extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 08:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert change that allowed out of order policies

Browse Source
This commit is contained in:
Tom Eastep 2009-12-19 07:24:17 -08:00
parent 10ae98571b
commit 508e1123bb
2 changed files with 12 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Shorewall/changelog.txt
View File

@ -8,27 +8,25 @@ Changes in Shorewall 4.4.5
4) Allow zone::serverport in rules DEST column. 4) Allow zone::serverport in rules DEST column.
5) Allow specific policy to supersede a wildcard policy. 5) Fix 'show policies' in Shorewall6.
6) Fix 'show policies' in Shorewall6. 6) Auto-load tc modules.
7) Auto-load tc modules. 7) Allow LOGFILE=/dev/null
8) Allow LOGFILE=/dev/null 8) Fix shorewall6-lite/shorecap
9) Fix shorewall6-lite/shorecap 9) Fix MODULE_SUFFIX.
10) Fix MODULE_SUFFIX. 10) Fix ENHANCED_REJECT detection for IPv4.
11) Fix ENHANCED_REJECT detection for IPv4. 11) Fix DONT_LOAD vs 'reload -c'
12) Fix DONT_LOAD vs 'reload -c' 12) Fix handling of SOURCE and DEST vs macros.
13) Fix handling of SOURCE and DEST vs macros. 13) Remove silly logic in expand_rule().
14) Remove silly logic in expand_rule(). 14) Add current and limit to Conntrack Table Heading.
15) Add current and limit to Conntrack Table Heading.
Changes in Shorewall 4.4.4 Changes in Shorewall 4.4.4

16
Shorewall/releasenotes.txt
View File

@ -234,22 +234,10 @@ None.
been created to handle the request. So such rules should probably been created to handle the request. So such rules should probably
exclude the firewall's IP addresses in the ORIGINAL DEST column. exclude the firewall's IP addresses in the ORIGINAL DEST column.
2) Previously, the following sequence of policies would produce a 2) Systems that do not log Netfilter messages locally can now set
'Duplicate Policy' error:
$FW all ACCEPT
$FW dmz REJECT info
Beginning with 4.4.5, this sequence produces the same result as this
one:
$FW dmz REJECT info
$FW all ACCEPT
3) Systems that do not log Netfilter messages locally can now set
LOGFILE=/dev/null in shorewall.conf. LOGFILE=/dev/null in shorewall.conf.
4) The 'shorewall show connections' and 'shorewall dump' commands now 3) The 'shorewall show connections' and 'shorewall dump' commands now
display the current number of connections and the max supported display the current number of connections and the max supported
connections. connections.