extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-08 03:21:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

More Persistent SNAT tweaks

Browse Source
This commit is contained in:
Tom Eastep 2009-08-15 08:56:05 -07:00
parent c908edab34
commit 201145eed9
1 changed files with 9 additions and 2 deletions

11
Shorewall/releasenotes.txt
View File

@ -173,7 +173,7 @@ None.
want a client to always receive the same source/destination IP want a client to always receive the same source/destination IP
pair. It replaces SAME: which was removed in Shorewall 4.4.0. pair. It replaces SAME: which was removed in Shorewall 4.4.0.
To spacify persistence, follow the address range with To specify persistence, follow the address range with
":persistent". ":persistent".
Example: Example:
@ -185,7 +185,14 @@ None.
iptables. iptables.
If you use a capabilities file, you will need to create a new one If you use a capabilities file, you will need to create a new one
as a result of this feature. as a result of this feature.
WARNING: Linux kernels beginning with 2.6.29 include persistent
SNAT support. If your iptables supports persistent SNAT but your
kernel does not, there is no way for Shorewall to determine that
persistent SNAT isn't going to work. The kernel SNAT code blindly
accepts all SNAT flags without verifying them and returns them to
iptables when asked.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 N E W F E A T U R E S I N 4 . 4