extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-15 19:01:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

News update for 4.0.1

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6977 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-28 00:23:52 +00:00
parent 3dfc4bf0ef
commit 8ea3e53154
1 changed files with 90 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
web/News.htm
View File

@ -24,8 +24,96 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br>
</p>
<p>July 15, 200<br>
</p>
<p>July 20, 2007</p>
<hr style="width: 100%; height: 2px;">
<p><strong>2007-07-27 Shorewall 4.0.1</strong></p>
<pre>Problems corrected in 4.0.1.
1) The Shorewall Lite installer was producing an empty shorewall-lite
manpage. Since the installer runs as part of creating the RPM, the
RPM also suffered from this problem. The 4.0.0 Shorewall-lite
packages were re-uploaded with this problem corrected.
2) The Shorewall Lite uninstaller incorrectly removed /sbin/shorewall
rather than /sbin/shorewall-lite.
3) Both the Shorewall and Shorewall Lite uninstallers did a "shorewall
clear" if Shorewall [Lite] was running. Now, the Shorewall Lite
uninstaller correctly does "shorewall-lite clear" and both
uninstallers only perform the 'clear' operation if the other
product is not installed. This prevents the removal of one of the
two products from clearing the firewall configuration established
by the other one.
4) The 'ipsec' OPTION in /etc/shorewall/hosts was mis-handled by
Shorewall-perl. If the zone type was changed to 'ipsec' or
'ipsec4' and the 'ipsec' option removed from the hosts file entry,
the configuration worked properly.
5) If a CLASSID was specified in a tcrule and TC_ENABLED=No, then
Shorewall-perl produced the following:
Compiling...
Use of uninitialized value in string ne at /usr/share/shorewall-perl/Shorewall/Tc.pm line 285, &lt;$currentfile&gt; line 18.
ERROR: Class Id n:m is not associated with device eth0 : /etc/shorewall/tcrules (line 18)
6) If IPTABLES was not specified in shorewall.conf, Shorewall-perl was
locating the binary using the PATH environmental variable rather
than the PATH setting in shorewall.conf. If no PATH was available
when Shorewall-perl was run and IPTABLES was not set in
shorewall.conf, the following messages were issued:
Use of uninitialized value in split at /usr/share/shorewall-perl/Shorewall/Config.pm line 1054.
ERROR: Can't find iptables executable
ERROR: Shorewall restart failed
7) If the "Mangle FORWARD Chain" capability was supported, entries in
the /etc/shorewall/ecn file would cause invalid iptables commands
to be generated. This problem occurred with both compilers.
8) Shorewall now starts at reboot after an upgrade from shorewall &lt;
4.0.0. Previously, Shorewall was not started automatically at
reboot after an upgrade using the RPMs.
9) Shorewall-perl was generating invalid iptables-restore input when a
log level was specified with the dropBcast and allowBcast builtin
actions and when a log level followed by '!' was used with any
builtin actions.
Other changes in Shorewall 4.0.1.
1) A new EXPAND_POLICIES option is added to shorewall.conf. The
option is recognized by Shorewall-perl and is ignored by
Shorewall-shell.
Normally, when the SOURCE or DEST columns in shorewall-policy(5)
contains 'all', a single policy chain is created and the policy is
inforced in that chain. For example, if the policy entry is
#SOURCE DEST POLICY LOG
# LEVEL
net all DROP info
then the chain name is 'net2all' which is also the chain named in
Shorewall log messages generated as a result of the policy. If
EXPAND_POLICIES=Yes, then Shorewall-perl will create a separate
chain for each pair of zones covered by the policy. This makes the
resulting log messages easier to interpret since the chain in the
messages will have a name of the form 'a2b' where 'a' is the SOURCE
zone and 'b' is the DEST zone. See
http://linuxman.wikispaces.com/PPPPPPS for more information.
2) The Shorewall-perl dependency on the "Address Type Match"
capability has been relaxed. This allows Shorewall 4.0.1 to be used
on releases like RHEL4 that don't support that capability.
3) Shorewall-perl now detects dead policy file entries that result
when an entry is masked by an earlier entry. Example:
all all REJECT info
loc net ACCEPT
</pre>
<hr style="width: 100%; height: 2px;">
<p><strong>2007-07-20 Shorewall 4.0.0</strong></p>