From 21d4c8ba2136fdf6a2482ed2ad150b5b86fec511 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 8 Feb 2010 10:03:10 -0800 Subject: [PATCH] Document workaround for lack of 'flow' Signed-off-by: Tom Eastep --- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 378b4d1d3..47e58d466 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -20,6 +20,8 @@ Changes in Shorewall 4.4.7 10) Fix and optimize 'nosmurfs'. +11) Use 'OLD_HL_MATCH' to suppress use of 'flow' in Simple TC. + Changes in Shorewall 4.4.6 1) Fix for rp_filter and kernel 2.6.31. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ebc9a40a9..5bd73aa12 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -209,6 +209,15 @@ Shorewall 4.4.7 SMURF_LOG_LEVEL is specified has been improved for both IPv4 and IPv6. +5) Previously, specifying a TYPE in /etc/shorewall/tcinterfaces would + cause start/restart to fail on systems lacking 'flow' classifier + support. While we currently know of no safe way to test for that + support, in Shorewall 4.4.7 we use other hints to surmise that the + installed toolset is likely to be too old to support 'flow' and + simply ignore the TYPE setting. In particular, RHEL5 and + derivatives no lonter experience a startup failure when TYPE is + specified. + ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------