extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

A little cleanup before RC1

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8677 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-08-22 16:11:52 +00:00
parent 53bc221727
commit 336c344e19
3 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 4.2.0-RC1
1) Add NONAT option to entries in /etc/shorewall/masq.
Changes in 4.2.0-Beta3 Changes in 4.2.0-Beta3
1) Fix ip_forwarding vs the 'restore' command. 1) Fix ip_forwarding vs the 'restore' command.

119
Shorewall-common/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 4.2.0 Beta 3. Shorewall 4.2.0 RC 1.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
R E L E A S E 4 . 2 H I G H L I G H T S R E L E A S E 4 . 2 H I G H L I G H T S
@ -78,70 +78,15 @@ Migration Issues.
7) DYNAMIC_ZONES=Yes is no longer supported by Shorewall-perl. Use 7) DYNAMIC_ZONES=Yes is no longer supported by Shorewall-perl. Use
ipset-based zones instead. ipset-based zones instead.
Problems corrected in Shorewall-perl-4.2.0 Beta3. Problems corrected in Shorewall 4.2.0 RC 1.
1) The 4.2.0-Beta2 change which defers setting up ip forwarding until None.
the rules are in place did not handle the 'restore' command
correctly. So if '-f' is specified to the 'start' command and there
is a saved configuration, the setting of ip forwarding will not be
changed.
2) Previously, when the COPY column of /etc/shorewall/providers Other Changes in Shoreall 4.2.0 RC 1
contained one or more interface names, Shorewall-perl was not
adding the interface in the INTERFACE column to those interfaces
being copied. This has been corrected.
Other Changes in Shoreall 4.2.0 Beta 3. 1) If 'NONAT' is specified in the ADDRESS column of an entry in
/etc/shorewall/masq, then traffic matching that entry is not
1) Beginning with Shorewall 4.0.0, the -f option was no longer the passed to the entries that follow.
default for '/etc/init.d/shorewall start'. Beginning with 4.0.13
and 4.2.0-Beta3, this is also true for Shoreawall-lite.
2) A new USE_DEFAULT_RT option has been added to shorewall.conf. When
set to 'Yes', it causes the Shorewall multi-ISP feature to create
a different set of routing rules which are resilient to changes in
the main routing table. Such changes can occur for a number of
reasons, VPNs going up and down being an example.
The USE_DEFAULT_RT option is currently classified as
EXPERIMENTAL. As a consequence, if you have a problem with it, the
Shorewall support team may not be able to supply you with a
solution.
The idea is to send packets through the main table prior to
applying any of the Shorewall-generated routing rules. So changes
to the main table will affect the routing of packets by default.
When USE_DEFAULT_RT=Yes:
a) Both the DUPLICATE and the COPY columns in the providers file
must remain empty (or contain "-").
b) The 'balance' option is assumed for all interfaces except those
specified as 'loose'.
c) The default route is added to the the 'default' table rather
than to the main table.
d) Packets are sent through the main routing table by a rule with
priority 999. In /etc/shorewall/routing_rules, the range 1-998
may be used for inserting rules that bypass the main table.
e) All provider gateways must be specified explicitly in the
GATEWAY column. 'detect' may not be specified.
f) You should disable all default route management outside of
Shorewall. If a default route is added to the main table while
Shorewall is started, then all policy routing will stop working
(except for those routing rules in the priority range 1-998).
3) The 'shorewall restart' command now supports an -f option. When
this option is specified, no compilation occurs; rather, the script
which last started or restarted Shorewall is used.
4) A macro supporting RNDC (BIND remote management protocol) traffic
has been added. It can be used as any other macro (e.g., RNDC/ACCEPT)
in the rules file.
New Features in Shorewall 4.2. New Features in Shorewall 4.2.
@ -940,3 +885,53 @@ New Features in Shorewall 4.2.
42) Farkas Levante has contributed a macro.Mail macro that covers SMTP, 42) Farkas Levante has contributed a macro.Mail macro that covers SMTP,
SMTPS and submission. SMTPS and submission.
43) Beginning with Shorewall 4.0.0, the -f option was no longer the
default for '/etc/init.d/shorewall start'. Beginning with 4.0.13
and 4.2.0-Beta3, this is also true for Shoreawall-lite.
44) A new USE_DEFAULT_RT option has been added to shorewall.conf. When
set to 'Yes', it causes the Shorewall multi-ISP feature to create
a different set of routing rules which are resilient to changes in
the main routing table. Such changes can occur for a number of
reasons, VPNs going up and down being an example.
The USE_DEFAULT_RT option is currently classified as
EXPERIMENTAL. As a consequence, if you have a problem with it, the
Shorewall support team may not be able to supply you with a
solution.
The idea is to send packets through the main table prior to
applying any of the Shorewall-generated routing rules. So changes
to the main table will affect the routing of packets by default.
When USE_DEFAULT_RT=Yes:
a) Both the DUPLICATE and the COPY columns in the providers file
must remain empty (or contain "-").
b) The 'balance' option is assumed for all interfaces except those
specified as 'loose'.
c) The default route is added to the the 'default' table rather
than to the main table.
d) Packets are sent through the main routing table by a rule with
priority 999. In /etc/shorewall/routing_rules, the range 1-998
may be used for inserting rules that bypass the main table.
e) All provider gateways must be specified explicitly in the
GATEWAY column. 'detect' may not be specified.
f) You should disable all default route management outside of
Shorewall. If a default route is added to the main table while
Shorewall is started, then all policy routing will stop working
(except for those routing rules in the priority range 1-998).
45) The 'shorewall restart' command now supports an -f option. When
this option is specified, no compilation occurs; rather, the script
which last started or restarted Shorewall is used.
46) A macro supporting RNDC (BIND remote management protocol) traffic
has been added. It can be used as any other macro (e.g., RNDC/ACCEPT)
in the rules file.

3
manpages/shorewall-masq.xml
View File

@ -203,7 +203,8 @@
<para>If you simply place <emphasis role="bold">NONAT</emphasis> in <para>If you simply place <emphasis role="bold">NONAT</emphasis> in
this column, no rewriting of the source IP address or port number this column, no rewriting of the source IP address or port number
will be performed.</para> will be performed. This is useful if you want particular traffic to
be exempt from the entries that follow in the file.</para>
<para>If you want to leave this column empty but you need to specify <para>If you want to leave this column empty but you need to specify
the next column then place a hyphen ("-") here.</para> the next column then place a hyphen ("-") here.</para>