Problems corrected in 3.0.7 + +1) Previously, if your kernel did not supply the mangle table FORWARD chain + then "shorewall [re]start" would fail. Now, if your mangle table does + not supply this chain Shorewall will avoid using either that chain or + the mangle table POSTROUTING chain. This change is strictly to stop Shorewall + from blowing up during [re]start on very old kernels (such as 2.4.17 + running on a PS2); if your kernel does not support these chains and you + try to mark packets in either of them using entries in + /etc/shorewall/tcrules, [re]start will fail. + +2) Previously, if there were more than 10 IP addresses on a multi-ISP interface, + some of the routing rules generated by Shorewall were placed after the + default rule which resulted in them not being recognized. + +3) When install.sh is used to install on a Debian or Ubuntu system, the + SUBSYSLOCK option in shorewall.conf was not being cleared. + It will now be cleared, provided that Perl is installed on the system. + +4) When exclusion lists appeared in the /etc/shorewall/tcrules file, the + resulting 'exclusion chains' (whose names begin with 'excl_') were not + deleted as part of 'shorewall [re]start'. This meant that 'refresh' + would fail, either the first or second time that it was done since + the last 'shorewall [re]start'. + +Other changes in 3.0.7 + +None. + ++ + + -2006-02-22 Shorewall moved to Subversion
Effectively today, Shorewall source code repository was migrated to Subversion SCM. @@ -40,6 +79,44 @@ for more information. + + +2006-03-28 Shorewall 3.0.6
+ + +Problems corrected in 3.0.6 + +1) A typo in the output of "help drop" has been corrected. + +2) Previously, 'shorewall start' would fail in the presence of a network + interface named 'inet'. + +3) A shell syntax error was reported when duplicate policies appeared in + /etc/shorewall/policy. + +4) The iptable_nat and iptable_mangle modules were previously omitted + from /etc/shorewall/modules. + +5) If you use SAME or SAME:nodst in the ADDRESS column of /etc/shorewall/masq + and if you set ADD_SNAT_ALIASES=Yes in shorewall.conf, then "shorewall + start" will fail with the error 'Error: an inet prefix is expected rather + than "SAME".'. + +6) Previously, the 'routeback' option was ignored in an entry in the + /etc/shorewall/hosts file that referred to a (set of) bridge port(s). + + Example: + + dmz xenbr0:vif+ routeback + +Other changes in 3.0.6 + +1) A 'refreshed' extension script has been added -- it is executed after + "shorewall refresh" has finished. ++ + + 2006-02-10 Shorewall 3.0.5
diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm index 9824b52ce..625219b0b 100644 --- a/web/shorewall_index.htm +++ b/web/shorewall_index.htm @@ -10,13 +10,13 @@Shoreline Firewall (Shorewall)
-The current Stable Version is 3.0.6 -- Get it from the +
The current Stable Version is 3.0.7 -- Get it from the download sites. Here are the release + href="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.7/releasenotes.txt">release notes and here are the known + href="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.7/known_problems.txt">known problems and updates.
+ href="http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.7/errata/">updates.The current Development Version is 3.2.0 Beta 6 – Get it from the download sites. Here are the release @@ -34,7 +34,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.
-2006-05-05
+2006-05-06
Table of Contents