shorewall_code/Shorewall/known_problems.txt

29 lines
1.0 KiB
Plaintext
Raw Normal View History

1) The IPv6 allowBcast built-in action generates an invalid ip6tables
2010-06-13 00:15:54 +02:00
rule. This defect is present in all versions of Shorewall that
support IPv6.
Fixed in Shorewall 4.4.10.1.
2) If IPSET=<pathname> is specified in shorewall.conf, then when an
ipset is used in a configuration file entry, the following fatal
compilation error occurs:
ERROR: ipset names in Shorewall configuration files require Ipset
Match in your kernel and iptables : /etc/shorewall/rules (line nn)
You can work around this problem by executing the following at a
root shell prompt:
shorewall show -f capabilities > /etc/shorewall/capabilities
Fixed in Shorewall 4.4.10.1. After installing this fix, if you
executed the above command to work around the problem, we recommend
that you remove /etc/shorewall/capabilities.
3) On Debian and derivatives, shorewall-init is starting too late.
To work around this issue, at a root prompt:
cd /etc/rcS.d
mv S38shorewall-init S08shorewall-init