mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-17 23:26:41 +02:00
Clarifications and minor documentation corrections
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3108 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
ded4a14fad
commit
3d0ec74fde
@ -664,11 +664,7 @@ New Features in Shorewall 3.0.*
|
||||
must have restarted Shorewall using this release before this feature
|
||||
will work correctly.
|
||||
|
||||
25) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes
|
||||
in shorewall.conf. This is done to ensure that "shorewall refresh" will
|
||||
work correctly.
|
||||
|
||||
26) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
|
||||
25) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
|
||||
keyword in the PROTOCOL column of the relevant files, the following
|
||||
values may be specified:
|
||||
|
||||
@ -678,7 +674,7 @@ New Features in Shorewall 3.0.*
|
||||
ipp2p:all Matches both UDP and TCP traffic. You may
|
||||
not specify a SOURCE PORT with this PROTOCOL.
|
||||
|
||||
27) Normally MAC verification triggered by the 'maclist' interface and host
|
||||
26) Normally MAC verification triggered by the 'maclist' interface and host
|
||||
options is done out of the INPUT and FORWARD chains of the filter table.
|
||||
Users have reported that under some circumstances, MAC verification is
|
||||
failing for forwarded packets when the packets are being forwarded out
|
||||
@ -691,7 +687,7 @@ New Features in Shorewall 3.0.*
|
||||
the REJECT target may not be used in the PREROUTING chain, the settings
|
||||
MACLIST_DISPOSITION=REJECT and MACLIST_TABLE=mangle are incompatible.
|
||||
|
||||
28) The sample configurations are now packaged with the product. They are
|
||||
27) The sample configurations are now packaged with the product. They are
|
||||
in the Samples directory on the tarball and are in the RPM they are
|
||||
in the Samples sub-directory of the Shorewall documentation
|
||||
directory.
|
||||
|
@ -368,6 +368,8 @@ IPSECFILE=zones
|
||||
# Name of the firewall zone -- if not set or if set to an empty string, then
|
||||
# you must include a definition of the firewall zone in /etc/shorewall/zones.
|
||||
#
|
||||
# Note: If IPSECFILE=zones above then you must NOT set FW and you must define
|
||||
# the firewall zone in /etc/shorewall/zones.
|
||||
|
||||
FW=
|
||||
|
||||
@ -483,10 +485,6 @@ CLEAR_TC=No
|
||||
# Note: Older kernels do not support marking packets in the FORWARD chain and
|
||||
# setting this variable to Yes may cause startup problems.
|
||||
#
|
||||
# Note: If you connect to the internet through more than one ISP and thus have
|
||||
# entries in /etc/shorewall/providers then you must set
|
||||
# MARK_IN_FORWARD_CHAIN=Yes.
|
||||
#
|
||||
|
||||
MARK_IN_FORWARD_CHAIN=No
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user