit 'find' to depth 1.
    + Don't run find in an empty entry in $CONFIG_PATH
  - Changes in 5.1.10.1
    + Fix Shorewall-core installer for sandbox case.
    + Make /etc and /configfiles the same.
  - Changes in 5.1.10 Final
    + Add warning re wildcard and OPTIONS.
    + Correct IPv6 Universal interfaces file.
  - Changes in 5.1.10 RC 1
    + Correct ingress policing.
    + Fix Shorewall-init recompilation problem.
  - Changes in 5.1.10 Beta 2
    + Allow a protocol to be associated with a regular action.
    + Remove the PSH flag from the FIN action.
  - Changes in 5.1.10 Beta 1
    + Allow CONFIG_PATH setting to begin with ':' to allow dropping
      the first directory by non-root.
    + Correct several typos in the manpages (Roberto Sánchez).
    + Correct typo in 'dump' processing.
    + Reset all table counters during 'reset'.
  - Changes in 5.1.9 Final
    + Use logical interface names in the Sample configs.
  - Changes in 5.1.9 RC 1
    + Apply W Van den Akker's OpenWRT/Lede patches.
    + Don't verify IP and SHOREWALL_SHELL paths when compiling for
      export.
    + Support for Redfish remote console in macro.IPMI
  - Changes in 5.1.9 Beta 2
    + Merge content from 5.1.8.
  - Changes in 5.1.9 Beta 1
    + Update release documents.
    + Add TCPMSS action in the mangle file.
    + Inline the Broadcast action when ADDRTYPE match is available.
    + Support logging in the snat file.
    + Add shorewall-logging(5).
  - Changes in 5.1.8 Final
    + Correct 'delete_default_routes()'.
    + Delete default routes from 'main' when a fallback provider is
      successfully enabled.
    + Don't restore default route when a fallback provider is enabled.
    + Issue a warning when 'persistent' is used with
      RESTORE_DEFAULT_ROUTE=Yes.
    + Don't dump SPD entries for the other address family.
    + Fix 'persistent' provider issues.
    + Treat LOG_TARGET the same as all other capabilities.
    + Allow merging of rules with IPSEC policies

Files

/etc/logrotate.d/shorewall
/etc/shorewall
/etc/shorewall/accounting
/etc/shorewall/actions
/etc/shorewall/arprules
/etc/shorewall/blrules
/etc/shorewall/clear
/etc/shorewall/conntrack
/etc/shorewall/ecn
/etc/shorewall/findgw
/etc/shorewall/hosts
/etc/shorewall/init
/etc/shorewall/initdone
/etc/shorewall/interfaces
/etc/shorewall/isusable
/etc/shorewall/lib.private
/etc/shorewall/maclist
/etc/shorewall/mangle
/etc/shorewall/nat
/etc/shorewall/netmap
/etc/shorewall/params
/etc/shorewall/policy
/etc/shorewall/providers
/etc/shorewall/proxyarp
/etc/shorewall/refresh
/etc/shorewall/refreshed
/etc/shorewall/restored
/etc/shorewall/routes
/etc/shorewall/rtrules
/etc/shorewall/rules
/etc/shorewall/scfilter
/etc/shorewall/secmarks
/etc/shorewall/shorewall.conf
/etc/shorewall/snat
/etc/shorewall/start
/etc/shorewall/started
/etc/shorewall/stop
/etc/shorewall/stopped
/etc/shorewall/stoppedrules
/etc/shorewall/tcclasses
/etc/shorewall/tcclear
/etc/shorewall/tcdevices
/etc/shorewall/tcfilters
/etc/shorewall/tcinterfaces
/etc/shorewall/tcpri
/etc/shorewall/tunnels
/etc/shorewall/zones
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/ARP.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Accounting.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Chains.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Compiler.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Config.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/IPAddrs.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Misc.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Nat.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Proc.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Providers.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Proxyarp.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Raw.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Rules.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Tc.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Tunnels.pm
/usr/lib/perl5/vendor_perl/5.32.1/Shorewall/Zones.pm
/usr/lib/systemd/system/shorewall.service
/usr/libexec/shorewall
/usr/libexec/shorewall/compiler.pl
/usr/libexec/shorewall/getparams
/usr/sbin/rcshorewall
/usr/share/doc/packages/shorewall
/usr/share/doc/packages/shorewall/COPYING
/usr/share/doc/packages/shorewall/README.openSUSE
/usr/share/doc/packages/shorewall/changelog.txt
/usr/share/doc/packages/shorewall/releasenotes.txt
/usr/share/fillup-templates/sysconfig.shorewall
/usr/share/man/man5/shorewall-accounting.5.gz
/usr/share/man/man5/shorewall-actions.5.gz
/usr/share/man/man5/shorewall-addresses.5.gz
/usr/share/man/man5/shorewall-arprules.5.gz
/usr/share/man/man5/shorewall-blrules.5.gz
/usr/share/man/man5/shorewall-conntrack.5.gz
/usr/share/man/man5/shorewall-ecn.5.gz
/usr/share/man/man5/shorewall-exclusion.5.gz
/usr/share/man/man5/shorewall-files.5.gz
/usr/share/man/man5/shorewall-hosts.5.gz
/usr/share/man/man5/shorewall-interfaces.5.gz
/usr/share/man/man5/shorewall-ipsets.5.gz
/usr/share/man/man5/shorewall-logging.5.gz
/usr/share/man/man5/shorewall-maclist.5.gz
/usr/share/man/man5/shorewall-mangle.5.gz
/usr/share/man/man5/shorewall-modules.5.gz
/usr/share/man/man5/shorewall-names.5.gz
/usr/share/man/man5/shorewall-nat.5.gz
/usr/share/man/man5/shorewall-nesting.5.gz
/usr/share/man/man5/shorewall-netmap.5.gz
/usr/share/man/man5/shorewall-params.5.gz
/usr/share/man/man5/shorewall-policy.5.gz
/usr/share/man/man5/shorewall-providers.5.gz
/usr/share/man/man5/shorewall-proxyarp.5.gz
/usr/share/man/man5/shorewall-proxyndp.5.gz
/usr/share/man/man5/shorewall-routes.5.gz
/usr/share/man/man5/shorewall-rtrules.5.gz
/usr/share/man/man5/shorewall-rules.5.gz
/usr/share/man/man5/shorewall-secmarks.5.gz
/usr/share/man/man5/shorewall-snat.5.gz
/usr/share/man/man5/shorewall-stoppedrules.5.gz
/usr/share/man/man5/shorewall-tcclasses.5.gz
/usr/share/man/man5/shorewall-tcdevices.5.gz
/usr/share/man/man5/shorewall-tcfilters.5.gz
/usr/share/man/man5/shorewall-tcinterfaces.5.gz
/usr/share/man/man5/shorewall-tcpri.5.gz
/usr/share/man/man5/shorewall-tunnels.5.gz
/usr/share/man/man5/shorewall-vardir.5.gz
/usr/share/man/man5/shorewall-zones.5.gz
/usr/share/man/man5/shorewall.conf.5.gz
/usr/share/man/man8/shorewall.8.gz
/usr/share/shorewall
/usr/share/shorewall/Shorewall
/usr/share/shorewall/action.A_REJECT
/usr/share/shorewall/action.A_REJECT!
/usr/share/shorewall/action.AllowICMPs
/usr/share/shorewall/action.AutoBL
/usr/share/shorewall/action.AutoBLL
/usr/share/shorewall/action.BLACKLIST
/usr/share/shorewall/action.Broadcast
/usr/share/shorewall/action.DNSAmp
/usr/share/shorewall/action.DropDNSrep
/usr/share/shorewall/action.DropSmurfs
/usr/share/shorewall/action.Established
/usr/share/shorewall/action.FIN
/usr/share/shorewall/action.GlusterFS
/usr/share/shorewall/action.IfEvent
/usr/share/shorewall/action.Invalid
/usr/share/shorewall/action.Limit
/usr/share/shorewall/action.Multicast
/usr/share/shorewall/action.New
/usr/share/shorewall/action.NotSyn
/usr/share/shorewall/action.RST
/usr/share/shorewall/action.Related
/usr/share/shorewall/action.ResetEvent
/usr/share/shorewall/action.SetEvent
/usr/share/shorewall/action.TCPFlags
/usr/share/shorewall/action.Untracked
/usr/share/shorewall/action.allowBcast
/usr/share/shorewall/action.allowInvalid
/usr/share/shorewall/action.allowMcast
/usr/share/shorewall/action.allowinUPnP
/usr/share/shorewall/action.dropBcast
/usr/share/shorewall/action.dropBcasts
/usr/share/shorewall/action.dropInvalid
/usr/share/shorewall/action.dropMcast
/usr/share/shorewall/action.dropNotSyn
/usr/share/shorewall/action.forwardUPnP
/usr/share/shorewall/action.mangletemplate
/usr/share/shorewall/action.rejNotSyn
/usr/share/shorewall/action.template
/usr/share/shorewall/actions.std
/usr/share/shorewall/configfiles
/usr/share/shorewall/configfiles/accounting
/usr/share/shorewall/configfiles/accounting.annotated
/usr/share/shorewall/configfiles/actions
/usr/share/shorewall/configfiles/actions.annotated
/usr/share/shorewall/configfiles/arprules
/usr/share/shorewall/configfiles/arprules.annotated
/usr/share/shorewall/configfiles/blrules
/usr/share/shorewall/configfiles/blrules.annotated
/usr/share/shorewall/configfiles/clear
/usr/share/shorewall/configfiles/conntrack
/usr/share/shorewall/configfiles/conntrack.annotated
/usr/share/shorewall/configfiles/ecn
/usr/share/shorewall/configfiles/ecn.annotated
/usr/share/shorewall/configfiles/findgw
/usr/share/shorewall/configfiles/hosts
/usr/share/shorewall/configfiles/hosts.annotated
/usr/share/shorewall/configfiles/init
/usr/share/shorewall/configfiles/initdone
/usr/share/shorewall/configfiles/interfaces
/usr/share/shorewall/configfiles/interfaces.annotated
/usr/share/shorewall/configfiles/isusable
/usr/share/shorewall/configfiles/lib.private
/usr/share/shorewall/configfiles/maclist
/usr/share/shorewall/configfiles/maclist.annotated
/usr/share/shorewall/configfiles/mangle
/usr/share/shorewall/configfiles/mangle.annotated
/usr/share/shorewall/configfiles/nat
/usr/share/shorewall/configfiles/nat.annotated
/usr/share/shorewall/configfiles/netmap
/usr/share/shorewall/configfiles/netmap.annotated
/usr/share/shorewall/configfiles/params
/usr/share/shorewall/configfiles/params.annotated
/usr/share/shorewall/configfiles/policy
/usr/share/shorewall/configfiles/policy.annotated
/usr/share/shorewall/configfiles/providers
/usr/share/shorewall/configfiles/providers.annotated
/usr/share/shorewall/configfiles/proxyarp
/usr/share/shorewall/configfiles/proxyarp.annotated
/usr/share/shorewall/configfiles/refresh
/usr/share/shorewall/configfiles/refreshed
/usr/share/shorewall/configfiles/restored
/usr/share/shorewall/configfiles/routes
/usr/share/shorewall/configfiles/routes.annotated
/usr/share/shorewall/configfiles/rtrules
/usr/share/shorewall/configfiles/rtrules.annotated
/usr/share/shorewall/configfiles/rules
/usr/share/shorewall/configfiles/rules.annotated
/usr/share/shorewall/configfiles/scfilter
/usr/share/shorewall/configfiles/secmarks
/usr/share/shorewall/configfiles/secmarks.annotated
/usr/share/shorewall/configfiles/shorewall.conf
/usr/share/shorewall/configfiles/shorewall.conf.annotated
/usr/share/shorewall/configfiles/snat
/usr/share/shorewall/configfiles/snat.annotated
/usr/share/shorewall/configfiles/start
/usr/share/shorewall/configfiles/started
/usr/share/shorewall/configfiles/stop
/usr/share/shorewall/configfiles/stopped
/usr/share/shorewall/configfiles/stoppedrules
/usr/share/shorewall/configfiles/stoppedrules.annotated
/usr/share/shorewall/configfiles/tcclasses
/usr/share/shorewall/configfiles/tcclasses.annotated
/usr/share/shorewall/configfiles/tcclear
/usr/share/shorewall/configfiles/tcdevices
/usr/share/shorewall/configfiles/tcdevices.annotated
/usr/share/shorewall/configfiles/tcfilters
/usr/share/shorewall/configfiles/tcfilters.annotated
/usr/share/shorewall/configfiles/tcinterfaces
/usr/share/shorewall/configfiles/tcinterfaces.annotated
/usr/share/shorewall/configfiles/tcpri
/usr/share/shorewall/configfiles/tcpri.annotated
/usr/share/shorewall/configfiles/tunnels
/usr/share/shorewall/configfiles/tunnels.annotated
/usr/share/shorewall/configfiles/zones
/usr/share/shorewall/configfiles/zones.annotated
/usr/share/shorewall/configpath
/usr/share/shorewall/deprecated
/usr/share/shorewall/helpers
/usr/share/shorewall/lib.base
/usr/share/shorewall/macro.AMQP
/usr/share/shorewall/macro.A_AllowICMPs
/usr/share/shorewall/macro.A_DropDNSrep
/usr/share/shorewall/macro.A_DropUPnP
/usr/share/shorewall/macro.ActiveDir
/usr/share/shorewall/macro.Amanda
/usr/share/shorewall/macro.Apcupsd
/usr/share/shorewall/macro.Auth
/usr/share/shorewall/macro.BGP
/usr/share/shorewall/macro.BitTorrent
/usr/share/shorewall/macro.BitTorrent32
/usr/share/shorewall/macro.Bitcoin
/usr/share/shorewall/macro.BitcoinRPC
/usr/share/shorewall/macro.BitcoinRegtest
/usr/share/shorewall/macro.BitcoinTestnet
/usr/share/shorewall/macro.BitcoinTestnetRPC
/usr/share/shorewall/macro.BitcoinZMQ
/usr/share/shorewall/macro.CVS
/usr/share/shorewall/macro.Citrix
/usr/share/shorewall/macro.Cockpit
/usr/share/shorewall/macro.DAAP
/usr/share/shorewall/macro.DCC
/usr/share/shorewall/macro.DHCPfwd
/usr/share/shorewall/macro.DNS
/usr/share/shorewall/macro.Distcc
/usr/share/shorewall/macro.DropUPnP
/usr/share/shorewall/macro.Edonkey
/usr/share/shorewall/macro.FTP
/usr/share/shorewall/macro.Finger
/usr/share/shorewall/macro.FreeIPA
/usr/share/shorewall/macro.GNUnet
/usr/share/shorewall/macro.GRE
/usr/share/shorewall/macro.Git
/usr/share/shorewall/macro.Gnutella
/usr/share/shorewall/macro.Goto-Meeting
/usr/share/shorewall/macro.HKP
/usr/share/shorewall/macro.HTTP
/usr/share/shorewall/macro.HTTPS
/usr/share/shorewall/macro.ICPV2
/usr/share/shorewall/macro.ICQ
/usr/share/shorewall/macro.ILO
/usr/share/shorewall/macro.IMAP
/usr/share/shorewall/macro.IMAPS
/usr/share/shorewall/macro.IPFS-API
/usr/share/shorewall/macro.IPFS-gateway
/usr/share/shorewall/macro.IPFS-swarm
/usr/share/shorewall/macro.IPIP
/usr/share/shorewall/macro.IPMI
/usr/share/shorewall/macro.IPP
/usr/share/shorewall/macro.IPPbrd
/usr/share/shorewall/macro.IPPserver
/usr/share/shorewall/macro.IPsec
/usr/share/shorewall/macro.IPsecah
/usr/share/shorewall/macro.IPsecnat
/usr/share/shorewall/macro.IRC
/usr/share/shorewall/macro.JAP
/usr/share/shorewall/macro.Jabber
/usr/share/shorewall/macro.JabberPlain
/usr/share/shorewall/macro.JabberSecure
/usr/share/shorewall/macro.Jabberd
/usr/share/shorewall/macro.Jetdirect
/usr/share/shorewall/macro.Kerberos
/usr/share/shorewall/macro.Kpasswd
/usr/share/shorewall/macro.L2TP
/usr/share/shorewall/macro.LDAP
/usr/share/shorewall/macro.LDAPS
/usr/share/shorewall/macro.MSA
/usr/share/shorewall/macro.MSNP
/usr/share/shorewall/macro.MSSQL
/usr/share/shorewall/macro.Mail
/usr/share/shorewall/macro.MongoDB
/usr/share/shorewall/macro.Munin
/usr/share/shorewall/macro.MySQL
/usr/share/shorewall/macro.NFS
/usr/share/shorewall/macro.NNTP
/usr/share/shorewall/macro.NNTPS
/usr/share/shorewall/macro.NTP
/usr/share/shorewall/macro.NTPbi
/usr/share/shorewall/macro.NTPbrd
/usr/share/shorewall/macro.ONCRPC
/usr/share/shorewall/macro.OSPF
/usr/share/shorewall/macro.OpenVPN
/usr/share/shorewall/macro.PCA
/usr/share/shorewall/macro.POP3
/usr/share/shorewall/macro.POP3S
/usr/share/shorewall/macro.PPtP
/usr/share/shorewall/macro.Ping
/usr/share/shorewall/macro.PostgreSQL
/usr/share/shorewall/macro.Printer
/usr/share/shorewall/macro.Puppet
/usr/share/shorewall/macro.QUIC
/usr/share/shorewall/macro.RDP
/usr/share/shorewall/macro.RIPbi
/usr/share/shorewall/macro.RNDC
/usr/share/shorewall/macro.Razor
/usr/share/shorewall/macro.Rdate
/usr/share/shorewall/macro.Redis
/usr/share/shorewall/macro.RedisCluster
/usr/share/shorewall/macro.RedisSecure
/usr/share/shorewall/macro.RedisSentinel
/usr/share/shorewall/macro.Rfc1918
/usr/share/shorewall/macro.Rsync
/usr/share/shorewall/macro.Rwhois
/usr/share/shorewall/macro.SANE
/usr/share/shorewall/macro.SIP
/usr/share/shorewall/macro.SMB
/usr/share/shorewall/macro.SMBBI
/usr/share/shorewall/macro.SMBswat
/usr/share/shorewall/macro.SMTP
/usr/share/shorewall/macro.SMTPS
/usr/share/shorewall/macro.SNMP
/usr/share/shorewall/macro.SNMPtrap
/usr/share/shorewall/macro.SPAMD
/usr/share/shorewall/macro.SSDP
/usr/share/shorewall/macro.SSDPserver
/usr/share/shorewall/macro.SSH
/usr/share/shorewall/macro.SVN
/usr/share/shorewall/macro.Sieve
/usr/share/shorewall/macro.SixXS
/usr/share/shorewall/macro.Squid
/usr/share/shorewall/macro.Submission
/usr/share/shorewall/macro.Syslog
/usr/share/shorewall/macro.TFTP
/usr/share/shorewall/macro.Telnet
/usr/share/shorewall/macro.Telnets
/usr/share/shorewall/macro.Teredo
/usr/share/shorewall/macro.Time
/usr/share/shorewall/macro.Tinc
/usr/share/shorewall/macro.Tor
/usr/share/shorewall/macro.TorBrowserBundle
/usr/share/shorewall/macro.TorControl
/usr/share/shorewall/macro.TorDirectory
/usr/share/shorewall/macro.TorSocks
/usr/share/shorewall/macro.Trcrt
/usr/share/shorewall/macro.VNC
/usr/share/shorewall/macro.VNCL
/usr/share/shorewall/macro.VRRP
/usr/share/shorewall/macro.WUDO
/usr/share/shorewall/macro.Web
/usr/share/shorewall/macro.Webcache
/usr/share/shorewall/macro.Webmin
/usr/share/shorewall/macro.Whois
/usr/share/shorewall/macro.Xymon
/usr/share/shorewall/macro.Zabbix
/usr/share/shorewall/macro.mDNS
/usr/share/shorewall/macro.mDNSbi
/usr/share/shorewall/macro.template
/usr/share/shorewall/prog.footer
/usr/share/shorewall/version
/var/lib/shorewall


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 14:55:06 2021