SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shorewall-core-4.5.8.RC2-1.8.TM.noarch.rpm :
Wed Mar 28 14:00:00 2012 toganmAATTopensuse.org
- update to 4.5.2-Beta4

Wed Feb 22 13:00:00 2012 toganmAATTopensuse.org
- 4.5.1

Wed Nov 9 13:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.26-Beta1

* In 4.4.25, ACCEPT behaved in the BLACKLIST section the same way
as in the other rules file sections. This could lead to connections
being accepted inadvertently.
Now, ACCEPT behaves like WHITELIST; that is, it exempts the packet
from the remaining rules in the BLACKLIST section.
- Removes systemd related patches since now incorporated in
upstream.

Tue Oct 11 14:00:00 2011 toganmAATTopensuse.org
- Update to Beta 4.4.25-BETA1
- systemd related patches from Fedora

Thu Sep 29 14:00:00 2011 toganmAATTopensuse.org
- rework systemd related code

Fri Sep 23 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.24-Beta3

* The contents of the NET2 column of the Shorewall6 netmap file
are now validated by the compiler. Previously, they were not
validated which could cause iptables-restore to fail.

* Support has been added for \'condition match\'. Condition
match is available from xtables-addons and implements the
ability to have \"switches\" (conditions) that can be turned on
and off in /proc/net/nf_condition/. To support
condition match, a CONDITION column has been added to the rules
file. The contents of that column is the name of a condition;
Shorewall requires that condition names begin with a letter and be
composed of letters, numbers or \'_\'.

Wed Sep 21 14:00:00 2011 toganmAATTopensuse.org
- Stateless NAT is now available in Shorewall6. See
shorewall6-netmap(5) for details.

Sat Sep 17 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.23.3

* When providers were present that specify neither \'balance\' nor
\'fallback\', then the following message was issued during
compilation and \'enable\' of the interface would fail.
Use of uninitialized value $weight in concatenation (.) or
string at /usr/share/shorewall/Shorewall/Providers.pm line 644.

* TC_ENABLED=Shared was broken in Shorewall 4.4.23, 4.4.23.1 and
4.4.23.2. It produced a shell script with syntax errors.
- Backported patches removed.

Fri Sep 16 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.23.2 For more details see changelog.txt and
releasenotes.txt
- Support of systemd for openSUSE 12.1
- Backported patches WEIGHT.patch and SHARED.patch fixing a
harmless message and traffic shaping issues respectively

Sat Aug 20 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.22.3. Corrections in this release are below.

* On older distributions where \'shorewall show capabilities\'
indicates \'Connection Tracking Match: Not Available\', harmless
Perl diagnostics like the following could be issued:
Use of uninitialized value $list in pattern match (m//)
at /usr/share/shorewall/Shorewall/Config.pm line 1273,
<$currentfile> line 14.
Use of uninitialized value $list in split
at /usr/share/shorewall/Shorewall/Config.pm line 1275,
<$currentfile> line 14.

* On older distributions where \'shorewall show capabilities\'
indicates \'Mangle FORWARD Chain: Not Available\', entries in the
ecn file generated the following Perl Diagnostic:
Use of uninitialized value in hash element
at /usr/share/shorewall/Shorewall/Chains.pm line 1119.

* Previously, if a provider interface was derived from an optional
wildcard entry in /etc/shorewall/providers, then the interface
was never considered to be usable.
Example:
/etc/shorewall/interfaces:
[#]ZONE INTERFACE BROADCAST OPTIONS
net ppp+ - optionsl
/etc/shorewall/providers:net
[#]PROVIDER NUMBER MARK INTERFACE ...
ISP1 1 1 ppp0

* When \'shorewall update\' or \'shorewall6 update\' results in no change
to the .conf file, a message is issued, the .bak file is removed
and the command terminates without error.

Fri Aug 12 14:00:00 2011 toganmAATTopensuse.org
- patch the Perl diagnostic with a WARNING message.

Tue Aug 9 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.22.2

* On older distributions where \'shorewall show capabilities\'
indicates \'Connection Tracking Match: Not Available\', Shorewall
4.4.22 and 4.4.22.1 generated invalid iptables-restore input.

* Previously, the compiler always placed \'#!/bin/sh\' on the first
line of the generated script. It now uses the setting of
SHOREWALL_SHELL on that line rather than \'/bin/sh\'. Note that
SHOREWALL_SHELL defaults to \'/bin/sh\' so this change only affects
those who specify a different shell.
- Patched REDIRECT rule

Thu Aug 4 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.22.1

* Previously, if the name of a zone began with \'all\', then entries
for that zone in /etc/shorewall/rules and /etc/shoreawll6/rules
treated the name the same as \'all\'.
This defect is present in Shorewall 4.4.13 through 4.4.22.

* Previously, when LOAD_HELPERS_ONLY=No, harmless
iptables-restore warnings as follows could be generated:
...
Running /usr/local/sbin/iptables-restore...
- -set option deprecated, please use --match-set
- -set option deprecated, please use --match-set
IPv4 Forwarding Enabled

Wed Aug 3 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.22. For more details see changelog.txt and
releasenotes.txt

* Under rare conditions, long port lists (>15 ports) could result in
the following failure when optimization level 4 was enabled.
Use of uninitialized value in numeric gt (>)
at /usr/share/shorewall/Shorewall/Chains.pm line 1264.
ERROR: Internal error in
Shorewall::Chains::decrement_reference_count at
/usr/share/shorewall/Shorewall/Chains.pm line 1264

* All corrections included in Shorewall 4.4.21.1.
- A bug in recent versions of Shorewall that could result in rules
that are wider in scope than intended was fixed by applying a patch
by the upstream.

Tue Jul 19 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.21.1 Changes in this release are:

* A harmless Perl run-time \"uninitialized variable\" diagnostic has
been eliminated from the compiler. The diagnostic was issued while
displaying the capabilities.

* As the result of a typo, an orphan filter chain named FORWAR
could be created under rare circumstances. This chain was deleted
by OPTIMIZE level 4.

* The SNAT options --persistent and --randomize now work properly
(/etc/shorewall/masq).

* The LOGMARK log level was previously generated invalid iptables
input making it unusable. That has been corrected.
The syntax for LOGMARK is now:
LOGMARK() where is a syslog priority (1-7 or debug,
info, notice, etc.).
Example rule:
[#]ACTION SOURCE DEST PROTO DEST
[#] PORT(S)
LOG:LOGMARK(info) lan dmz udp 1234

Mon Jul 11 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.21 For more details see changelog.txt and
releasenotes.txt

* The Shorewall and Shorewall6 \'load\' and \'reload\' commands
now use the .conf file in the current working directory.

* The \'balance\' and \'fallback\' options in /etc/shorewall/providers
have always been mutually exclusive but the compiler previously
didn\'t enforce that restriction. Now it does.

* The ipset modules are now automatically loaded by Shorewall6 when
LOAD_HELPERS_ONLY=No is specified in shorewall6.conf. Additionally,
there is now a /usr/share/shorewall6/modules.ipset file that
lists all of the required modules.

* TPROXY descriptions have been added to shorewall-tcrules(5) and
shorewall6-tcrules(5).

Thu Jun 16 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.20.3. Changes in this release are

* Deprecated options have been removed from the .conf files.
They remain in the man pages.

* A simple configuration like the \'Universal\' sample that includes a
single wildcard interface (\'+\' in the INTERFACE column) produces a
ruleset that blocks all incoming packets.
As part of correcting this defect, which was introduced in
4.4.20.2, one or more superfluous rules (which could never
match) have been eliminated from most configurations.

Wed Jun 15 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.20.2

* A defect introduced in 4.4.20 could cause the following failure at
start/restart:
ERROR: Command \"tc qdisc add dev eth0 parent 1:11 handle 1:
sfq quantum 12498 limit 127 perturb 10\" failed

* The \'sfilter\' interface option introduced in 4.4.20 was only
applied to forwarded traffic. Now it is also applied to traffic
addressed to the firewall itself.

* Issues with iptables-restore is corrected

* IPSEC traffic is now (correctly) excluded from sfilter.

* The following incorrect warning message has been eliminated:
WARNING: sfilter is ineffective with FASTACCEPT=Yes

Tue Jun 7 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.20.1

* The address of the Free Software Foundation has been corrected in
the License files.

* The shorewall[6].conf file installed in
/usr/share/shorewall[6]/configfiles is no longer modified for use
with Shorewall[6]-lite. When creating a new configuration for a
remote forewall, two lines need to be modified in the copy
CONFIG_PATH=/usr/share/shorewall (or shorewall6)
STARTUP_LOG=/var/log/shorewall-lite-init.log
(or shorewall6-lite-init.log)

Mon Jun 6 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.20

* Removed backported patches for openSUSE specific locations as
they are incorporated in upstream.
- Changes in 4.4.20 (for more read changelog.txt and releasenotes.txt)

* Support for the AUDIT target has been added. AUDIT is a feature of
the 2.6.39 kernel and iptables 1.4.10 that allows security auditing
of access decisions.

Wed May 18 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.19.4

* Previously, the compiler would allow a degenerate entry (only the
BAND specified) in /etc/shorewall/tcpri. Such an entry now raises a
compilation error.

* Previously, it was possible to specify tcfilters and tcrules that
classified traffic with the class-id of a non-leaf HFSC class. Such
classes are not capabable of handling packets.
Shorewall now generates a compile-time warning in this case and
ignores the entry.
If a non-leaf class is specified as the default class, then
Shorewall now generates a compile-time error since that
configuration allows no network traffic to flow.

* Traditionally, Shorewall has not checked for the existance of
ipsets mentioned in the configuration, potentially resulting in a
run-time start/restart failure. Now, the compiler will issue a
WARNING if:
a) The compiler is being run by root.
b) The compilation isn\'t producing a script to run on a remote
system under a -lite product.
c) An ipset appearing in the configuration does not exist on the
local system.

* As previously implemented, the \'refresh\' command could fail or
could result in a ruleset other than what was intended. If there
had been changes in the ruleset since it was originally
started/restarted/restored that added or deleted sequenced chains
(chains such as ~lognnn and ~exclnnn), the resulting ruleset could
jump to the wrong such chains or could fail to \'refresh\'
successfully.
This issue has been corrected as follows. When a \'refresh\' is done
and individual chains are involved, then each table that contains
both sequenced chains and one of the chains being refreshed is
refreshed in its entirety.
For example, if \'shorwall refresh foo\' is issued and the filter
table (which is the default) contains any sequenced chains, then
the entire table is reloaded. Note that this reload operation is
atomic so no packets are passed through an inconsistent
configuration.

* When \'shorewall6 refresh\' was run previously, a harmless
\'ip6tables: Chain exists\' message was generated.
- Reworked backported patches so shorewall still uses openSUSE specific
locations
- Fix the zone definitions in shorewall6/Samples6/zones examples

Wed May 11 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.19.3

* incompatibility with gawk has been corrected

* Previously, an entry in the USER/GROUP column in the rules and
tcrules files could cause run-time start/restart failures if the
rule(s) being added did not have the firewall as the source (rules
file) and were not being added to the POSTROUTING chain (:T
designator in the tcrules file). This error is now caught by
the compiler.

* Shorewall now insures that a route to a default gateway exists in
the main table before it attempts to add a default route through
that gateway in a provider table. This prevents start/restart
failures in the rare event that such a route does not exist.

* CLASSIFY TC rules can apply to traffic exiting only the interface
associated with the class-id specified in the first column.

* Fixes start of shorewall6 (bnc#693162)

Fri May 6 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.19.2 For more details see changelog.txt and
releasenotes.txt

* In Shorewall-shell, there was the ability to specify IPSET names in
the ORIGINAL DEST column of DNAT and REDIRECT rules. That ability,
inadvertently dropped in Shorewall-perl, has been restored

* Several problems with complex TC have been corrected:

* Double exclusion involving ipset lists was previously not detected,
resulting in anomalous behavior.

Mon Apr 18 14:00:00 2011 toganmAATTopensuse.org
- Update to 4.4.19.1

* Eliminate silly duplicate rule when stopped.

* Don\'t believe that all nexthop routes are default routes.

* Restore :- in masq file.

* Correct default route safe/restore.
- backported paths related patches from git as they are in mainstream
now

Wed Apr 13 14:00:00 2011 toganmAATTopensuse.org
- Shorewall packages have their openSUSE specific locations now

* Executable files in /usr/lib/shorewall
*. These include;
getparams
compiler.pl
wait4ifup
shorecap
ifupdown

* Perl Modules in /usr/lib/perl5/vendor_perl/PERL_VERSION/Shorewall.
- Updated to 4.4.19 (for more info please consult changelog.txt and
releasenotes.txt)

* Corrected a problem in optimize level 4 that resulted in the following
compile-time failure
Can\'t use an undefined value as an ARRAY reference at
/usr/share/shorewall/Shorewall/Chains.pm line 862.

* If a DNAT or REDIRECT rule applied to a source zone with an interface
defined with \'physical=+\', then the nat table \'dnat\' chain might have
been created but not referenced. This prevented the DNAT or REDIRECT
rule from working correctly.

* Previously, if a variable set in /etc/shorewall/params was given a value
containing shell metacharacters, then the compiled script would contain
syntax errors.

* The pathname of the \'conntrack\' binary was erroneously printed in the
output of \'shorewall6 show connections\'.

* Correct a problem whereby incorrect Netfilter rules were generated when
a bridge with ports was given a logical name.

* If a bridge interface had subordinate ports defined in
/etc/shorewall/interface, then an ipsec entry (either ipsec zone or the
\'ipsec\' option specified) in /etc/shorewall/hosts resulted in the
compiler generating an incorrect Netfilter configuration.

* A fatal error is now raised if \'!0\' appears in the PROTO column of files
that have that column. This avoids an iptables-restore failure at run time.

Mon Apr 4 14:00:00 2011 toganmAATTopensuse.org
- Updated to 4.4.18.2

* SAVE_IPSETS=Yes didn\'t work unless there is a dynamic zone defined.

* If a logical name was given to a bridge and the ports on the bridge
were defined in /etc/shorewall/interfac, then the compiler could
generate matches that used the logical name rather than the
physical name.

Mon Mar 21 13:00:00 2011 toganmAATTopensuse.org
- Updated to 4.4.18.1

* An issue with params processing on RHEL6 has been corrected. The
problem manifested as the following type of warning:
WARNING: Param line (export OLDPWD) ignored at
/usr/share/shorewall/Shorewall/Config.pm line 2993.

* The editing of the value of the TC_PRIOMAP option has been
tightened. Previously, many invalid settings were allowed,
resulting in run-time tc command failures.

* The Shorewall Lite and Shorewall6 Lite installers now install the
\'helpers\' modules file. Previously, this file was not installed
with the result that both \'shorewall[6]-lite show capabilities\' and
\'shorecap\' failed.

* Previously, if an icmp or icmp6 type which included both a type and
a code was used in the tcfilters file, \'start\' and \'restart\' would
fail with a \'tc\' error.

Fri Mar 11 13:00:00 2011 toganmAATTopensuse.org
- Updated to 4.4.18

* for accounting modules xtables-addons must be installed
- Changes in 4.4.18 (for more read changelog.txt and releasenotes.txt)

* The modules files are now just a driver that INCLUDEs several new
files and one old file:

* Beginning with Shorewall 4.4.18, the accounting structure can be
created with three root chains:
- accountin: Rules that are valid in the INPUT chain (may not
specify an output interface).
- accountout: Rules that are valid in the OUTPUT chain (may not
specify an input interface or a MAC address).
- accountfwd: Other rules.

* Internals Change: The Policy.pm module has been merged into the
Rules.pm module.

Thu Feb 10 13:00:00 2011 toganmAATTopensuse.org
- Updated to 4.4.17

* This release adds support for per-IP accounting using the ACCOUNT
target. That target is only available when xtables-addons is
installed.
- Changes in 4.4.17 (for more read changelog.txt and releasenotes.txt)

* Previously, Shorewall did not check the length of the names of
accounting chains and manual chains. This could result in
errors when loading the resulting ruleset. Now, the compiler issues
an error for chain names longer than 29 characters.
Additionally, the compiler now ensures that these chain names are
composed only of letters, digits, underscores (\'_\') and dashes
(\"-\"). This eliminates Perl runtime errors or other failures when a
chain name is embedded within a regular expression.

* Several issues with complex traffic shaping have been resolved:
a) Specifying IPv6 network addresses in the SOURCE or DEST columns
of /etc/shorewall6/tcfilters now works correctly. Previously,
Perl runtime warnings occurred and an invalid tc command was
generated.
b) Previously, if flow= was specified on a parent class, a perl
runtime warning occurred and an invalid tc command was
generated. This combination is now flagged as an error at
compile time.
c) There is now an ipv6 tcfilters skeleton included with
Shorewall6.

* Several issues with accounting are corrected.
a) If an accounting rule of the form:
chain1 chain2
was configured and neither chain was referenced again in the
configuration, then an internal error was generated when
optimize level 4 was selected and OPTIMIZE_ACCOUNTING=Yes.
b) If there was only a single accounting rule and that rule
specified an interface in the SOURCE or DEST columns, then the
generated ruleset would fail to load when
OPTIMIZE_ACCOUNTING=Yes.
c) If a per-IP accounting table name appeared in more than one
rule and the specified network was not the same in all
occurrences, then the generated ruleset would fail to load.
This is now flagged as an error at compile time.

* Two defects in compiler module loading have been corrected:
a) Previously, the kernel/net/ipv6/netfilter/ directory was not
searched.
b) A Perl diagnostic was issued when running on a monolithic kernel
when the modutils package was installed.

* A line containing only \'INCLUDE\' appearing in an extension script
now generates a compile-time diagnostic rather than a run-time
diagnostic.

* Previously, the uninstall.sh scripts used insserv (if installed) on
Debian-based systems. These scripts now use the preferred tool
(updaterc.d).

* Beginning with 4.4.16, compilation would fail if an empty shell
variable was referenced in a config file on a system where /bin/sh
is the Bourne Again Shell (bash).

* In earlier versions. if OPTIMIZE=8 then the ruleset displayed by
\'check -r\' was the same as when OPTIMIZE=0 (unoptimized).
Similarly, if OPTIMIZE=9 then the ruleset displayed was the same
as when OPTIMIZE=1.

* Startup could previously fail on a system where kernel module
autoloading was not available and where TC_ENABLED=Simple was
specified in shorewall.conf or shorewall6.conf.

* Previously, a \'done.\' message could be printed at the end of
command processing even when the command had failed. Now, such a
message only appears if the command completed successfully.

Sat Jan 22 13:00:00 2011 toganmAATTopensuse.org
- Updated to 4.4.16.1

* Beginning with 4.4.16, compilation would fail if an empty shell
variable was referenced in a config file on a system where /bin/sh
is the Bourne Again Shell (bash).

Wed Jan 12 13:00:00 2011 toganmAATTopensuse.org
- fix fillup for shorewall-init so it will be copied to sysconfig
directory
- link network/scripts/shorewall to if-up.d and if-down.d
- Changes in 4.4.16 (for more read changelog.txt and releasenotes.txt)
+ If the output of \'env\' contained a multi-line value, then
compilation failed with an Internal Error. The code has been
changed so that the compiler now handles multi-line values
correctly.

* In 4.4.15, output to Standard Out (FD 1) generated by
/etc/shorewall/params (/etc/shorewall6/params) was redirected to
/dev/null. It is now redirected to Standard Error (FD 2).

* If a params file did not appear in the CONFIG_PATH, compilation
failed with the error:
.: 31: Can\'t open /etc/shorewall6/params
ERROR: Processing of /etc/shorewall6/params failed

* Previously, proxy ARP with logical interface names did not
work. Symptoms included numerous Perl runtime error messages.

* Previously, the root of a wildcard name erroneously matched that
name. For example \'eth\' matched \'eth+\'. Now there must be at least
one additional character (e.g., \'eth4\').

* Use of logical interface names in the notrack and ecn files
resulted in perl runtime warning messages.

* The use of wildcard-matching names in certain contexts would result
in anomalous behavior. Among the symptoms were:
- Perl run-time messages similar to this one:
Use of uninitialized value in numeric comparison (<=>)
at /usr/share/shorewall/Shorewall/Zones.pm line 1334.
- Failure to treat the interface as optional or required.

* Where two ISPs share the same interface, if one of the ISPs was not
reachable, an iptables-restore error such as this occurred:
iptables-restore v1.4.10: Bad mac address \"-j\"

* Previously, under very rare circumstances, a chain would be
optimized away while there were still jumps to the chain. This caused
Shorewall start/restart to fail during iptables-restore.
11) Previously, the setting of BLACKLIST_DISPOSITION was not
validated. Now, an error is raised unless the value is DROP or REJECT.

Mon Jan 3 13:00:00 2011 toganmAATTopensuse.org
- Update to version 4.4.15.3
- Changes in 4.4.15.3

* Previously, the root of a wildcard name erroneously matched that
name. For example \'eth\' matched \'eth+\'. Now there must be at least
one additional character (e.g., \'eth4\').

* Use of logical interface names in the notrack and ecn files
resulted in perl runtime warning messages.

* The use of wildcard-matching names in certain contexts would result
in perl run-time messages similar to this one:
Use of uninitialized value in numeric comparison (<=>)
at /usr/share/shorewall/Shorewall/Zones.pm line 1334.

* Under very rare circumstances, a chain could be optimized away
even when there are jumps to the chain. This resulted in a
start/restart failure.
- Changes in 4.4.15.2

* Previously, proxy ARP with logical interface names did not
work. Symptoms included numerous Perl runtime error messages.

* Previously, unknown interface names in the proxyarp and
tcinterfaces files resulted in Perl runtime errors.

Thu Dec 2 13:00:00 2010 toganmAATTopensuse.org
- Upgrade to version 4.4.15.1
- Changes in version 4.4.15.1
1) If the output of \'env\' contained a multi-line value, then
compilation failed with an Internal Error. The code has been
changed to ignore all but the first line of a multi-line value.
2) If a params file did not appear in the CONFIG_PATH, compilation
failed with the error:
.: 31: Can\'t open /etc/shorewall6/params
ERROR: Processing of /etc/shorewall6/params failed

Thu Dec 2 13:00:00 2010 toganmAATTopensuse.org
- Update to version 4.4.15
- Changes in Shorewall 4.4.15
1) Add macros from Tuomo Soini.
2) Corrected macro.JAP.
3) Added fatal_error() functions to the -lite CLIs.
RC 1
1) Another Perl 5.12 warning.
2) Avoid anomalous behavior regarding syn flood chains.
3) Add HEADERS column for IPv6
Beta 2
1) Tweaks to IPv6 tcfilters
2) Add support for explicit provider routes
3) Fix shared TC tcfilters handling.
Beta 1
1) Handle exported VERBOSE.
2) Modernize handling of the params file.
3) Fix NULL_ROUTE_RFC1918
4) Fix problem of appending incorrect files.
5) Implement shared TC.

Thu Nov 25 13:00:00 2010 toganmAATTopensuse.org
- Added README.openSUSE which warns the user

Wed Nov 24 13:00:00 2010 toganmAATTopensuse.org
- Fix init-4.4.14.patch
- Cleaned spec file
- Removed Provides shoreline_firewall
- Until upstream clarifies non-executable scripts put them under rpmlintrc
- TODO

* the code files should go into %_libexecdir/shorewall, only non-executable
data is for %_datadir/shorewall.

Wed Nov 24 13:00:00 2010 toganmAATTopensuse.org
- Included docs-html to the packaging as well
- Patches have the version number reflecting the diff to the original

Thu Nov 11 13:00:00 2010 toganmAATTopensuse.org
- Initial packaging of shorewall for opensuse


  
ICM