Fix for 2.0 MACLIST_DISPOSITION vulnerability

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-18 02:25:58 +00:00
parent 318e204358
commit 1b01026e2d

View File

@ -13,7 +13,7 @@
</author>
</authorgroup>
<pubdate>2005-03-16</pubdate>
<pubdate>2005-07-17</pubdate>
<copyright>
<year>2001-2005</year>
@ -90,7 +90,7 @@
</section>
<section>
<title>Problems in Version 2.2</title>
<title>Problems in Version 2.2 and Later</title>
<para>Beginning with Shorewall version 2.2.0, errata will not be published
on this page. Rather, the download directory for each version will
@ -114,6 +114,36 @@
<section>
<title>Problems in Version 2.0</title>
<section>
<title>Shorewall 2.0.17</title>
<itemizedlist>
<listitem>
<para>Users specifying TCP_FLAGS_LOG_LEVEL=ULOG will find that
"shorewall [re]start" fails with the following error:</para>
<programlisting>iptables v1.3.2: Unknown arg `--log-ip-options'
Try `iptables -h' or 'iptables --help' for more information.
ERROR: Command "/usr/sbin/iptables -A logflags -j ULOG --log-ip-options --ulog-prefix "Shorewall:logflags:DROP:"" Failed</programlisting>
<para>Install the '<ulink
url="http://www1.shorewall.net/pub/shorewall/errata/2.0.17/firewall">firewall'
script in the errata directory </ulink>into
/usr/share/shorewall/firewall replacing the file by that
name.</para>
</listitem>
<listitem>
<para>Setting MACLIST_DISPOSITION=ACCEPT opens a serious security
vulnerability. Install the '<ulink
url="http://www1.shorewall.net/pub/shorewall/errata/2.0.17/firewall">firewall'
script in the errata directory</ulink>into
/usr/share/shorewall/firewall replacing the file by that
name.</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Shorewall 2.0.15-2.0.16</title>