Fix CONTINUE policy bug and document other changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5525 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-14 19:33:31 +00:00
parent f107620ef8
commit 6cc17e8a32
3 changed files with 41 additions and 9 deletions

View File

@ -2,6 +2,12 @@ Changes in 3.4.1
1) Add rest of proxy arp fix. 1) Add rest of proxy arp fix.
2) Fix two problems with log-prefix handling.
3) Nested Zones produced shell errors.
4) CONTINUE policies generated invalid iptables input.
Changes in 3.4.0 Final Changes in 3.4.0 Final
1) Add missing logic for "!" rules. 1) Add missing logic for "!" rules.

View File

@ -486,7 +486,7 @@ validate_policy()
eval parents=\$${zone}_parents eval parents=\$${zone}_parents
if [ -n "$parents" ]; then if [ -n "$parents" ]; then
for zone1 in $ZONES $FW; do for zone1 in $ZONES $FW; do
if $zone != $zone1; then if [ $zone != $zone1 ]; then
chain=${zone}2${zone1} chain=${zone}2${zone1}
eval ${chain}_is_policy=Yes eval ${chain}_is_policy=Yes
eval ${chain}_is_optional=Yes eval ${chain}_is_optional=Yes
@ -3067,6 +3067,8 @@ policy_rules() # $1 = chain to add rules to
REJECT) REJECT)
run_iptables -A $1 -j reject run_iptables -A $1 -j reject
;; ;;
CONTINUE)
;;
*) *)
run_iptables -A $1 -j $target run_iptables -A $1 -j $target
;; ;;

View File

@ -39,6 +39,30 @@ Problems Corrected in 3.4.1
/etc/shorewall/proxyarp the last time that Shorewall was /etc/shorewall/proxyarp the last time that Shorewall was
[re]started. [re]started.
2) If the log-prefix in a log message exceeded 29 characters,
'shorewall restart' fails with 'truncate: command not found' and a
possible segmentation fault in iptables.
3) Log messages specifying a log tag had two spaces appended to the
log prefix. This could cause mysterious "log-prefix truncated"
messages.
4) When nested zones were defined in the /etc/shorewall/zones file,
shell error messages ( usually '<zone>: not found' ) during
compilation resulted.
5) Use of CONTINUE policies lead to startup errors with a message
such as the following:
Applying Policies...
iptables v1.3.7: Couldn't load target
`CONTINUE':/usr/local/lib/iptables/libipt_CONTINUE.so: cannot open
shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
ERROR: Command "/sbin/iptables -A net2c148 -j CONTINUE" Failed
Migration Considerations: Migration Considerations:
If you are migrating from a Shorewall version earlier than 3.2.0 then If you are migrating from a Shorewall version earlier than 3.2.0 then