From 9fcba863fea276d39cf51bda9867937e04fed578 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 26 Mar 2007 20:23:09 +0000 Subject: [PATCH] Downgrade requirement from XMULTIPORT to MULTIPORT git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5703 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/compiler.pl | 4 ++-- New/releasenotes.txt | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/New/compiler.pl b/New/compiler.pl index 3936065a6..f91017269 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -593,8 +593,8 @@ sub compile_firewall( $ ) { fatal_error join( '', 'Shorewall-pl ', $env{VERSION}, ' requires Conntrack Match Support' ) unless $capabilities{CONNTRACK_MATCH}; - fatal_error join ( '', 'Shorewall-pl ', $env{VERSION}, ' requires Extended Multi-port Match Support' ) - unless $capabilities{XMULTIPORT}; + fatal_error join ( '', 'Shorewall-pl ', $env{VERSION}, ' requires Multi-port Match Support' ) + unless $capabilities{MULTIPORT}; fatal_error join( '', 'Shorewall-pl ', $env{VERSION}, ' requires Address Type Match Support' ) unless $capabilities{ADDRTYPE}; fatal_error 'MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables' diff --git a/New/releasenotes.txt b/New/releasenotes.txt index 85f7492e9..0ab3e1ff1 100644 --- a/New/releasenotes.txt +++ b/New/releasenotes.txt @@ -47,10 +47,20 @@ a) The Perl-based compiler requires the following capabilities in your - addrtype match - conntrack match - - extended multiport match + - multiport match These capabilities are in current distributions. + The Bourne-shell compiler goes to great pain (in some cases) to + break very long port lists ( > 15 where port ranges in lists count + as two ports) into individual rules. I'm removing the ugliness + required to do that (at least initially). The new compiler just + gives you an error. It will also give you an error if you insert a + port range into a port list and you don't have extended multiport + support. Now that Netfilter has features to deal reasonably with + port lists, I see no reason to duplicate those features in + Shorewall. + b) BRIDGING=Yes is not supported. The kernel code necessary to support this option was removed in Linux kernel 2.6.20.