extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 15:46:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clarifications and minor documentation corrections

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3108 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-12-01 22:27:18 +00:00
parent ded4a14fad
commit 3d0ec74fde
2 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/releasenotes.txt
View File

@ -664,11 +664,7 @@ New Features in Shorewall 3.0.*
must have restarted Shorewall using this release before this feature must have restarted Shorewall using this release before this feature
will work correctly. will work correctly.
25) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes 25) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
in shorewall.conf. This is done to ensure that "shorewall refresh" will
work correctly.
26) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
keyword in the PROTOCOL column of the relevant files, the following keyword in the PROTOCOL column of the relevant files, the following
values may be specified: values may be specified:
@ -678,7 +674,7 @@ New Features in Shorewall 3.0.*
ipp2p:all Matches both UDP and TCP traffic. You may ipp2p:all Matches both UDP and TCP traffic. You may
not specify a SOURCE PORT with this PROTOCOL. not specify a SOURCE PORT with this PROTOCOL.
27) Normally MAC verification triggered by the 'maclist' interface and host 26) Normally MAC verification triggered by the 'maclist' interface and host
options is done out of the INPUT and FORWARD chains of the filter table. options is done out of the INPUT and FORWARD chains of the filter table.
Users have reported that under some circumstances, MAC verification is Users have reported that under some circumstances, MAC verification is
failing for forwarded packets when the packets are being forwarded out failing for forwarded packets when the packets are being forwarded out
@ -691,7 +687,7 @@ New Features in Shorewall 3.0.*
the REJECT target may not be used in the PREROUTING chain, the settings the REJECT target may not be used in the PREROUTING chain, the settings
MACLIST_DISPOSITION=REJECT and MACLIST_TABLE=mangle are incompatible. MACLIST_DISPOSITION=REJECT and MACLIST_TABLE=mangle are incompatible.
28) The sample configurations are now packaged with the product. They are 27) The sample configurations are now packaged with the product. They are
in the Samples directory on the tarball and are in the RPM they are in the Samples directory on the tarball and are in the RPM they are
in the Samples sub-directory of the Shorewall documentation in the Samples sub-directory of the Shorewall documentation
directory. directory.

6
Shorewall/shorewall.conf
View File

@ -368,6 +368,8 @@ IPSECFILE=zones
# Name of the firewall zone -- if not set or if set to an empty string, then # Name of the firewall zone -- if not set or if set to an empty string, then
# you must include a definition of the firewall zone in /etc/shorewall/zones. # you must include a definition of the firewall zone in /etc/shorewall/zones.
# #
# Note: If IPSECFILE=zones above then you must NOT set FW and you must define
# the firewall zone in /etc/shorewall/zones.
FW= FW=
@ -483,10 +485,6 @@ CLEAR_TC=No
# Note: Older kernels do not support marking packets in the FORWARD chain and # Note: Older kernels do not support marking packets in the FORWARD chain and
# setting this variable to Yes may cause startup problems. # setting this variable to Yes may cause startup problems.
# #
# Note: If you connect to the internet through more than one ISP and thus have
# entries in /etc/shorewall/providers then you must set
# MARK_IN_FORWARD_CHAIN=Yes.
#
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No