From 706d40dfdab2f489f6cdc2cf1ab49db08e806dd8 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 26 Aug 2010 10:43:19 -0700 Subject: [PATCH] Document fix for blacklist exclusion Signed-off-by: Tom Eastep --- Shorewall/changelog.txt | 2 ++ Shorewall/known_problems.txt | 5 +++++ Shorewall/releasenotes.txt | 3 +++ 3 files changed, 10 insertions(+) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index eb80ab559..5f7eb24d1 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in Shorewall 4.4.11.4 2) Fix REQUIRE_INTERFACE=Yes +3) Fix exclusion in the blacklist file + Changes in Shorewall 4.4.11.3 1) Fix duplicate rule generation with 'any'. diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index 857730347..7d15cd06d 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -107,3 +107,8 @@ do not work as expected. Workaround: Do not use exclusion with CONTINUE. + +16) Exclusion in blacklist file entries is correctly validated but is + then ignored when generating iptables (ip6tables) input. + + Workaround: Do not use exclusion in the blacklist file. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ca0f0e88a..8f85dee09 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -245,6 +245,9 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E 3) AUTOMAKE=Yes has been broken for some time. It is now working correctly. +4) Exclusion in /etc/shorewall/blacklist was correctly validated but + was then ignored when generating iptables (ip6tables) input. + 4.4.11.2 1) A typo in /sbin/shorewall6-lite version 4.4.11.1 caused the