extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 08:44:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update web site for 3.2.5

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4750 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-28 16:43:09 +00:00
parent 2ed3d8611d
commit 97e5911ee1
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
web/News.htm
View File

@ -20,11 +20,14 @@ Texts. A copy of the license is included in the section entitled “<span
class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
Documentation License</a></span>”.<br>
</p>
<p>October 6, 2006<br>
<p>October 28, 2006<br>
</p>
<hr style="width: 100%; height: 2px;">
<p></p>
<!-- Shorewall Release 3.0.5 -->
<span style="font-weight: bold;">2006-10-28 Shorewall 3.2.5<br>
</span><span style="font-weight: bold;"></span>
<pre>Problems Corrected in 3.2.5<br><br>1) Entries such as the following in /etc/shorewall/masq generate a<br> run-time error:<br><br> eth0 eth1!192.168.1.12 206.124.146.176<br><br> Omitting the exclusion (!192.168.1.12) avoids the error.<br><br>2) Previously, the 'provider' portion of the packet mark was not being<br> cleared after routing for traffic that originates on the firewall<br> itself.<br><br>3) In prior releases, it was not possible to mark an outgoing packet<br> with a high mark (HIGH_ROUTE_MARKS=Yes) when the packet originated<br> on the firewall itself.<br><br>4) The detected capabilities were not displayed by 'shorewall dump'<br> when the effective VERBOSITY was less than 2.<br><br>Other changes in 3.2.5<br><br>1) For users whose kernel and iptables have Extended MARK Target<br> support, it is now possible to logically AND or OR a value into the<br> current packet mark by preceding the mark value (and optional mask)<br> with an ampersand ("&amp;") or vertical bar ("|") respectively.<br><br> Example: To logically OR the value 4 into the mark value for<br> packets from 192.168.1.1:<br><br> #MARK SOURCE<br> |4 192.168.1.1<br><br>2) A new macro (macro.RDP) has been added for Microsoft Remote<br> Desktop. This macro was contributed by Tuomo Soini.<br><br>3) A new 'maclog' extension file has been added. This file is<br> processed just before logging based on the setting of<br> MACLIST_LOG_LEVEL is done. When the script is copyied at compile<br> time, the CHAIN variable will contain the name of the chain where<br> rules should be inserted. Remember that if you have specified<br> MACLIST_TABLE=mangle, then your run_iptables commands should<br> include "-t mangle".<br><br>4) Beginning with this release, Shorewall and Shorewall lite will<br> share the same change log and release notes.<br></pre>
<span style="font-weight: bold;">2006-10-6 Shorewall 3.0.9<br>
</span><span style="font-weight: bold;"></span>
<pre>Problems corrected in 3.0.9<br><br>1) When using a light-weight shell like ash or dash, "shorewall<br> [re]start" fails when using the built-in traffic shaper. The error<br> messages resemble these:<br><br> local: 3: eth0:: bad variable name<br> ERROR: Command "tc class add dev eth0 parent 1: classid 1:1 htb rate 800kbit mtu" Failed<br><br>2) The output formating of the 'hits' command under BusyBox 1.2.0 has<br> been corrected.<br><br>3) In prior versions, setting 'mss=' in /etc/shorewall/zones did not<br> affect traffic to/from the firewall zone. That has been corrected.<br><br>4) Previously, using IP address ranges in the accounting file could<br> cause non-fatal iptables errors during shorewall [re]start.<br><br>Other changes in 3.0.9<br><br>1) It is now possible to use the special value 'detect' in the ADDRESS<br> column of /etc/shorewall/masq. This allows you to specify SNAT (as<br> opposed to MASQUERADE) without having to know the ip address of the<br> external interface. Shorewall must be restarted each time that the<br> external address (the address of the interface named in the<br> INTERFACE column) changes.<br><br>2) Experimental optimization for PPP devices has been added to the<br> providers file. If you omit the GATEWAY column for a ppp device (or<br> enter "-" in the column) then Shorewall will generate routes<br> for the named INTERFACE that do not specify a gateway IP address<br> (the peer address will be assumed).<br><br>3) Normally, Shorewall tries to protect users from themselves by<br> preventing PREROUTING and OUTPUT tcrules from being applied to<br> packets that have been marked by the 'track' option in<br> /etc/shorewall/providers.<br><br> If you really know what you are doing and understand packet marking<br> thoroughly, you can set TC_EXPERT=Yes in shorewall.conf and<br> Shorewall will not include these cautionary checks.<br><br>4) Previously, CLASSIFY tcrules were always processed out of the<br> POSTROUTING chain. Beginning with this release, they are processed<br> out of the POSTROUTING chain *except* when the SOURCE is<br> $FW[:&lt;address&gt;] in which case the rule is processed out of the<br> OUTPUT chain.<br></pre>

10
web/shorewall_index.htm
View File

@ -20,7 +20,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with
no Back-Cover Texts. A copy of the license is included in the section
entitled “<a href="GnuCopyright.htm" target="_self">GNU Free
Documentation License</a>”.</p>
<p>2006-10-19</p>
<p>2006-10-28</p>
<hr>
<h2>Table of Contents</h2>
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction
@ -104,17 +104,17 @@ Features page</a>.<br>
<h3><a name="Releases"></a>Current Shorewall Versions</h3>
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current
Stable Release</span> version
is&nbsp; 3.2.4<br>
is&nbsp; 3.2.5<br>
</p>
<ul style="margin-left: 40px;">
<li>Here are the <a
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/releasenotes.txt">release
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/releasenotes.txt">release
notes</a> <br>
</li>
<li>Here are the <a
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/known_problems.txt">known
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/known_problems.txt">known
problems</a> and <a
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/">updates</a>.</li>
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/errata/">updates</a>.</li>
</ul>
<div style="margin-left: 40px;">The <span style="font-weight: bold;">previous
Stable Release</span> version is 3.0.9<br>