mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Fix CONTINUE policy bug and document other changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5525 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f107620ef8
commit
6cc17e8a32
@ -2,6 +2,12 @@ Changes in 3.4.1
|
||||
|
||||
1) Add rest of proxy arp fix.
|
||||
|
||||
2) Fix two problems with log-prefix handling.
|
||||
|
||||
3) Nested Zones produced shell errors.
|
||||
|
||||
4) CONTINUE policies generated invalid iptables input.
|
||||
|
||||
Changes in 3.4.0 Final
|
||||
|
||||
1) Add missing logic for "!" rules.
|
||||
|
@ -486,7 +486,7 @@ validate_policy()
|
||||
eval parents=\$${zone}_parents
|
||||
if [ -n "$parents" ]; then
|
||||
for zone1 in $ZONES $FW; do
|
||||
if $zone != $zone1; then
|
||||
if [ $zone != $zone1 ]; then
|
||||
chain=${zone}2${zone1}
|
||||
eval ${chain}_is_policy=Yes
|
||||
eval ${chain}_is_optional=Yes
|
||||
@ -3067,6 +3067,8 @@ policy_rules() # $1 = chain to add rules to
|
||||
REJECT)
|
||||
run_iptables -A $1 -j reject
|
||||
;;
|
||||
CONTINUE)
|
||||
;;
|
||||
*)
|
||||
run_iptables -A $1 -j $target
|
||||
;;
|
||||
|
@ -30,14 +30,38 @@ Release Highlights
|
||||
|
||||
Problems Corrected in 3.4.1
|
||||
|
||||
1) The "shorewall-[lite] [re]start and stop" commands reset the
|
||||
proxy_arp flag on all interfaces on the system making it impossible
|
||||
to control proxy arp manually with Shorewall installed. There was a
|
||||
partial fix included in 3.4.0; unfortunately, it did not correct the
|
||||
problem completely. Shorewall 3.4.1 includes the rest of the change
|
||||
necessarey to only clear proxy arp if there were entries in
|
||||
/etc/shorewall/proxyarp the last time that Shorewall was
|
||||
[re]started.
|
||||
1) The "shorewall-[lite] [re]start and stop" commands reset the
|
||||
proxy_arp flag on all interfaces on the system making it impossible
|
||||
to control proxy arp manually with Shorewall installed. There was a
|
||||
partial fix included in 3.4.0; unfortunately, it did not correct the
|
||||
problem completely. Shorewall 3.4.1 includes the rest of the change
|
||||
necessarey to only clear proxy arp if there were entries in
|
||||
/etc/shorewall/proxyarp the last time that Shorewall was
|
||||
[re]started.
|
||||
|
||||
2) If the log-prefix in a log message exceeded 29 characters,
|
||||
'shorewall restart' fails with 'truncate: command not found' and a
|
||||
possible segmentation fault in iptables.
|
||||
|
||||
3) Log messages specifying a log tag had two spaces appended to the
|
||||
log prefix. This could cause mysterious "log-prefix truncated"
|
||||
messages.
|
||||
|
||||
4) When nested zones were defined in the /etc/shorewall/zones file,
|
||||
shell error messages ( usually '<zone>: not found' ) during
|
||||
compilation resulted.
|
||||
|
||||
5) Use of CONTINUE policies lead to startup errors with a message
|
||||
such as the following:
|
||||
|
||||
Applying Policies...
|
||||
iptables v1.3.7: Couldn't load target
|
||||
`CONTINUE':/usr/local/lib/iptables/libipt_CONTINUE.so: cannot open
|
||||
shared object file: No such file or directory
|
||||
|
||||
Try `iptables -h' or 'iptables --help' for more information.
|
||||
|
||||
ERROR: Command "/sbin/iptables -A net2c148 -j CONTINUE" Failed
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user