From a3ad85d24eb6cd83e0265edd47a10026071a2a8b Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 22 Jul 2002 01:51:19 +0000 Subject: [PATCH] Final 1.3.5 changes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@145 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 11 +++++------ Shorewall/releasenotes.txt | 21 ++++----------------- Shorewall/shorewall.conf | 13 ++++++++----- 3 files changed, 17 insertions(+), 28 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index fb8d074b6..0f9be0027 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,9 +1,8 @@ -Changes since 1.3.3 +Changes since 1.3.4 -1. DETECT_IPADDRS Parameter Added. +1. Empty source and destination qualifiers are now detected in the + rules file. -2. Renamed DETECT_IPADDRS to DETECT_DNAT_IPADDRS +2. Added MERGE_HOSTS variable in shorewall.conf to provide saner + behavior of the /etc/shorewall/hosts file. -3. Correct policy file zone validateion during [re]start. - -4. Add 'routestopped' file. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index bdef299f8..fe196a5ad 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -2,22 +2,9 @@ This is a minor release of Shorewall. In this release: -1. A new /etc/shorewall/routestopped file has been added. This file is - intended to eventually replace the routestopped option in the - /etc/shorewall/interface and /etc/ shorewall/hosts files. This new - file makes remote firewall administration easier by allowing any IP - or subnet to be enabled while Shorewall is stopped. +1. Empty source and destination qualifiers are now detected in the + rules file. -2. An /etc/shorewall/stopped extension script has been added. This - script is invoked after Shorewall has stopped. +2. Added MERGE_HOSTS variable in shorewall.conf to provide saner + behavior of the /etc/shorewall/hosts file. -3. A DETECT_DNAT_ADDRS option has been added to - /etc/shoreall/shorewall.conf. When this option is selected, DNAT - rules only apply when the destination address is the external - interface's primary IP address. - -4. The QuickStart Guide has been broken into three guides and has been - almost entirely rewritten. - -5. The Samples have been updated to reflect the new capabilities in - this release. diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index 998931086..e363db5f1 100755 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -18,7 +18,7 @@ FW=fw # Set this to the name of the lock file expected by your init scripts. For # RedHat, this should be /var/lock/subsys/shorewall. On Debian, it # should be /var/state/shorewall. If your init scripts don't use lock files, -# set -this to "". +# set this to "". # SUBSYSLOCK=/var/lock/subsys/shorewall @@ -274,17 +274,20 @@ DETECT_DNAT_IPADDRS=No # # Interfaces: # -# loc eth2 +# net eth0 +# loc eth1 # - ppp+ # # Hosts: # # loc ppp+:192.168.1.0/24 +# wrk ppp+:!192.168.1.0/24 # -# With MERGE_HOSTS=No or unspecified, the contents of the 'loc' zone -# would be just ppp+:192.168.1.0/24. With MERGE_HOSTS=Yes, the -# contents would be ppp+:192.168.1.0 and eth2:0.0.0.0/0 +# With MERGE_HOSTS=No, the contents of the 'loc' zone would be just +# ppp+:192.168.1.0/24. With MERGE_HOSTS=Yes, the contents would be +# ppp+:192.168.1.0 and eth1:0.0.0.0/0 # +# If this variable is not set or is set to the empty value, "No" is assumed. MERGE_HOSTS=Yes