2003-03-23 19:47:54 +01:00
|
|
|
This is a minor release of Shorewall.
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-04-13 17:28:32 +02:00
|
|
|
Problems Corrected:
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
1) There were several cases where Shorewall would fail to remove a
|
|
|
|
|
temporary directory from /tmp. These cases have been corrected.
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
2) The rules for allowing all traffic via the loopback interface have
|
|
|
|
|
been moved to before the rule that drops status=INVALID
|
|
|
|
|
packets. This insures that all loopback traffic is allowed even if
|
|
|
|
|
Netfilter connection tracking is confused.
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-04-13 17:28:32 +02:00
|
|
|
New Features:
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
1) IPV6-IPV4 (6to4) tunnels are now supported in the
|
|
|
|
|
/etc/shorewall/tunnels file.
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-05-18 20:38:34 +02:00
|
|
|
2) Shorewall can now be easily integrated with fireparse
|
|
|
|
|
(http://www.fireparse.com) by setting LOGMARKER="fp=" in
|
|
|
|
|
/etc/shorewall/shorewall.conf. Note: You may not use ULOG
|
|
|
|
|
with fireparse unless you modify fireparse.
|
2003-05-21 01:21:38 +02:00
|
|
|
|
|
|
|
|
3) If you are running iptables 1.2.7a and kernel 2.4.20, then
|
|
|
|
|
Shorewall will return reject replies as follows:
|
|
|
|
|
|
|
|
|
|
a) tcp - RST
|
|
|
|
|
b) udp - ICMP port unreachable
|
|
|
|
|
c) icmp - ICMP host unreachable
|
|
|
|
|
d) Otherwise - ICMP host prohibited
|
|
|
|
|
|
|
|
|
|
If you are running earlier software, Shorewall will follow it's
|
|
|
|
|
traditional convention:
|
|
|
|
|
|
|
|
|
|
a) tcp - RST
|
|
|
|
|
b) Otherwise - ICMP port unreachable
|
|
|
|
|
|
|
|
|
|
4) UDP Port 135 is now silently dropped in the common.def chain.
|
