Revert change that allowed out of order policies

2025-02-16 17:51:16 +01:00 · 2009-12-19 07:24:17 -08:00 · 2009-12-19 07:24:17 -08:00 · 508e1123bb
commit 508e1123bb
parent 10ae98571b
2 changed files with 12 additions and 26 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -8,27 +8,25 @@ Changes in Shorewall 4.4.5

 4)  Allow zone::serverport in rules DEST column.

-5)  Allow specific policy to supersede a wildcard policy.
+5)  Fix 'show policies' in Shorewall6.

-6)  Fix 'show policies' in Shorewall6.
+6)  Auto-load tc modules.

-7)  Auto-load tc modules.
+7)  Allow LOGFILE=/dev/null

-8)  Allow LOGFILE=/dev/null
+8)  Fix shorewall6-lite/shorecap

-9)  Fix shorewall6-lite/shorecap
+9) Fix MODULE_SUFFIX.

-10) Fix MODULE_SUFFIX.
+10) Fix ENHANCED_REJECT detection for IPv4.

-11) Fix ENHANCED_REJECT detection for IPv4.
+11) Fix DONT_LOAD vs 'reload -c'

-12) Fix DONT_LOAD vs 'reload -c'
+12) Fix handling of SOURCE and DEST vs macros.

-13) Fix handling of SOURCE and DEST vs macros.
+13) Remove silly logic in expand_rule().

-14) Remove silly logic in expand_rule().
-
-15) Add current and limit to Conntrack Table Heading.
+14) Add current and limit to Conntrack Table Heading.

 Changes in Shorewall 4.4.4

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -234,22 +234,10 @@ None.
    been created to handle the request. So such rules should probably
    exclude the firewall's IP addresses in the ORIGINAL DEST column.

-2)  Previously, the following sequence of policies would produce a
-    'Duplicate Policy' error:
-
-    	     $FW             all             ACCEPT
-    	     $FW             dmz             REJECT          info
-
-    Beginning with 4.4.5, this sequence produces the same result as this
-    one:
-
-    	     $FW             dmz             REJECT          info
-    	     $FW             all             ACCEPT
-
-3)  Systems that do not log Netfilter messages locally can now set
+2)  Systems that do not log Netfilter messages locally can now set
    LOGFILE=/dev/null in shorewall.conf.

-4)  The 'shorewall show connections' and 'shorewall dump' commands now
+3)  The 'shorewall show connections' and 'shorewall dump' commands now
    display the current number of connections and the max supported
    connections.