shorewall_code/Shorewall/releasenotes.txt

47 lines
1.5 KiB
Plaintext
Raw Normal View History

This is a major release of Shorewall.
Function from 1.3 that has been omitted from this version include:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2. Interface names of the form <device>:<integer> in
/etc/shorewall/interfaces now generate an error.
3. Shorewall 1.4 implements behavior consistent with
OLD_PING_HANDLING=No. OLD_PING_HANDLING=Yes will generate an error
at startup as will specification of the 'noping' or 'filterping'
interface options.
4. The 'routestopped' option in the /etc/shorewall/interfaces and
/etc/shorewall/hosts files is no longer supported and will generate
an error at startup if specified.
5. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer
accepted.
6. The ALLOWRELATED variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
ALLOWRELATED=Yes.
Changes for 1.4 include:
1. shorewall.conf has been completely reorganized into logical
sections.
2. LOG is now a valid action for a rule (/etc/shorewall/rules).
3. The firewall script and version file are now installed in
/usr/share/shorewall.
4. Late arriving DNS replies are now silently dropped in the common
chain by default.
5. In addition to behaving like OLD_PING_HANDLING=No, Shorewall 2.0 no
longer unconditionally accepts outbound ICMP packets. So if you want
to 'ping' from the firewall, you will need the appropriate rule or
policy.