extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-01 14:45:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Document duplicate policy detection change

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6972 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-27 04:25:56 +00:00
parent 48b993f0cf
commit 7a6ac0a561
3 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -14,6 +14,8 @@ Changes in 4.0.1
7) Be sure that chkconfig runs after upgrade from < 4.0.0 7) Be sure that chkconfig runs after upgrade from < 4.0.0
8) Better out-of-order policy detection.
Changes in 4.0.0 Final Changes in 4.0.0 Final
1) Fix lite install.sh manpage problem. 1) Fix lite install.sh manpage problem.

14
Shorewall-common/releasenotes.txt
View File

@ -73,6 +73,12 @@ Problems corrected in 4.0.1.
4.0.0. Previously, Shorewall was not started automatically after an 4.0.0. Previously, Shorewall was not started automatically after an
upgrade using the RPM. upgrade using the RPM.
9) Shorewall-perl now detects dead policy file entries that result
when an entry is masked by an earlier entry. Example:
all all REJECT info
loc net ACCEPT
Other changes in Shorewall 4.0.1. Other changes in Shorewall 4.0.1.
1) A new EXPAND_POLICIES option is added to shorewall.conf. The 1) A new EXPAND_POLICIES option is added to shorewall.conf. The
@ -670,6 +676,14 @@ Migration Considerations:
w) The PKTTYPE option is ignored by Shorewall-perl. Shorewall-perl w) The PKTTYPE option is ignored by Shorewall-perl. Shorewall-perl
will use Address type match if it is available; otherwise, it will use Address type match if it is available; otherwise, it
will behave as if PKTTYPE=No had been specified. will behave as if PKTTYPE=No had been specified.
x) Shorewall-perl detects dead policy file entries that result
when an entry is masked by an earlier more general
entry. Example:
all all REJECT info
loc net ACCEPT
------------------------------------------------------------------------ ------------------------------------------------------------------------
P R E R E Q U I S I T E S P R E R E Q U I S I T E S
------------------------------------------------------------------------ ------------------------------------------------------------------------

11
docs/Shorewall-perl.xml
View File

@ -491,6 +491,17 @@ eth0 eth1:!192.168.4.9 ...</programlisting></para>
available; otherwise, they will behave as if PKTTYPE=No had been available; otherwise, they will behave as if PKTTYPE=No had been
specified.</para> specified.</para>
</listitem> </listitem>
<listitem>
<para> Shorewall-perl detects dead policy file entries that result
when an entry is masked by an earlier more general entry.</para>
<para>Example:</para>
<programlisting>#SOURCE DEST POLICY LOG LEVEL
all all REJECT info
loc net ACCEPT</programlisting>
</listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>