2003-07-04 17:08:29 +02:00
|
|
|
This is a minor release of Shorewall.
|
2002-05-01 01:13:15 +02:00
|
|
|
|
2003-11-24 20:08:43 +01:00
|
|
|
Problems Corrected since version 1.4.8:
|
2003-07-26 18:44:38 +02:00
|
|
|
|
2003-11-27 19:24:57 +01:00
|
|
|
1) There has been a low continuing level of confusion over the terms
|
|
|
|
|
"Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
|
|
|
|
|
instances of "Static NAT" have been replaced with "One-to-one NAT"
|
|
|
|
|
in the documentation and configuration files.
|
2003-11-08 03:38:30 +01:00
|
|
|
|
2003-11-28 18:39:53 +01:00
|
|
|
2) The description of NEWNOTSYN in shorewall.conf has been reworded for
|
|
|
|
|
clarity.
|
|
|
|
|
|
2003-07-06 17:31:26 +02:00
|
|
|
Migration Issues:
|
|
|
|
|
|
2003-11-24 20:08:43 +01:00
|
|
|
None.
|
2003-05-22 22:37:24 +02:00
|
|
|
|
2003-08-24 03:24:23 +02:00
|
|
|
New Features:
|
2003-07-26 18:44:38 +02:00
|
|
|
|
2003-11-24 20:08:43 +01:00
|
|
|
1) To cut down on the number of "Why are these ports closed rather than
|
2003-11-27 19:24:57 +01:00
|
|
|
stealthed?" questions, the SMB-related rules in
|
2003-11-24 20:08:43 +01:00
|
|
|
/etc/shorewall/common.def have been changed from 'reject' to 'DROP'.
|
2003-11-27 19:24:57 +01:00
|
|
|
|
2003-11-27 19:39:11 +01:00
|
|
|
2) For easier identification, packets logged under the 'norfc1918'
|
|
|
|
|
interface option are now logged out of chains named
|
|
|
|
|
'rfc1918'. Previously, such packets were logged under chains named
|
|
|
|
|
'logdrop'.
|
|
|
|
|
|
2003-12-01 17:10:08 +01:00
|
|
|
3) Distributers and developers seem to be regularly inventing new
|
|
|
|
|
naming conventions for kernel modules. To avoid the need to change
|
|
|
|
|
Shorewall code for each new convention, the MODULE_SUFFIX option has
|
|
|
|
|
been added to shorewall.conf. MODULE_SUFFIX may be set to the suffix
|
|
|
|
|
for module names in your particular distribution. If MODULE_SUFFIX
|
|
|
|
|
is not set in shorewall.conf, Shorewall will use the list "o gz ko
|
|
|
|
|
o.gz".
|
2003-10-11 18:06:00 +02:00
|
|
|
|
2003-12-01 17:10:08 +01:00
|
|
|
To see what suffix is used by your distribution:
|
2003-10-11 18:06:00 +02:00
|
|
|
|
2003-12-01 17:10:08 +01:00
|
|
|
ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter
|
2003-10-25 02:54:01 +02:00
|
|
|
|
2003-12-01 17:10:08 +01:00
|
|
|
IMPORTANT: Those are back single quotes (upper lefthand corner of
|
|
|
|
|
your keyboard).
|
|
|
|
|
|
|
|
|
|
All of the files listed should have the same suffix (extension). Set
|
|
|
|
|
MODULE_SUFFIX to that suffix.
|
|
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
|
|
|
|
|
|
If all files end in ".kzo" then set MODULE_SUFFIX="kzo"
|
|
|
|
|
If all files end in ".kz.o" then set MODULE_SUFFIX="kz.o"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2003-10-09 23:26:08 +02:00
|
|
|
|
|
|
|
|
|
2003-10-30 16:42:45 +01:00
|
|
|
|
