2003-07-04 17:08:29 +02:00
|
|
|
|
This is a minor release of Shorewall.
|
2002-05-01 01:13:15 +02:00
|
|
|
|
|
2004-01-22 03:06:56 +01:00
|
|
|
|
Problems Corrected since version 1.4.9:
|
2003-07-26 18:44:38 +02:00
|
|
|
|
|
2004-01-24 00:48:30 +01:00
|
|
|
|
1. The column descriptions in the action.template file did not match
|
|
|
|
|
the column headings. That has been corrected.
|
|
|
|
|
|
|
|
|
|
2. The presence of IPV6 addresses on devices generates error messages
|
|
|
|
|
during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes are
|
|
|
|
|
specified in /etc/shorewall/shorewall.conf.
|
2003-12-16 22:52:37 +01:00
|
|
|
|
|
2004-01-27 23:33:32 +01:00
|
|
|
|
3. The CONTINUE action in /etc/shorewall/rules now works correctly. A
|
|
|
|
|
couple of problems involving rate limiting have been
|
|
|
|
|
corrected. These bug fixes courtesy of Steven Jan Springl.
|
|
|
|
|
|
2004-01-28 00:39:45 +01:00
|
|
|
|
4. Shorewall now tries to avoid sending an ICMP response to broadcasts
|
2004-01-27 23:33:32 +01:00
|
|
|
|
and smurfs.
|
2004-01-27 22:16:07 +01:00
|
|
|
|
|
2004-01-29 20:11:51 +01:00
|
|
|
|
5. Specifying "-" or "all" in the PROTO column of an action no longer
|
|
|
|
|
causes a startup error.
|
|
|
|
|
|
2003-07-06 17:31:26 +02:00
|
|
|
|
Migration Issues:
|
|
|
|
|
|
2003-11-24 20:08:43 +01:00
|
|
|
|
None.
|
2003-05-22 22:37:24 +02:00
|
|
|
|
|
2003-08-24 03:24:23 +02:00
|
|
|
|
New Features:
|
2003-07-26 18:44:38 +02:00
|
|
|
|
|
2004-01-22 03:06:56 +01:00
|
|
|
|
1) The INTERFACE column in the /etc/shorewall/masq file may now
|
|
|
|
|
specify a destination list.
|
2004-01-09 21:18:40 +01:00
|
|
|
|
|
2004-01-22 03:06:56 +01:00
|
|
|
|
Example:
|
2004-01-09 21:18:40 +01:00
|
|
|
|
|
2004-01-22 03:06:56 +01:00
|
|
|
|
#INTERFACE SUBNET ADDRESS
|
|
|
|
|
eth0:192.0.2.3,192.0.2.16/28 eth1
|
2004-01-09 21:18:40 +01:00
|
|
|
|
|
2004-01-22 03:06:56 +01:00
|
|
|
|
If the list begins with "!" then SNAT will occur only if the
|
|
|
|
|
destination IP address is NOT included in the list.
|
2004-01-22 21:24:56 +01:00
|
|
|
|
|
|
|
|
|
2) Output traffic control rules (those with the firewall as the source)
|
|
|
|
|
may now be qualified by the effective userid and/or effective group
|
|
|
|
|
id of the program generating the output. This feature is courtesy of
|
|
|
|
|
Fr<46>d<EFBFBD>ric LESPEZ.
|
|
|
|
|
|
|
|
|
|
A new USER column has been added to /etc/shorewall/tcrules.
|
|
|
|
|
|
|
|
|
|
It may contain :
|
|
|
|
|
|
|
|
|
|
[<user name or number>]:[<group name or number>]
|
|
|
|
|
|
|
|
|
|
The colon is optionnal when specifying only a user.
|
|
|
|
|
|
|
|
|
|
Examples : john: / john / :users / john:users
|
2004-01-24 00:48:30 +01:00
|
|
|
|
|
|
|
|
|
3) A "detectnets" interface option has been added for entries in
|
|
|
|
|
/etc/shorewall/interfaces. This option automatically taylors the
|
|
|
|
|
definition of the zone named in the ZONE column to include just
|
|
|
|
|
those hosts that have routes through the interface named in the
|
2004-01-27 22:16:07 +01:00
|
|
|
|
INTERFACE column. The named interface must be UP when
|
2004-01-24 00:48:30 +01:00
|
|
|
|
Shorewall is [re]started.
|
|
|
|
|
|
|
|
|
|
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
|