2007-07-19 20:36:04 +02:00
|
|
|
Changes in 4.0.1
|
|
|
|
|
|
|
|
1) Add EXPAND_POLICIES.
|
|
|
|
|
2007-07-21 16:03:37 +02:00
|
|
|
2) Fix uninstallers.
|
|
|
|
|
2007-07-22 15:40:37 +02:00
|
|
|
3) Correct handling of 'ipsec' option in the hosts file.
|
|
|
|
|
2007-07-25 16:21:08 +02:00
|
|
|
4) Corrent handling of 'PATH' in Shorewall-perl.
|
|
|
|
|
2007-07-25 16:22:31 +02:00
|
|
|
5) Correct handling of ECN with MANGLE_FORWARD.
|
|
|
|
|
2007-07-26 01:15:37 +02:00
|
|
|
6) Relax ADDRTYPE restriction.
|
|
|
|
|
2007-07-27 00:48:16 +02:00
|
|
|
7) Be sure that chkconfig runs after upgrade from < 4.0.0
|
|
|
|
|
2007-07-27 06:25:56 +02:00
|
|
|
8) Better out-of-order policy detection.
|
|
|
|
|
2007-07-29 17:03:29 +02:00
|
|
|
9) Fix dropBcast/allowBcast logging and other logging
|
|
|
|
fixes/improvements.
|
|
|
|
|
|
|
|
10) Cleaner way to handle quotes in rules.
|
2007-07-28 17:05:31 +02:00
|
|
|
|
2007-07-29 20:09:00 +02:00
|
|
|
11) Allow '/min' in RATE/BURST column.
|
|
|
|
|
2007-07-29 23:30:22 +02:00
|
|
|
12) Check for state match
|
|
|
|
|
2007-07-30 16:35:03 +02:00
|
|
|
13) Fix stale lock problems.
|
|
|
|
|
2007-07-11 17:06:44 +02:00
|
|
|
Changes in 4.0.0 Final
|
|
|
|
|
|
|
|
1) Fix lite install.sh manpage problem.
|
|
|
|
|
2007-07-18 18:45:42 +02:00
|
|
|
2) Fix shorewall-shell .spec to modify SHOREWALL_COMPILER.
|
|
|
|
|
|
|
|
3) Shuffle code in Providers.pm.
|
|
|
|
|
|
|
|
4) Consolicate Common.pm + Config.pm and Interfaces.pm + Hosts.pm +
|
|
|
|
Zones.pm.
|
|
|
|
|
2007-07-18 20:21:45 +02:00
|
|
|
5) Validate log level in policy file.
|
|
|
|
|
2007-07-06 17:22:57 +02:00
|
|
|
Changes in 4.0.0 RC 2
|
|
|
|
|
|
|
|
1) Fix zone type check in Tunnels File.
|
|
|
|
|
2007-07-06 19:47:29 +02:00
|
|
|
2) Remove -f as default start OPTIONS.
|
|
|
|
|
2007-07-08 17:58:13 +02:00
|
|
|
3) Remove 3.4 compatibility hacks.
|
|
|
|
|
2007-07-08 22:07:55 +02:00
|
|
|
4) Fix install.sh manpage problem.
|
|
|
|
|
|
|
|
5) Fix LITEDIR mess.
|
|
|
|
|
2007-07-09 21:39:28 +02:00
|
|
|
6) Fix IPSEC.
|
|
|
|
|
2007-07-09 22:19:30 +02:00
|
|
|
7) Add Tunneling Macros from Tuomo Soini.
|
|
|
|
|
2007-06-29 23:11:29 +02:00
|
|
|
Changes in 4.0.0 RC 1
|
|
|
|
|
|
|
|
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
|
|
|
|
2007-07-01 17:43:07 +02:00
|
|
|
2) Fix limited broadcast and detectnets/routeback interfaces.
|
|
|
|
|
|
|
|
3) Use optimized 'split' for faster compilation.
|
|
|
|
|
2007-07-02 21:15:36 +02:00
|
|
|
4) Validate host part in hosts file entry.
|
|
|
|
|
2007-07-03 17:20:24 +02:00
|
|
|
5) Fix IPSECFILE=ipsec.
|
|
|
|
|
|
|
|
6) Make ':noah' the default.
|
|
|
|
|
2007-07-03 17:28:20 +02:00
|
|
|
7) Work around SELinux nonsense.
|
|
|
|
|
2007-07-03 21:55:01 +02:00
|
|
|
8) Restore the 'refresh' command.
|
|
|
|
|
2007-07-03 22:53:43 +02:00
|
|
|
9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file.
|
|
|
|
|
2007-07-05 16:01:50 +02:00
|
|
|
10) Raise error on chmod failure.
|
|
|
|
|
|
|
|
11) Handle shell variables with zero value correctly.
|
|
|
|
|
2007-06-16 16:27:02 +02:00
|
|
|
Changes in 4.0.0 Beta 6
|
|
|
|
|
2007-06-27 16:47:33 +02:00
|
|
|
1) First step to adding compiler debugging facility.
|
|
|
|
|
|
|
|
2) Assume that iptables-restore is in the same directory as $IPTABLES
|
|
|
|
|
|
|
|
3) Fix buildports.pm to handle bogus entries in /etc/protocols and
|
|
|
|
/etc/services.
|
|
|
|
|
|
|
|
4) Allow COMMENT in the accounting file.
|
|
|
|
|
|
|
|
Changes in 4.0.0 Beta 6
|
|
|
|
|
2007-06-16 16:27:02 +02:00
|
|
|
1) Validate the DISPOSITION in /etc/shorewall/maclist entries.
|
|
|
|
|
2007-06-18 20:20:59 +02:00
|
|
|
2) Add versioning to capabilities files.
|
|
|
|
|
|
|
|
3) Improve compiler selection.
|
|
|
|
|
2007-06-19 17:45:39 +02:00
|
|
|
4) DYNAMIC_ZONES=Yes and bridges.
|
|
|
|
|
2007-06-27 16:47:33 +02:00
|
|
|
5) Implement port validation.
|
2007-06-25 19:03:18 +02:00
|
|
|
|
2007-06-10 17:31:27 +02:00
|
|
|
Changes in 4.0.0 Beta 5
|
|
|
|
|
|
|
|
1) Fix undefined function call when both an input interface and an
|
|
|
|
output interface are present.
|
|
|
|
|
2007-06-12 01:17:02 +02:00
|
|
|
2) Externalize compiler and Compile.pm.
|
|
|
|
|
2007-06-10 17:31:27 +02:00
|
|
|
Changes in 4.0.0 Beta 4
|
2007-05-26 23:09:10 +02:00
|
|
|
|
|
|
|
1) Fix the 'Modules' output of 'dump'
|
|
|
|
|
2007-05-30 00:24:37 +02:00
|
|
|
2) Fix FW=xxx with IPSECFILE=ipsec.
|
|
|
|
|
2007-06-05 16:51:20 +02:00
|
|
|
3) Fix wildcard-rule/NONE-policy interaction.
|
|
|
|
|
|
|
|
4) Clean up generation of user-exit jacket functions.
|
|
|
|
|
2007-06-06 18:02:53 +02:00
|
|
|
5) Add new bridge code.
|
|
|
|
|
2007-06-08 18:27:21 +02:00
|
|
|
6) Fix bad bug in exclusion.
|
|
|
|
|
2007-05-20 17:51:42 +02:00
|
|
|
Changes in 4.0.0 Beta 2
|
|
|
|
|
|
|
|
1) Fix screwup in get_routed_networks().
|
|
|
|
|
|
|
|
2) Some minor tweaks.
|
|
|
|
|
2007-05-26 13:02:58 +02:00
|
|
|
3) Fix synflood chain jumps.
|
|
|
|
|
|
|
|
4) Simplify synflood handling and improve error diagnostics.
|
|
|
|
|
2007-05-20 17:51:42 +02:00
|
|
|
Changes in 4.0.0 Beta 1
|
2007-05-14 01:11:32 +02:00
|
|
|
|
2007-05-14 16:51:27 +02:00
|
|
|
1) Fix add/delete <interface>.
|
|
|
|
|
|
|
|
2) Fix do_proto() and 'use IPConfig' in Providers.pm.
|
|
|
|
|
|
|
|
3) Implement dynamic host group detection.
|
|
|
|
|
2007-05-06 01:44:24 +02:00
|
|
|
Changes in 3.9.7
|
|
|
|
|
|
|
|
1) Clean up release notes.
|
|
|
|
|
2007-05-06 18:10:00 +02:00
|
|
|
2) Fix several bugs having to do with exclusion in the hosts file.
|
|
|
|
|
|
|
|
3) Use '-m addrtype' in detectnet interface output rules.
|
|
|
|
|
2007-05-07 02:10:21 +02:00
|
|
|
4) Fix find_hosts_by_option().
|
|
|
|
|
|
|
|
5) Fix more hosts file bugs.
|
|
|
|
|
2007-05-07 16:28:23 +02:00
|
|
|
6) Fix 'detect' in GATEWAY column of providers file.
|
|
|
|
|
2007-05-14 01:11:32 +02:00
|
|
|
8) Other bug fixes (see release notes).
|
|
|
|
|
|
|
|
7) Fix action in 'logreject'.
|
|
|
|
|
|
|
|
8) Allow macros to invoke macros outside of action bodies.
|
|
|
|
|
|
|
|
|
2007-05-01 19:25:40 +02:00
|
|
|
Changes in 3.9.6
|
|
|
|
|
|
|
|
1) Fix parsing problems in protocol handling.
|
|
|
|
|
|
|
|
2) Fix bugs in handling of the MARK column.
|
|
|
|
|
|
|
|
3) Fix bug in routing table copying
|
|
|
|
|
|
|
|
4) Fix bug in ipset handling.
|
|
|
|
|
|
|
|
5) Fix bug in handling of CONTINUE in the tcrules file.
|
|
|
|
|
|
|
|
6) Add RCP_COMMAND and RSH_COMMAND options in shorewall.conf
|
|
|
|
|
2007-05-02 20:49:56 +02:00
|
|
|
7) Apply Luigi's MARK patch.
|
|
|
|
|
2007-04-24 01:47:58 +02:00
|
|
|
Changes in 3.9.5
|
|
|
|
|
|
|
|
1) Fix dynamic zone problem.
|
|
|
|
|
2007-04-24 02:22:08 +02:00
|
|
|
2) Fix LOGALLNEW.
|
|
|
|
|
2007-04-27 20:14:52 +02:00
|
|
|
3) Implement log level, protocol and port validation.
|
|
|
|
|
|
|
|
4) Fix MACLIST log rule generation problem.
|
|
|
|
|
2007-04-21 16:07:37 +02:00
|
|
|
Changes in 3.9.4
|
|
|
|
|
2007-04-21 17:07:16 +02:00
|
|
|
1) Fix port 0 problem (again!).
|
|
|
|
|
|
|
|
2) Fix log_martians.
|
2007-04-21 16:07:37 +02:00
|
|
|
|
2007-04-21 23:24:38 +02:00
|
|
|
3) Make LOG_MARTIANS and ROUTE_FILTER tri-valued.
|
|
|
|
|
|
|
|
4) Fix arp_ignore.
|
|
|
|
|
2007-04-22 05:11:34 +02:00
|
|
|
5) Re-work ROUTE_FILTER and LOG_MARTIANS.
|
|
|
|
|
2007-04-22 21:15:05 +02:00
|
|
|
6) Fix handling of interface options.
|
|
|
|
|
|
|
|
7) Fix handling of zone ipsec options.
|
|
|
|
|
|
|
|
8) Fix 'routeback' on multi-zone interface.
|
|
|
|
|
2007-04-22 23:50:33 +02:00
|
|
|
9) Fix 'check -d'.
|
|
|
|
|
2007-04-23 00:51:02 +02:00
|
|
|
10) Fix intra-zone policies.
|
|
|
|
|
2007-04-23 01:41:30 +02:00
|
|
|
11) Fix typo in maclist validation.
|
|
|
|
|
2007-04-23 16:23:47 +02:00
|
|
|
12) Allow 'optional' to work with 'maclist'.
|
|
|
|
|
2007-04-17 22:59:10 +02:00
|
|
|
Changes in 3.9.3
|
|
|
|
|
|
|
|
1) Apply Steven Springl's patch for port checking.
|
|
|
|
|
2007-04-18 03:07:39 +02:00
|
|
|
2) Implement 'optional' interface option.
|
|
|
|
|
2007-04-18 20:35:35 +02:00
|
|
|
3) Fix a couple of bugs in 'owner' handling.
|
|
|
|
|
|
|
|
4) Fix several bugs in address/network detection.
|
|
|
|
|
|
|
|
5) Make a number of interface options binary.
|
|
|
|
|
2007-04-18 22:36:19 +02:00
|
|
|
6) Add wildcard edits in interface processing.
|
|
|
|
|
|
|
|
7) Fix dropInvalid.
|
|
|
|
|
2007-04-19 23:45:26 +02:00
|
|
|
8) Fix 'none'.
|
|
|
|
|
|
|
|
9) Fix SAME with SOURCE $FW
|
|
|
|
|
|
|
|
10) Fix tcp:syn.
|
|
|
|
|
2007-04-20 02:05:15 +02:00
|
|
|
11) Fix all->z rules with 'NONE' policy.
|
|
|
|
|
2007-04-20 16:58:11 +02:00
|
|
|
12) Check for reserved zone names.
|
|
|
|
|
|
|
|
13) Add check for firewall zone existance.
|
|
|
|
|
2007-04-20 18:47:04 +02:00
|
|
|
14) Add checks for zone existance in 'all' processing.
|
|
|
|
|
2007-04-16 01:41:13 +02:00
|
|
|
Changes in 3.9.2
|
2006-08-30 19:06:23 +02:00
|
|
|
|
2007-04-16 01:41:13 +02:00
|
|
|
1) Implement '-C {shell|perl}'.
|
2006-07-04 19:15:33 +02:00
|
|
|
|
2007-04-16 01:41:13 +02:00
|
|
|
2) Implement LOCKFILE
|
2007-04-16 20:07:52 +02:00
|
|
|
|
|
|
|
3) Fix typo in prog.footer.
|
|
|
|
|
2007-04-16 22:25:54 +02:00
|
|
|
4) Fix Shorewall-perl hosts and tcclasses errors.
|
|
|
|
|
2007-04-16 23:01:42 +02:00
|
|
|
5) Add IPPserver macro.
|
|
|
|
|
2007-04-16 23:21:16 +02:00
|
|
|
6) Fix problem with 'stop' and 'clear' when shorewall-shell not
|
|
|
|
installed.
|
|
|
|
|
2007-04-17 01:05:09 +02:00
|
|
|
7) Moved lib.dynamiczones to Shorewall.
|
|
|
|
|
2007-04-17 02:11:54 +02:00
|
|
|
8) Fix silly bug in lib.base.
|
2007-04-17 17:07:11 +02:00
|
|
|
|
|
|
|
9) Apply Steven Springl's patch for ICMP.
|
|
|
|
|