From 36a24f890cdcde28844147e08d2b7c85d6cd8325 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 24 Oct 2008 14:54:51 +0000 Subject: [PATCH] Fix 'export' command git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8798 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/releasenotes.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index f061312f8..44d7f30b9 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -126,7 +126,7 @@ Other changes in Shorewall 4.2.1 causes connections to match when the number of current connections exceeds . - When specified in the policy file, the limit is envorced on all + When specified in the policy file, the limit is enforced on all connections that are subject to the given policy (just like LIMIT:BURST). The limit is checked on new connections before the connection is passed through the rules in the NEW section of the @@ -174,10 +174,16 @@ Other changes in Shorewall 4.2.1 Beginning November 1, 2008 at noon LCT. + Use of this feature requires the time match capability in your + kernel and iptables. If you use a capabilities file when compiling + your Shorewall configuration(s), then you need to regenerate the + file using Shorewall or Shorewall-lite 4.2.1. + 3) If your kernel and iptables support "-m conntrack --ctorigdstport" then Shorewall will utilize that capability to ensure that when you do port mapping (change the destination port but not the - destination IP address), the final destination port is not open. + destination IP address), the final destination port is not opened + as a side effect. Example: