2005-03-07 23:32:05 +01:00
|
|
|
Changes in 2.2.2
|
|
|
|
|
|
|
|
1) The 'check' command disclaimer is toned down further and only
|
|
|
|
appears once in the 'check' output.
|
|
|
|
|
|
|
|
2) Enhanced support in the SOURCE column of /etc/shorewall/tcrules.
|
|
|
|
|
|
|
|
3) All calls to 'clear' are now conditional on the output device being
|
|
|
|
a terminal.
|
|
|
|
|
|
|
|
4) Apply Juergen Kreileder's patch for logging.
|
|
|
|
|
|
|
|
5) Add the output of 'arp -na' to the 'shorewall status' display.
|
|
|
|
|
|
|
|
6) Provide support for the Extended multiport match available in
|
|
|
|
2.6.11.
|
|
|
|
|
|
|
|
7) Fix logging rule generation.
|
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
Changes in 2.2.1
|
2004-03-15 19:47:21 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
1) Add examples to the zones and policy files.
|
2004-07-07 16:16:55 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
2) Simon Matter's patch for umask.
|
2004-07-07 16:16:55 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
Changes since 2.0.3
|
2004-07-10 04:08:03 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
1) Fix security vulnerability involving temporary files/directories.
|
2004-07-11 18:22:16 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
2) Hack security fix so that it works under Slackware.
|
2004-07-11 18:22:16 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
3) Correct mktempfile() for case where mktemp isn't installed.
|
2004-07-11 18:22:16 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
4) Implement 'dropInvalid' builtin action.
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
5) Fix logging nat rules.
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
6) Fix COMMAND typos.
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
7) Add PKTTYPE option.
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
8) Enhancements to /etc/shorewall/masq
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
8) Allow overriding ADD_IP_ALIASES=Yes
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
9) Fix syntax error in setup_nat()
|
2004-07-13 15:15:11 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
10) Port "shorewall status" changes from 2.0.7.
|
2004-07-18 03:20:50 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
11) All config files are now empty.
|
2004-07-18 03:20:50 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
12) Port blacklisting fix from 2.0.7
|
2004-07-20 20:01:45 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
13) Pass rule chain and display chain separately to log_rule_limit.
|
|
|
|
Prep work for action logging.
|
2004-07-21 20:57:45 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
14) Show the iptables/ip/tc command that failed when failure is fatal.
|
2004-07-25 19:55:29 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
15) Implement STARTUP_ENABLED.
|
2004-07-29 23:21:15 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
16) Added DNAT ONLY column to /etc/shorewall/nat.
|
2004-07-31 00:33:46 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
17) Removed SNAT from ORIGINAL DESTINATION column.
|
2004-07-31 00:33:46 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
18) Removed DNAT ONLY column.
|
2004-07-31 00:33:46 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
19) Added IPSEC column to /etc/shorewall/masq.
|
2004-09-02 18:59:57 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
20) No longer enforce source port 500 for ISAKMP.
|
2004-09-02 18:59:57 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
21) Apply policy to interface/host options.
|
2004-09-04 18:24:58 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
22) Fix policy and maclist.
|
2004-09-24 00:07:54 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
23) Implement additional IPSEC options for zones and masq entries.
|
2004-09-24 19:18:04 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
24) Deprecate the -c option in /sbin/shorewall.
|
2004-09-24 19:18:04 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
25) Allow distinct input and output IPSEC parameters.
|
2004-09-25 19:16:23 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
26) Allow source port remapping in /etc/shorewall/masq.
|
2004-09-30 16:31:35 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
27) Include params file on 'restore'
|
2004-10-21 00:29:06 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
28) Apply Richard Musil's patch.
|
2004-10-25 17:21:03 +02:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
29) Correct parsing of PROTO column in setup_tc1().
|
2004-11-04 19:18:20 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
30) Verify Physdev match if BRIDGING=Yes
|
2004-11-04 19:18:20 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
31) Don't NAT tunnel traffic.
|
2004-11-04 19:18:20 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
32) Fix shorewall.spec to run chkconfig/insserv after initial install.
|
2004-11-12 22:25:36 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
33) Add iprange support.
|
2004-11-22 18:33:00 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
34) Add CLASSIFY support.
|
2004-11-22 18:52:56 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
35) Fix iprange support so that ranges in both source and destination
|
|
|
|
work.
|
2004-11-25 21:24:21 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
36) Remove logunclean and dropunclean
|
2004-11-25 21:24:21 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
37) Fixed proxy arp flag setting for complex configurations.
|
2004-11-27 17:50:38 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
38) Added RETAIN_ALIASES option.
|
2004-11-29 16:05:16 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
39) Relax OpenVPN source port restrictions.
|
2004-11-30 23:05:15 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
40) Implement DELAYBLACKLISTLOAD.
|
2004-12-01 22:12:01 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
41) Avoid double-setting proxy arp flags.
|
2004-12-02 16:48:37 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
42) Fix DELAYBLACKLISTLOAD=No.
|
2004-12-02 16:48:37 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
43) Merge 'brctl show' change from 2.0.9.
|
2004-12-03 23:00:31 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
44) Implememt LOGTAGONLY.
|
2004-12-03 23:00:31 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
45) Merge 'tcrules' clarification from 2.0.10.
|
2004-12-07 16:56:53 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
46) Implement 'sourceroute' interface option.
|
2004-12-26 00:43:27 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
47) Add 'AllowICMPs' action.
|
2004-12-30 17:08:41 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
48) Changed 'activate_rules' such that traffic from IPSEC hosts gets
|
|
|
|
handled before traffic from non-IPSEC zones.
|
2004-12-30 17:08:41 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
49) Correct logmartians handling.
|
2005-01-10 17:38:28 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
50) Add a clarification and fix a typo in the blacklist file.
|
2005-01-12 22:02:14 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
51) Allow setting a specify MSS value.
|
2005-01-26 19:39:50 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
52) Detect duplicate zone names.
|
2005-01-26 19:39:50 +01:00
|
|
|
|
2005-02-02 22:07:23 +01:00
|
|
|
53) Add mss=<number> option to the ipsec file.
|
|
|
|
|
|
|
|
54) Added CONNMARK/ipp2p support.
|
|
|
|
|
|
|
|
55) Added LOGALLNEW support.
|
|
|
|
|
|
|
|
56) Fix typo in check_config()
|
|
|
|
|
|
|
|
57) Allow outgoing NTP responses in action.AllowNTP.
|
|
|
|
|
|
|
|
58) Clarification of the 'ipsec' hosts file option.
|
|
|
|
|
|
|
|
59) Allow list in the SUBNET column of the rfc1918 file.
|
|
|
|
|
|
|
|
60) Restore missing '#' in the rfc1918 file.
|
|
|
|
|
|
|
|
61) Add note for Slackware users to INSTALL.
|
|
|
|
|
|
|
|
62) Allow interface in DEST tcrules column.
|
|
|
|
|
|
|
|
63) Remove 'ipt_unclean' from search expression in "log" commands.
|
|
|
|
|
|
|
|
64) Remove nonsense from IPSEC description in masq file.
|
|
|
|
|
|
|
|
65) Correct typo in rules file.
|
|
|
|
|
|
|
|
66) Update bogons file.
|
|
|
|
|
|
|
|
67) Add a rule for NNTPS to action.AllowNNTP
|
|
|
|
|
|
|
|
68) Fix "shorewall add"
|
|
|
|
|
|
|
|
69) Change CLIENT PORT(S) to SOURCE PORT(S) in tcrules file.
|
|
|
|
|
|
|
|
70) Correct typo in shorewall.conf.
|
|
|
|
|
|
|
|
71) Add the 'icmp_echo_ignore_all' file to the /proc display.
|
|
|
|
|
|
|
|
72) Apply Tuomas Jormola's IPTABLES patch.
|
|
|
|
|
|
|
|
73) Fixed some bugs in Tuomas's patch.
|
|
|
|
|
|
|
|
74) Correct bug in "shorewall add"
|
|
|
|
|
|
|
|
75) Correct bridge handling in "shorewall add" and "shorewall delete"
|
|
|
|
|
|
|
|
76) Add "shorewall show zones"
|
|
|
|
|
|
|
|
77) Remove dependency of "show zones" on dynamic zones.
|
|
|
|
|
|
|
|
78) Implement variable expansion in INCLUDE directives
|
|
|
|
|
|
|
|
79) More fixes for "shorewall delete" with bridging.
|
|
|
|
|
|
|
|
80) Split restore-base into two files.
|
|
|
|
|
|
|
|
81) Correct OUTPUT handling of dynamic zones.
|
|
|
|
|
|
|
|
83) Add adapter statistics to the output of "shorewall status".
|
|
|
|
|
|
|
|
84) Log drops due to policy rate limiting.
|
|
|
|
|
|
|
|
85) Continue determining capabilities when fooX1234 already exists.
|
|
|
|
|
|
|
|
86) Corrected typo in interfaces file.
|
|
|
|
|
|
|
|
87) Add DROPINVALID option.
|
|
|
|
|
|
|
|
88) Allow list of hosts in add and delete commands. Fix ipsec problem
|
|
|
|
with "add" and "delete"
|
|
|
|
|
|
|
|
89) Clarify add/delete syntax in /sbin/shorewall usage summary.
|
|
|
|
|
|
|
|
90) Implement OpenVPN TCP support.
|
|
|
|
|
|
|
|
91) Simplify the absurdly over-engineered code that restores the
|
|
|
|
dynamic chain.
|
|
|
|
|
|
|
|
92) Add OPENVPNPORT option.
|
|
|
|
|
|
|
|
93) Remove OPENVPNPORT option and change default port to 1194.
|
|
|
|
|
|
|
|
94) Avoid shell error during "shorewall stop/clear"
|
|
|
|
|
|
|
|
95) Change encryption to blowfish in 'ipsecvpn' script.
|
|
|
|
|
|
|
|
96) Correct rate limiting rule example.
|
|
|
|
|
|
|
|
97) Fix <if>:: handling in setup_masq().
|
|
|
|
|
|
|
|
98) Fix mis-leading typo in tunnels.
|
|
|
|
|
|
|
|
99) Fix brain-dead ipsec option handling in setup_masq().
|
|
|
|
|
|
|
|
100) Reconcile ipsec masq file implementation with the documentation.
|
|
|
|
|
|
|
|
101) Add netfilter module display to status output.
|
|
|
|
|
|
|
|
102) Add 'allowInvalid' builtin action.
|
|
|
|
|
|
|
|
103) Expand range of Traceroute ports.
|
|
|
|
|
|
|
|
102) Correct uninitialized variable in setup_ecn()
|
|
|
|
|
|
|
|
103) Allow DHCP to be IPSEC-encrypted.
|