Don't create fw-><bport> chains and rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-14 19:54:06 +01:00 · 2010-04-16 12:29:51 -07:00 · 2010-04-16 12:29:51 -07:00 · 938cfd7ba4
commit 938cfd7ba4
parent c52a3dcd14
2 changed files with 7 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -25,6 +25,8 @@ Changes in Shorewall 4.4.9

 12) Optimize 8.

+13) Don't create output chains for BPORT zones.
+
 Changes in Shorewall 4.4.8

 1)  Correct handling of RATE LIMIT on NAT rules.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -266,6 +266,11 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
    ending in '+') and would likely also result in invalid
    iptables-restore input.

+9)  Previously, Shorewall would set up infrastructure to handle traffic
+    from the firewall to bport zones. Such infrastructure could never
+    be used. Now, Shorewall avoids setting up these unneeded chains
+    and/or rules.
+
 ----------------------------------------------------------------------------
           I V.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------