Document double exclusion fix

This commit is contained in:
Tom Eastep 2011-05-03 13:54:54 -07:00
parent e7831d5a15
commit 6603978ba4
2 changed files with 12 additions and 1 deletions

View File

@ -5,6 +5,8 @@ Changes in Shorewall 4.4.19.2
2) Correct several complex TC issues reported by Mr Dash4. 2) Correct several complex TC issues reported by Mr Dash4.
3) Detect double exclusion involving ipset expressions.
Changes in Shorewall 4.4.19.1 Changes in Shorewall 4.4.19.1
1) Eliminate silly duplicate rule when stopped. 1) Eliminate silly duplicate rule when stopped.

View File

@ -56,6 +56,15 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
d) Where there are more than 10 tcdevices, tcfilter entries could d) Where there are more than 10 tcdevices, tcfilter entries could
generate invalid rules. generate invalid rules.
3) Double exclusion involving ipset lists was previously not detected,
resulting in anomalous behavior.
Example:
ACCEPT:info $FW net:!10.1.0.7,10.1.0.9,+[!my-host[src]]]
Such cases now result in a compilation error.
4.4.19.1 4.4.19.1
1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when 1) A duplicate ACCEPT rule in the INPUT chain has been eliminated when