mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 19:13:39 +01:00
Document double exclusion fix
This commit is contained in:
parent
e7831d5a15
commit
6603978ba4
@ -5,6 +5,8 @@ Changes in Shorewall 4.4.19.2
|
|||||||
|
|
||||||
2) Correct several complex TC issues reported by Mr Dash4.
|
2) Correct several complex TC issues reported by Mr Dash4.
|
||||||
|
|
||||||
|
3) Detect double exclusion involving ipset expressions.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.19.1
|
Changes in Shorewall 4.4.19.1
|
||||||
|
|
||||||
1) Eliminate silly duplicate rule when stopped.
|
1) Eliminate silly duplicate rule when stopped.
|
||||||
|
@ -56,6 +56,15 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
d) Where there are more than 10 tcdevices, tcfilter entries could
|
d) Where there are more than 10 tcdevices, tcfilter entries could
|
||||||
generate invalid rules.
|
generate invalid rules.
|
||||||
|
|
||||||
|
3) Double exclusion involving ipset lists was previously not detected,
|
||||||
|
resulting in anomalous behavior.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
ACCEPT:info $FW net:!10.1.0.7,10.1.0.9,+[!my-host[src]]]
|
||||||
|
|
||||||
|
Such cases now result in a compilation error.
|
||||||
|
|
||||||
4.4.19.1
|
4.4.19.1
|
||||||
|
|
||||||
1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when
|
1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when
|
||||||
|
Loading…
Reference in New Issue
Block a user