[Change] update release version and copyright tags for 1.7.6-1

.ca.def

@@ -3,8 +3,8 @@ cat > .conf.apf <<EOF
 #
 ##
 # Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 # NOTE: This file should be edited with word/line wrapping off,

CHANGELOG

@@ -1,3 +1,19 @@
+- 1.7.6-1 | Jun 18 2019:
+[New] add mitigation options for TCP SACK Panic vulnerability
+      SYSCTL_TCP_NOSACK and BLK_TCP_SACK_PANIC added to conf.apf
+      https://access.redhat.com/security/vulnerabilities/tcpsack
+[Change] updated autoconf template
+[Change] ignore value of BLK_TCP_SACK_PANIC when SYSCTL_TCP_NOSACK is set
+[Change] make init script LSB compliant for use with systemd; pr #26
+[Fix] README typos; pr #28
+[Fix] flush ip6tables rules on stop/flush if USE_IPV6 enabled; pr #28
+[Fix] only the first nameserver in resolv.conf would be whitelisted when
+      RESV_DNS_DROP is set enabled; issue #25
+[Fix] change ipv4.ip_local_port_range to not emmit errors ref:
+      Marco Padovan <evcz at evcz.tk>
+      https://access.redhat.com/solutions/2887631
+      https://www.spinics.net/lists/netdev/msg330895.html
+
 - 1.7.5-2 | Sep 18 2017:
 [Fix] ipt/xt_recent detection for RAB w/ compressed kernel modules
 [Fix] el7.4 for some reason does not set CONFIG_MODULE_COMPRESSED_XZ=y in config-$(uname -r); addressed with more trivial check

CHANGELOG.RELEASE

@@ -1,15 +1,15 @@
-- 1.7.5-2 | Sep 18 2017:
-[Fix] ipt/xt_recent detection for RAB w/ compressed kernel modules
-[Fix] el7.4 for some reason does not set CONFIG_MODULE_COMPRESSED_XZ=y in config-$(uname -r); addressed with more trivial check
-[Fix] rewrite mutex_lock to behave more like an actual mutex, with timeout on both entering the lock and clearing old lock files.
-      This helps resolve race conditions and works to fix #16
-[Fix] typo in sysctl.conf for setting tcp_tw_reuse=1
-[Change] SET_REFRESH_MD5 hashing now performed on start calls instead of only on '-e|--refresh'
-[Change] if setting VF_ROUTE to disabled there should be no check whether interfaces are actually routed to something
-[Fix] wget fails when ipv6 is disabled on host
-[Fix] IP addresses interpreted as regex
-[Change] support for custom INSTALL_PATH during installation
-[Change] increased default conntrack limit from 65k to 128k
-[Change] increased default rule trim count from 200 to 250
-[Change] added configuration options for adaptive conntrack tuning during
-         start/restart/reload operations
+- 1.7.6-1 | Jun 18 2019:
+[New] add mitigation options for TCP SACK Panic vulnerability
+      SYSCTL_TCP_NOSACK and BLK_TCP_SACK_PANIC added to conf.apf
+      https://access.redhat.com/security/vulnerabilities/tcpsack
+[Change] updated autoconf template
+[Change] ignore value of BLK_TCP_SACK_PANIC when SYSCTL_TCP_NOSACK is set
+[Change] make init script LSB compliant for use with systemd; pr #26
+[Fix] README typos; pr #28
+[Fix] flush ip6tables rules on stop/flush if USE_IPV6 enabled; pr #28
+[Fix] only the first nameserver in resolv.conf would be whitelisted when
+      RESV_DNS_DROP is set enabled; issue #25
+[Fix] change ipv4.ip_local_port_range to not emmit errors ref:
+      Marco Padovan <evcz at evcz.tk>
+      https://access.redhat.com/solutions/2887631
+      https://www.spinics.net/lists/netdev/msg330895.html

README

@@ -1,6 +1,6 @@
-Advanced Policy Firewall (APF) v1.7.5
-    (C) 2002-2014, R-fx Networks <[email protected]>
-    (C) 2014, Ryan MacDonald <[email protected]>
+Advanced Policy Firewall (APF) v1.7.6
+    (C) 2002-2019, R-fx Networks <[email protected]>
+    (C) 2019, Ryan MacDonald <[email protected]>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by

apf.init

@@ -1,8 +1,8 @@
 #!/bin/bash
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 ### BEGIN INIT INFO

files/VERSION

@@ -1 +1 @@
-version: 1.7.5-2
+version: 1.7.6-1

files/apf

@@ -1,19 +1,19 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #
-VER="1.7.5-2"
+VER="1.7.6-1"
 CNF="/etc/apf/conf.apf"
 
 head() {
 	echo "Advanced Policy Firewall (APF) v$VER <[email protected]>"
-	echo "      Copyright (C) 2002-2014, R-fx Networks <[email protected]>"
-	echo "      Copyright (C) 2014, Ryan MacDonald <[email protected]>"
+	echo "      Copyright (C) 2002-2019, R-fx Networks <[email protected]>"
+	echo "      Copyright (C) 2019, Ryan MacDonald <[email protected]>"
 	echo "This program may be freely redistributed under the terms of the GNU GPL"
 	echo ""
 }

files/conf.apf

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 # NOTE: This file should be edited with word/line wrapping off,

files/extras/get_ports

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/extras/importconf

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/firewall

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/internals/functions.apf

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/internals/internals.conf

@@ -3,7 +3,7 @@
 ##
 #
 PATH=/sbin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin:$PATH ; export PATH
-VER="1.7.5-2"
+VER="1.7.6-1"
 APPN="apf"
 
 ifconfig=`which ifconfig`

files/vnet/main.vnet

@@ -1,8 +1,8 @@
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

files/vnet/vnetgen

@@ -1,9 +1,9 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
-#             (C) 2002-2014, R-fx Networks <[email protected]>
-#             (C) 2014, Ryan MacDonald <[email protected]>
+# Advanced Policy Firewall (APF) v1.7.6
+#             (C) 2002-2019, R-fx Networks <[email protected]>
+#             (C) 2019, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2
 ##
 #

importconf

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
+# Advanced Policy Firewall (APF) v1.7.6
 #             (C) 2002-2016, R-fx Networks <[email protected]>
 #             (C) 2016, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2

install.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 ##
-# Advanced Policy Firewall (APF) v1.7.5
+# Advanced Policy Firewall (APF) v1.7.6
 #             (C) 2002-2016, R-fx Networks <[email protected]>
 #             (C) 2016, Ryan MacDonald <[email protected]>
 # This program may be freely redistributed under the terms of the GNU GPL v2