shorewall_code/Shorewall/changelog.txt

283 lines
6.9 KiB
Plaintext
Raw Normal View History

Changes in 3.2.1
1) Change the detection of physdev match to use
--physdev-out. Preparation for removal of physdev-out match
capability.
2) Add missing edits to configuration parameters in firewall script.
-------------------------------------------------------------------------------
Changes in 3.2.0 Final
1) Avoid extraneous double quotes in log rules generated at run-time.
Changes in 3.2.0 RC 6
1) Correct generation of the balanced default route.
2) Allow 'detect' in the ADDRESS column of the masq file.
3) Correct some permission problems.
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 5
1) Fix DOA 'LITEDIR' problem in /sbin/shorewall.
2) Stop the compiler from running iptables.
3) Avoid problem with ash.
4) Make the 'try' command use the correct SHOREWALL_SHELL.
5) Don't defer Action/chain extension script processing until
run-time.
6) Run extension script for policy chains.
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 4
1) Fix permissions on Limit file.
2) Make progress messages product-specific.
3) Add 'reload' command.
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 3
1) Remove hard directory references from compiled programs.
2) Fix /nat <-> /proxyarp typo.
3) Avoid use of symbolic link for /sbin/shorewall
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 2
1) Update versions.
2) Rationalize the use of IPTABLES and LOGFORMAT.
3) Allow Shorewall/Shorewall-lite coexistance under RPM
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 1
1) Update versions.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 8
1) Issue more helpful BRIDGING=No error messages.
2) Implement "all-" in rules file.
3) Add xmodules file.
4) Detect devices in tcdevices entries.
5) Fix for white-space in log prefix.
6) Fix rule parsing of single excluded MAC address.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 7
1) Fix mark/mask validation.
2) Restore traffic control to 'refresh'.
3) Detect MTU for entries in /etc/shorewall/tcdevices.
4) Avoid fatal error after missing forwardUPnP rule warning.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 6
1) Fix tc "notfound" errors when 'restart' is run out of ip-up.local.
2) Allow 'detectnets' to work.
3) Add TOS column to tcrules.
4) Fix 'proxyarp' interface attribute handling.
5) Fix default route generation in providers handling.
6) Change interraction of 'track' and PREROUTING marking.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 5
1) Fix compilation problem on LEAF Bering.
2) Remove traffic shaping code from the 'firewall' script to avoid
unmaintainable code duplication.
3) Fix DETECT_DNAT_IPADDRS=No bug.
4) Handle absense of mangle FORWARD chain.
5) Rename the rtrules file to route_rules.
6) Fix deletion of SNAT ip addresses.
7) Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.
8) Clear SUBSYSLOCK on Debian/Ubuntu installs.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 4
1) Fix 'routeback' with bridge ports.
2) Add support for explicit routing rules.
3) Fix mktempdir problem.
4) Implement HIGH_ROUTE_MARKS
Changes in 3.2.0 Beta 3
1) Correct handling of verbosity in the 'try' command.
2) Add IMPLICIT_CONTINUE option to shorewall.conf.
3) Fix SAME/ADD_SNAT_ALIASES interaction.
-------------------------------------------------------------------------------
Changes in 3.2.0 Beta 2
1) Make "shorewall start -f" work correctly.
2) Remove SUBSYSLOCK code from default and debian footers.
3) Add 'refreshed' extension script.
4) Implement 'logdrop' and 'logreject'
-------------------------------------------------------------------------------
Changes in 3.1.x. and 3.2.x
1) Removal of dynamic zones.
2) Implement 'generate' command.
3) Implement 'super-quiet' mode using multiple -q options (e.g., -qq).
4) Add back dynamic zones.
5) Allow remote compiles.
6) Change output of 'generate' to always be the file name entered (do not
prepend /var/lib/shorewall/)
7) Remove some restrictions on remote compiles.
8) Add error checking to generated script.
9) Merge Fabio Longerai's 'length' patch.
10) Add the "-p" option to the compile command.
11) Fix 'check' bug in setup_masq
12) Break compiler/firewall into two files
13) Make Shoreall quiet for a change.
14) Make "Compile-and-go" the only mode of operation.
15) Remove -p
16) Apply Tuomo's patches for IPSEC and Noecho.
17) Fix bridging
18) Fix QUEUE when used in the ESTABLISHED section.
19) Apply Ed Suominen's patch to tcrules.
-------------------------------------------------------------------------------
3.1.5
20) Speed up compilation by rewriting 'fix_bang()'.
21) Correct GATEWAY handling in the providers file.
22) Remove sub-zone exclusion from DNAT/REDIRECT.
23) Add compiled-program/library versioning scheme.
-------------------------------------------------------------------------------
3.1.6
24) Apply Steven Springl's help patch.
25) Fix 'allow/drop/reject' while Shorewall not running.
26) Implement bi-directional macros.
27) Fix TC bridge port handling.
28) Fix/document "check -e"
29) Automatically use capabilities file when non-root.
30) Correct typo in help file ("help drop").
31) Added 'tcpsyn'
-------------------------------------------------------------------------------
3.1.7
32) Change 'tcpsyn' to 'tcp:syn'
33) Remove superfluous rules in MAC validation.
34) Correct Makefile.
35) Add -t option
36) Restore log messages.
37) Fix "shorewall capabilities" with VERBOSITY < 2.
-------------------------------------------------------------------------------
3.1.8
38) Remove compile-time running of extension scripts.
39) Correctly handle interfaces named 'inet'.
40) SUBSYSLOCK functionality restored.
-------------------------------------------------------------------------------
3.1.9
41) Fix Provider route generation when a specific gateway is specified.
42) Be sure that restore file name is preserved regardless of 'set --' in
define_firewall().)
43) Add Simon's redhat prog files.
44) Add 'delete_nat' to compiled program.
45) Move 'shorecap' to /usr/share/shorewall
46) Add debian prog files.
47) Correct syntax error in validate_policy()
-------------------------------------------------------------------------------
3.2.0 Beta 1.
48) Streamlined some code in setup_tc1()
49) Process /etc/shorewall/params at run-time.
50) Add new modules to /etc/shorewall/modules.
51) Make default behavior of "compile" distribution-neutral.