| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_debian_configuration.patch | Customize the shorewall.conf configuration file to be more like what is expected by Debian users. | Romain Francoise <rfrancoise@debian.org> | not-needed | 2023-01-30 | ||
| 02_remove_deprecated_service_config.patch | Drop deprecated "syslog" StandardOutput setting. It has been superseded by "journal" which is the default system-wide setting. | Jeremy Sowden <jeremy@azazel.net> | not-needed | 2023-01-08 | ||
| 03_init_script_fix.patch | fix `-x` test in init-script SRWL is defined as `/sbin/shorewall -6` which causes a syntax error when the init-script tests it for executability. |
Jeremy Sowden <jeremy@azazel.net> | yes | debian | 2023-02-01 | |
| 04_service_file_documentation.patch | add a link to the related man-page to each systemd service file | Jeremy Sowden <jeremy@azazel.net> | yes | 2023-02-01 | ||
| 05_manpage_fix.patch | fix description of `stop` command . The end of a sentence is missing. |
Jeremy Sowden <jeremy@azazel.net> | yes | 2023-02-01 | ||
| 06_use_stop_service.patch | Support `SAFESTOP` under systemd . By default, stopping the Shorewall service executes `/sbin/shorewall clear`. . The `SAFESTOP` setting in /etc/default/shorewall is intended to stop the service by calling `/sbin/shorewall stop`. . However, the systemd service files do not support this. Instead, we install a shell-script that sources /etc/default/shorewall and honours `SAFESTOP` when stopping Shorewall and patch the service files to call it. |
Jeremy Sowden <jeremy@azazel.net> | yes | 2023-01-31 | ||
| 07_iface_addr_parse_fixes.patch | fix parsing of `ip address show` output . Shorewall uses an assortment of grep and sed commands to extract IP addresses from the output of `ip address show` commands. This is inherently brittle. This patch replaces some of these with simpler and more precise awk commands. This is not ideal, either, but a bit more robust. . The preferable solution would be to parse iproute2's structured JSON output instead, which I will propose upstream. Since this patch is intended as a stop-gap, I'm not going to forward it. |
Jeremy Sowden <jeremy@azazel.net> | not-needed | debian | 2023-02-12 |