2003-03-21 05:14:20 +01:00
|
|
|
This is a minor release of Shorewall.
|
2002-05-01 01:13:15 +02:00
|
|
|
|
2003-03-26 17:11:31 +01:00
|
|
|
Problems Corrected:
|
2002-12-31 02:10:28 +01:00
|
|
|
|
2003-04-23 03:09:20 +02:00
|
|
|
1) There were several cases where Shorewall would fail to remove a
|
|
|
|
|
temporary directory from /tmp. These cases have been corrected.
|
2003-03-29 15:37:50 +01:00
|
|
|
|
2003-05-18 19:08:27 +02:00
|
|
|
2) The rules for allowing all traffic via the loopback interface have
|
|
|
|
|
been moved to before the rule that drops status=INVALID
|
|
|
|
|
packets. This insures that all loopback traffic is allowed even if
|
|
|
|
|
Netfilter connection tracking is confused.
|
|
|
|
|
|
2003-03-26 17:11:31 +01:00
|
|
|
New Features:
|
|
|
|
|
|
2003-04-23 03:09:20 +02:00
|
|
|
1) IPV6-IPV4 (6to4) tunnels are now supported in the
|
|
|
|
|
/etc/shorewall/tunnels file.
|
2003-04-25 18:22:18 +02:00
|
|
|
|
|
|
|
|
2) Shorewall can now be easily integrated with fireparse
|
|
|
|
|
(http://www.fireparse.com) by setting LOGMARKER="fp=" in
|
2003-05-18 19:08:27 +02:00
|
|
|
/etc/shorewall/shorewall.conf. Note: You may not use ULOG
|
|
|
|
|
with fireparse unless you modify fireparse.
|
2003-05-20 01:28:37 +02:00
|
|
|
|
|
|
|
|
3) If you are running iptables 1.2.7a and kernel 2.4.20, then
|
|
|
|
|
Shorewall will return reject replies as follows:
|
|
|
|
|
|
|
|
|
|
a) tcp - RST
|
|
|
|
|
b) udp - ICMP port unreachable
|
|
|
|
|
c) icmp - ICMP host unreachable
|
|
|
|
|
d) Otherwise - ICMP host prohibited
|
|
|
|
|
|
|
|
|
|
If you are running earlier software, Shorewall will follow it's
|
|
|
|
|
traditional convention:
|
|
|
|
|
|
|
|
|
|
a) tcp - RST
|
|
|
|
|
b) Otherwise - ICMP port unreachable
|
|
|
|
|
|
|
|
|
|
4) UDP Port 135 is now silently dropped in the common.def chain.
|
