diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 66a5fb74a..df27f784d 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -20,6 +20,8 @@ Changes in 4.1.7 10) Add NULL_ROUTE_RFC1918 option. +11) Defer enabling of forwarding until rules are in place. + Changes in 4.1.6 1) Deprecate IMPLICIT_CONTINUE=Yes diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 4adb59c5a..bc6cb32be 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -72,9 +72,20 @@ Migration Issues. been changed from Yes to No. 6) The 'norfc1918' option is deprecated. Use explicit rules instead. - Note that there is a new 'Rfc1918' option that acts on addresses + Note that there is a new 'Rfc1918' macro that acts on addresses reserved by RFC 1918. +Problems corrected in Shorewall 4.1.7. + +1) Previously, when IP_FORWARDING=Yes in shorewall.conf, Shorewall + would enable ip forwarding before instantiating the rules. This + could lead to incorrect connection tracking entries being created + between the time that forwarding was enabled and when the nat table + rules were instantiated. + + Beginning with Shorewall 4.0.11, enabling of forwarding is deferred + until after the rules are in place. + Problems corrected in Shorewall-perl 4.1.7. 1) Perl run-time errors occurred if an unknown service was named in diff --git a/Shorewall-common/shorewall.conf b/Shorewall-common/shorewall.conf index 6ebe8f624..580abfcf4 100644 --- a/Shorewall-common/shorewall.conf +++ b/Shorewall-common/shorewall.conf @@ -7,7 +7,8 @@ # # This file should be placed in /etc/shorewall # -# (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net) +# (c) 1999,2000,2001,2002,2003,2004,2005, +# 2006,2007,2008 - Tom Eastep (teastep@shorewall.net) # # For information about the settings in this file, type "man shorewall.conf" # @@ -183,8 +184,6 @@ AUTO_COMMENT=Yes MANGLE_ENABLED=Yes -NEW_MACRO_LAYOUT=No - ############################################################################### # P A C K E T D I S P O S I T I O N ###############################################################################