Add additional migration considerations for 2.0 users

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3141 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-12-09 23:11:46 +00:00
parent 6b74ac6c2d
commit 1618941d9e
2 changed files with 76 additions and 2 deletions

View File

@ -24,6 +24,8 @@ Changes in 3.0.3
12) Correct README.txt
13) Add upgrade considerations for 2.0 users to release notes.
Changes in 3.0.2
1) Typos in the Samples corrected.

View File

@ -61,7 +61,7 @@ New Features in 3.0.3
1) A "shorewall show macros" command has been added. This command displays
a list of the standard macros along with a brief description of each.
2) The '-q' option now works with 'safe-start' and 'safe-restart'.
2) The '-q' option is now supported with 'safe-start' and 'safe-restart'.
3) The value "-" is now allowed in the ADDRESS/SUBNET column of
/etc/shorewall/blacklist. That value is equivalent to specifying
@ -364,7 +364,79 @@ Migration Considerations for Users upgrade from Shorewall 2.2 or 2.4.
/etc/shorewall/tcstart so if you set TC_ENABLED=Yes, then you must
supply that script.
New Features in Shorewall 3.0.*
Additional Migration Considerations for Users upgrading from Shorewall 2.0.
Note that these are in addition to the considerations listed above.
1) Shorewall configuration files except shorewall.conf are now empty
(they contain only comments). If you wish to retain the defaults
in any of the following files, you should copy these files before
upgrading them then restore them after the upgrade:
/etc/shorewall/zones
/etc/shorewall/policy
/etc/shorewall/tos
2) If shorewall.conf is upgraded to the latest version, it needs to be
modified to set STARTUP_ENABLED=Yes
3) 5) The ORIGINAL DEST column of the /etc/shorewall/rules file may no
longer contain a second (SNAT) address. You must use an entry in
/etc/shorewall/masq instead.
Example from Shorewall FAQ #1:
Prior to Shorewall 2.2:
/etc/shorewall/interfaces
loc eth1 detect routeback,...
/etc/shorewall/rules
DNAT loc loc:192.168.1.12 tcp 80 \
- 130.252.100.69:192.168.1.254
Shorewall 2.2 and Later:
/etc/shorewall/interfaces
loc eth1 detect routeback,...
/etc/shorewall/masq:
eth1 eth1 192.168.1.254 tcp 80
/etc/shorewall/rules:
DNAT loc loc:192.168.1.12 tcp 80 \
- 130.252.100.69
4) The 'logunclean' and 'dropunclean' options that were deprecated in
Shorewall 2.0 have now been removed completely.
5) A new IPTABLES variable has been added to shorewall.conf. This
variable names the iptables executable that Shorewall will use. The
variable is set to "/sbin/iptables". If you use the new
shorewall.conf, you may need to change this setting to maintain
compabibility with your current setup (if you use your existing
shorewall.conf that does not set IPTABLES then you should
experience no change in behavior).
6) The default port for OpenVPN tunnels has been changed from 5000 to
1194 to reflect the recent IANA allocation of that port for
OpenVPN.
7) If you are setting a shell variable using a statement similar to:
ETH0_IP=`find_interface_address eth0`
then you must change that statement to read as follows:
ETH0_IP=`find_first_interface_address eth0`
New Features in Shorewall 3.0.0
1) Error and warning messages are made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).