mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-18 20:30:43 +01:00
Document fix for IPSETs and ORIGINAL DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
27f1c494a0
commit
4a4d74b52b
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 1
|
||||
|
||||
1) Apply Togan's patch for installation flexibility.
|
||||
|
||||
2) Restore use of IPSETS in the ORIGINAL DEST column.
|
||||
|
||||
Changes in Shorewall 4.4.19.1
|
||||
|
||||
1) Eliminate silly duplicate rule when stopped.
|
||||
|
@ -39,6 +39,19 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
DNAT and REDIRECT rules. That capability, inadvertently dropped in
|
||||
Shorewall-perl, has now been restored.
|
||||
|
||||
Please note, however, that using an IPSET in this way will open the
|
||||
server port from the SOURCE zone.
|
||||
|
||||
Example:
|
||||
|
||||
This rule:
|
||||
|
||||
DNAT net dmz:10.1.10.2 tcp 80 - +foo
|
||||
|
||||
will implicitly add this rule:
|
||||
|
||||
ACCEPT net dmz:10.1.10.2 tcp 80
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user