shorewall_code/Shorewall-common/changelog.txt

Changes in 3.4.2

1)  Update modules file for 2.6.20 module madness.

2)  Update /sbin/shorewall[-lite] to account for mindless renaming of
    /proc/net/ip_conntrack to /proc/net/nf_conntrack.

3)  Fix 'none[!]' and built-in actions.

4)  Fix 'ipsecnat' tunnels.

Changes in 3.4.1

1)  Add rest of proxy arp fix.

2)  Fix two problems with log-prefix handling.

3)  Nested Zones produced shell errors.

4)  CONTINUE policies generated invalid iptables input.

6)  Fix CRITICALHOSTS bug in 'stop_firewall()'

Changes in 3.4.0 Final

1)  Add missing logic for "!" rules.

2)  Restore missing function merge_macro_source_dest.

3)  Fix obscure bug in rule activation logic.

4)  Don't clear proxy arp unconditionally.

Changes in 3.4.0 RC 3

1)  Add warning about 'loose' and 'balance'

2)  Fix route_rules processing.

3)  Fix restoration of ip range dynamic entries.

4)  Fix exit status problem with 'restart'

5)  Dump SPD and SAD in the dump command.

Changes in 3.4.0 RC 2

1)  No longer include params file in compiled output.

Changes in 3.4.0 RC 1

1)  LITEDIR option in shorewall.conf

2)  Add some hacks for Shorewall Lite on OpenWRT

3)  Add macro for SixXS.

4)  Allow ranges and ipset names in the ADDRESSES column of maclist
    file.

5)  Add helpers for SIP to the modules file.

6)  Only copy /etc/shorewall/params to output if non-export.

7)  Add EXPORTPARAMS option

Changes in 3.4.0 Beta 3

1)  Handle VLAN interface names like vlanX@ethY.

2)  Fix ipp2p:udp handling in action body.

3)  Be more careful about converting pre-3.2 maclist records.

4)  'noah' is implied by ipsecnat in /etc/shorewall/tunnels.

5)  Reduce the number of rules in the 'blacklst' chain when
    BLACKLIST_LOGLEVEL is specified.

Changes in 3.4.0 Beta 2

1)  Fix for empty blacklist file.

2)  Don't copy files from /usr/share/shorewall into the compiled
    script.

3)  Add wait4ifup.

4)  Rename the shorewall.conf to shorewall-lite.conf.

Changes in 3.4.0 Beta 1

1)  Correct handling of masq file.

2)  Simplify log record processing and remove more noise from the
    displayed record.

Changes in 3.3.6

1)  Remove /etc/shorewall/Documentation.

2)  Remove /usr/share/shorewall/help.

3)  Use export directory's modules file with -e.

4)  Use fwmark tc filter with unknown interfaces.

5)  Use multiport match in tcrules.

6)  Fix safe- commands.

7)  Remove 'try' command.

8)  Make colon after system optional in the 'export' command.

9)  Restore 'try' command and improve 'safe-' commands.

10) Allow capabilities file to be used with Shorewall as well as
    Shorewall Lite.

11) Allow in-memory circular buffer for system log.

12) Add ":T" qualifier in tcrules.

13) Log start/restart/restore failures.

Changes in 3.3.5

1)  Restore default route when there are no 'balance' providers.

2)  Fixes to change 1.

3)  Many changed to improve the readability, appearance and effeciency
    of the generated script.

4)  Turn off POLICY_MATCH if no IPSEC.

5)  Only compile traffic shaping once.

6)  Move config file documentary comments to a separate file.

7)  Fix whitespace in LOGFORMAT.

8)  Move DNAT/REDIRECT code to lib.base.

9)  Implement -c option to [re]load command.

10) Don't create ingress qdisc if IN-BANDWIDTH = 0.

11) Return success if start of running config.

12) Add Makefile especially for /usr/share/shorewall/configfiles/

13) Add man pages.

Changes in 3.3.4

1)  Make exclusion work with "show zones"

2)  Add 'show ip' and 'show routing' commands.

3)  Add COMBINE_JUMPS option.

4)  Add an output chain for each interface.

5)  Rename COMBINE_JUMPS to OPTIMIZE and make its value numeric.

6)  Suppress superfluous wildcard rules under OPTIMIZE > 0.

7)  Support ip ranges in the drop, logdrop, reject, and allow commands.

8)  Add lib.cli.

9)  Attempt to undo routing changes.

Changes in 3.3.3

1)  Fix excluding in SUBNET column.

2)  Add logical AND and OR support for tcrules.

3)  Make the maximum zone name length dependent on LOGFORMAT.

4)  Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.

5)  Add COMMENT support.

6)  Add macro.RDP.

7)  Add maclog extension file.

8)  Rename SUBNET column in the masq file.

9)  Allow exclusion in /etc/shorewall/hosts.

10) Eliminate extra jumps to policy chains

Changes in 3.3.1

1)  Load the proxyarp lib when 'proxyarp' option is specified.

2)  Implement default action/macros at the individual policy level.

3)  Add logfile name to output of "shorewall show log" and "shorewall
    logwatch".