Update Shorewall-perl migration issues

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9277 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-26 01:23:14 +01:00 · 2009-01-12 23:57:02 +00:00 · 2009-01-12 23:57:02 +00:00 · 48b85c5353
commit 48b85c5353
parent de038dad1b
1 changed files with 30 additions and 13 deletions
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -148,7 +148,8 @@

            <listitem>
              <para>The refresh command does not alter the Netfilter
-              configuration except for the static blacklist.</para>
+              configuration except for the static blacklist (it also refreshes
+              the mangle table, beginning with Shorewall 4.2.0).</para>
            </listitem>
          </itemizedlist>
        </listitem>
@ -186,23 +187,13 @@
                  <row>
                    <entry>maclog</entry>

-                    <entry>initdone</entry>
-
-                    <entry></entry>
+                    <entry>start</entry>
                  </row>

                  <row>
                    <entry>Per-chain (including those associated with
                    actions)</entry>

-                    <entry>start</entry>
-
-                    <entry></entry>
-                  </row>
-
-                  <row>
-                    <entry></entry>
-
                    <entry>started</entry>

                    <entry></entry>
@ -518,11 +509,37 @@ ACCEPT  loc:eth0:192.168.1.3,192.168.1.5       $FW  tcp   22</programlisting>Wit
 ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
          Shorewall-perl does not support this alternative syntax.</para>
        </listitem>
+
+        <listitem>
+          <para>Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
+          if a zone name is entered in the DEST column of a
+          <firstterm>nonat</firstterm> rule. Nonat rules include:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>DNAT-</para>
+            </listitem>
+
+            <listitem>
+              <para>REDIRECT-</para>
+            </listitem>
+
+            <listitem>
+              <para>NONAT</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>So rather than this:<programlisting>#ACTION            SOURCE             DEST             PROTO        DEST PORT(S)
+DNAT-              net                loc:192.168.1.3  tcp          21</programlisting></para>
+
+          <para>you instead want:<programlisting>#ACTION            SOURCE             DEST             PROTO        DEST PORT(S)
+DNAT-              net                192.168.1.3  tcp          21</programlisting></para>
+        </listitem>
      </orderedlist>
    </section>

    <section id="PerlDep">
-      <title>Dependence on Perl</title>
+      <title> Dependence on Perl</title>

      <para>Shorewall-perl is dependent on Perl (see the next section) which
      has a large disk footprint. This makes Shorewall-perl less desirable in