2005-02-16 20:31:41 +01:00
|
|
|
Changes in 2.2.2
|
|
|
|
|
|
|
|
1) The 'check' command disclaimer is toned down further and only
|
|
|
|
appears once in the 'check' output.
|
|
|
|
|
2005-02-18 17:53:39 +01:00
|
|
|
2) Enhanced support in the SOURCE column of /etc/shorewall/tcrules.
|
|
|
|
|
2005-02-23 19:11:45 +01:00
|
|
|
3) All calls to 'clear' are now conditional on the output device being
|
|
|
|
a terminal.
|
|
|
|
|
2005-03-01 19:19:49 +01:00
|
|
|
4) Apply Juergen Kreileder's log/action patch.
|
|
|
|
|
2005-03-04 17:28:58 +01:00
|
|
|
5) Add the output of 'arp -na' to the 'shorewall status' display.
|
|
|
|
|
2005-03-04 23:25:46 +01:00
|
|
|
6) Provide support for the Extended multiport match available in 2.6.11.
|
|
|
|
|
2005-02-02 18:58:10 +01:00
|
|
|
Changes in 2.2.1
|
2005-02-01 21:48:43 +01:00
|
|
|
|
|
|
|
1) Add examples to the zones and policy files.
|
|
|
|
|
2005-02-02 18:58:10 +01:00
|
|
|
2) Simon Matter's patch for umask.
|
|
|
|
|
2005-02-13 17:24:51 +01:00
|
|
|
3) Apply Juergen Kreileder's patch for logging.
|
|
|
|
|
2004-07-01 16:12:29 +02:00
|
|
|
Changes since 2.0.3
|
2004-01-31 17:11:22 +01:00
|
|
|
|
2004-07-01 16:12:29 +02:00
|
|
|
1) Fix security vulnerability involving temporary files/directories.
|
2004-04-10 04:47:04 +02:00
|
|
|
|
2004-07-01 16:12:29 +02:00
|
|
|
2) Hack security fix so that it works under Slackware.
|
2004-05-18 15:56:35 +02:00
|
|
|
|
2004-07-01 16:12:29 +02:00
|
|
|
3) Correct mktempfile() for case where mktemp isn't installed.
|
2004-05-19 19:16:06 +02:00
|
|
|
|
2004-07-01 16:12:29 +02:00
|
|
|
4) Implement 'dropInvalid' builtin action.
|
2004-07-06 22:41:53 +02:00
|
|
|
|
|
|
|
5) Fix logging nat rules.
|
2004-07-10 19:03:31 +02:00
|
|
|
|
2004-07-12 15:01:55 +02:00
|
|
|
6) Fix COMMAND typos.
|
|
|
|
|
|
|
|
7) Add PKTTYPE option.
|
|
|
|
|
2004-07-13 02:33:30 +02:00
|
|
|
8) Enhancements to /etc/shorewall/masq
|
|
|
|
|
2004-07-15 22:29:06 +02:00
|
|
|
8) Allow overriding ADD_IP_ALIASES=Yes
|
|
|
|
|
2004-07-19 15:50:14 +02:00
|
|
|
9) Fix syntax error in setup_nat()
|
|
|
|
|
2004-07-21 20:57:45 +02:00
|
|
|
10) Port "shorewall status" changes from 2.0.7.
|
2004-07-25 00:14:58 +02:00
|
|
|
|
2004-07-26 01:26:52 +02:00
|
|
|
11) All config files are now empty.
|
|
|
|
|
2004-07-26 22:57:02 +02:00
|
|
|
12) Port blacklisting fix from 2.0.7
|
|
|
|
|
|
|
|
13) Pass rule chain and display chain separately to log_rule_limit.
|
|
|
|
Prep work for action logging.
|
2004-08-02 23:48:40 +02:00
|
|
|
|
|
|
|
14) Show the iptables/ip/tc command that failed when failure is fatal.
|
|
|
|
|
|
|
|
15) Implement STARTUP_ENABLED.
|
2004-08-10 22:18:15 +02:00
|
|
|
|
|
|
|
16) Added DNAT ONLY column to /etc/shorewall/nat.
|
2004-08-11 02:17:54 +02:00
|
|
|
|
|
|
|
17) Removed SNAT from ORIGINAL DESTINATION column.
|
2004-08-14 20:39:09 +02:00
|
|
|
|
|
|
|
18) Removed DNAT ONLY column.
|
|
|
|
|
|
|
|
19) Added IPSEC column to /etc/shorewall/masq.
|
2004-08-14 21:03:10 +02:00
|
|
|
|
|
|
|
20) No longer enforce source port 500 for ISAKMP.
|
2004-08-16 18:28:44 +02:00
|
|
|
|
|
|
|
21) Apply policy to interface/host options.
|
2004-08-16 20:00:53 +02:00
|
|
|
|
|
|
|
22) Fix policy and maclist.
|
2004-08-19 00:29:09 +02:00
|
|
|
|
|
|
|
23) Implement additional IPSEC options for zones and masq entries.
|
2004-08-20 00:22:49 +02:00
|
|
|
|
|
|
|
24) Deprecate the -c option in /sbin/shorewall.
|
2004-08-20 17:37:56 +02:00
|
|
|
|
|
|
|
25) Allow distinct input and output IPSEC parameters.
|
2004-08-26 22:59:39 +02:00
|
|
|
|
|
|
|
26) Allow source port remapping in /etc/shorewall/masq.
|
2004-08-27 03:36:07 +02:00
|
|
|
|
|
|
|
27) Include params file on 'restore'
|
2004-08-29 19:21:16 +02:00
|
|
|
|
|
|
|
28) Apply Richard Musil's patch.
|
2004-09-02 19:12:39 +02:00
|
|
|
|
|
|
|
29) Correct parsing of PROTO column in setup_tc1().
|
2004-09-06 01:43:08 +02:00
|
|
|
|
|
|
|
30) Verify Physdev match if BRIDGING=Yes
|
2004-09-06 21:58:10 +02:00
|
|
|
|
|
|
|
31) Don't NAT tunnel traffic.
|
2004-09-07 01:46:26 +02:00
|
|
|
|
|
|
|
32) Fix shorewall.spec to run chkconfig/insserv after initial install.
|
|
|
|
|
2004-09-08 22:40:30 +02:00
|
|
|
33) Add iprange support.
|
|
|
|
|
|
|
|
34) Add CLASSIFY support.
|
|
|
|
|
2004-09-09 22:42:50 +02:00
|
|
|
35) Fix iprange support so that ranges in both source and destination
|
|
|
|
work.
|
|
|
|
|
|
|
|
36) Remove logunclean and dropunclean
|
2004-09-09 22:18:49 +02:00
|
|
|
|
2004-09-10 23:41:10 +02:00
|
|
|
37) Fixed proxy arp flag setting for complex configurations.
|
|
|
|
|
2004-09-11 18:16:34 +02:00
|
|
|
38) Added RETAIN_ALIASES option.
|
2004-09-14 00:16:15 +02:00
|
|
|
|
|
|
|
39) Relax OpenVPN source port restrictions.
|
2004-09-15 22:04:36 +02:00
|
|
|
|
|
|
|
40) Implement DELAYBLACKLISTLOAD.
|
2004-09-16 21:30:54 +02:00
|
|
|
|
|
|
|
41) Avoid double-setting proxy arp flags.
|
2004-09-23 16:30:54 +02:00
|
|
|
|
|
|
|
42) Fix DELAYBLACKLISTLOAD=No.
|
2004-09-24 00:11:10 +02:00
|
|
|
|
|
|
|
43) Merge 'brctl show' change from 2.0.9.
|
2004-09-25 19:18:25 +02:00
|
|
|
|
|
|
|
44) Implememt LOGTAGONLY.
|
2004-09-30 17:30:16 +02:00
|
|
|
|
2004-10-08 00:56:35 +02:00
|
|
|
45) Merge 'tcrules' clarification from 2.0.10.
|
2004-10-03 02:44:12 +02:00
|
|
|
|
|
|
|
46) Implement 'sourceroute' interface option.
|
2004-10-08 00:56:35 +02:00
|
|
|
|
2004-10-08 02:17:55 +02:00
|
|
|
47) Add 'AllowICMPs' action.
|
2004-10-09 02:06:45 +02:00
|
|
|
|
|
|
|
48) Changed 'activate_rules' such that traffic from IPSEC hosts gets
|
|
|
|
handled before traffic from non-IPSEC zones.
|
2004-10-11 23:16:48 +02:00
|
|
|
|
|
|
|
49) Correct logmartians handling.
|
2004-10-12 16:56:15 +02:00
|
|
|
|
|
|
|
50) Add a clarification and fix a typo in the blacklist file.
|
2004-10-13 02:42:26 +02:00
|
|
|
|
|
|
|
51) Allow setting a specify MSS value.
|
2004-10-15 00:31:52 +02:00
|
|
|
|
|
|
|
52) Detect duplicate zone names.
|
2004-10-15 20:46:27 +02:00
|
|
|
|
2004-10-15 22:00:48 +02:00
|
|
|
53) Add mss=<number> option to the ipsec file.
|
2004-10-18 20:08:15 +02:00
|
|
|
|
|
|
|
54) Added CONNMARK/ipp2p support.
|
2004-10-24 20:53:38 +02:00
|
|
|
|
|
|
|
55) Added LOGALLNEW support.
|
2004-10-25 15:52:59 +02:00
|
|
|
|
|
|
|
56) Fix typo in check_config()
|
2004-10-25 23:20:53 +02:00
|
|
|
|
2004-10-26 16:48:21 +02:00
|
|
|
57) Allow outgoing NTP responses in action.AllowNTP.
|
|
|
|
|
|
|
|
58) Clarification of the 'ipsec' hosts file option.
|
|
|
|
|
2004-10-26 17:26:13 +02:00
|
|
|
59) Allow list in the SUBNET column of the rfc1918 file.
|
2004-11-02 22:13:52 +01:00
|
|
|
|
|
|
|
60) Restore missing '#' in the rfc1918 file.
|
2004-11-04 19:18:20 +01:00
|
|
|
|
|
|
|
61) Add note for Slackware users to INSTALL.
|
2004-11-04 22:35:56 +01:00
|
|
|
|
|
|
|
62) Allow interface in DEST tcrules column.
|
2004-11-05 17:18:52 +01:00
|
|
|
|
|
|
|
63) Remove 'ipt_unclean' from search expression in "log" commands.
|
2004-11-12 16:08:30 +01:00
|
|
|
|
|
|
|
64) Remove nonsense from IPSEC description in masq file.
|
|
|
|
|
|
|
|
65) Correct typo in rules file.
|
|
|
|
|
|
|
|
66) Update bogons file.
|
2004-11-16 16:04:34 +01:00
|
|
|
|
|
|
|
67) Add a rule for NNTPS to action.AllowNNTP
|
2004-11-19 18:30:26 +01:00
|
|
|
|
|
|
|
68) Fix "shorewall add"
|
2004-11-25 00:36:26 +01:00
|
|
|
|
|
|
|
69) Change CLIENT PORT(S) to SOURCE PORT(S) in tcrules file.
|
2004-11-25 21:24:21 +01:00
|
|
|
|
|
|
|
70) Correct typo in shorewall.conf.
|
2004-11-26 19:44:42 +01:00
|
|
|
|
|
|
|
71) Add the 'icmp_echo_ignore_all' file to the /proc display.
|
|
|
|
|
|
|
|
72) Apply Tuomas Jormola's IPTABLES patch.
|
2004-11-27 00:24:50 +01:00
|
|
|
|
|
|
|
73) Fixed some bugs in Tuomas's patch.
|
2004-11-27 00:33:32 +01:00
|
|
|
|
|
|
|
74) Correct bug in "shorewall add"
|
2004-11-27 17:12:14 +01:00
|
|
|
|
|
|
|
75) Correct bridge handling in "shorewall add" and "shorewall delete"
|
2004-11-27 20:44:32 +01:00
|
|
|
|
|
|
|
76) Add "shorewall show zones"
|
2004-11-28 18:32:00 +01:00
|
|
|
|
|
|
|
77) Remove dependency of "show zones" on dynamic zones.
|
2004-11-29 16:05:16 +01:00
|
|
|
|
|
|
|
78) Implement variable expansion in INCLUDE directives
|
|
|
|
|
2004-11-29 20:29:33 +01:00
|
|
|
79) More fixes for "shorewall delete" with bridging.
|
2004-11-30 22:57:36 +01:00
|
|
|
|
|
|
|
80) Split restore-base into two files.
|
2004-12-01 22:12:01 +01:00
|
|
|
|
|
|
|
81) Correct OUTPUT handling of dynamic zones.
|
2004-12-03 21:35:21 +01:00
|
|
|
|
2004-12-03 23:00:31 +01:00
|
|
|
83) Add adapter statistics to the output of "shorewall status".
|
|
|
|
|
|
|
|
84) Log drops due to policy rate limiting.
|
|
|
|
|
2004-12-04 00:18:28 +01:00
|
|
|
85) Continue determining capabilities when fooX1234 already exists.
|
2004-12-07 16:17:02 +01:00
|
|
|
|
|
|
|
86) Corrected typo in interfaces file.
|
2004-12-07 17:31:48 +01:00
|
|
|
|
2004-12-08 21:00:03 +01:00
|
|
|
87) Add DROPINVALID option.
|
|
|
|
|
|
|
|
88) Allow list of hosts in add and delete commands. Fix ipsec problem
|
|
|
|
with "add" and "delete"
|
2004-12-13 19:51:00 +01:00
|
|
|
|
|
|
|
89) Clarify add/delete syntax in /sbin/shorewall usage summary.
|
2004-12-14 17:11:49 +01:00
|
|
|
|
2004-12-18 18:21:47 +01:00
|
|
|
90) Implement OpenVPN TCP support.
|
2004-12-14 20:55:51 +01:00
|
|
|
|
|
|
|
91) Simplify the absurdly over-engineered code that restores the
|
|
|
|
dynamic chain.
|
2004-12-19 20:30:21 +01:00
|
|
|
|
|
|
|
92) Add OPENVPNPORT option.
|
2004-12-25 03:42:01 +01:00
|
|
|
|
|
|
|
93) Remove OPENVPNPORT option and change default port to 1194.
|
2004-12-26 00:19:43 +01:00
|
|
|
|
|
|
|
94) Avoid shell error during "shorewall stop/clear"
|
2004-12-26 20:49:00 +01:00
|
|
|
|
|
|
|
95) Change encryption to blowfish in 'ipsecvpn' script.
|
2004-12-28 19:15:49 +01:00
|
|
|
|
|
|
|
96) Correct rate limiting rule example.
|
2004-12-29 01:06:02 +01:00
|
|
|
|
|
|
|
97) Fix <if>:: handling in setup_masq().
|
2004-12-30 17:08:41 +01:00
|
|
|
|
|
|
|
98) Fix mis-leading typo in tunnels.
|
2004-12-30 22:14:24 +01:00
|
|
|
|
|
|
|
99) Fix brain-dead ipsec option handling in setup_masq().
|
2004-12-31 19:18:19 +01:00
|
|
|
|
|
|
|
100) Reconcile ipsec masq file implementation with the documentation.
|
|
|
|
|
2005-01-03 18:27:46 +01:00
|
|
|
101) Add netfilter module display to status output.
|
2005-01-10 17:36:08 +01:00
|
|
|
|
|
|
|
102) Add 'allowInvalid' builtin action.
|
|
|
|
|
|
|
|
103) Expand range of Traceroute ports.
|
2005-01-16 21:39:18 +01:00
|
|
|
|
|
|
|
102) Correct uninitialized variable in setup_ecn()
|
2005-01-25 01:04:06 +01:00
|
|
|
|
|
|
|
103) Allow DHCP to be IPSEC-encrypted.
|