Final 1.3.5 changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@145 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-09 15:18:12 +01:00 · 2002-07-22 01:51:19 +00:00 · 2002-07-22 01:51:19 +00:00 · a3ad85d24e
commit a3ad85d24e
parent 90e2520f1c
3 changed files with 17 additions and 28 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,9 +1,8 @@
-Changes since 1.3.3
+Changes since 1.3.4

-1. DETECT_IPADDRS Parameter Added.
+1. Empty source and destination qualifiers are now detected in the
+   rules file.

-2. Renamed DETECT_IPADDRS to DETECT_DNAT_IPADDRS
+2. Added MERGE_HOSTS variable in shorewall.conf to provide saner
+   behavior of the /etc/shorewall/hosts file.

-3. Correct policy file zone validateion during [re]start.
-
-4. Add 'routestopped' file. 
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -2,22 +2,9 @@ This is a minor release of Shorewall.

 In this release:

-1. A new /etc/shorewall/routestopped file has been added. This file is 
-   intended to eventually replace the routestopped option in the 
-   /etc/shorewall/interface and /etc/ shorewall/hosts files. This new 
-   file makes remote firewall administration easier by allowing any IP 
-   or subnet to be enabled while Shorewall is stopped.
+1. Empty source and destination qualifiers are now detected in the
+   rules file.

-2. An /etc/shorewall/stopped extension script has been added. This 
-   script is invoked after Shorewall has stopped.
+2. Added MERGE_HOSTS variable in shorewall.conf to provide saner
+   behavior of the /etc/shorewall/hosts file.

-3. A DETECT_DNAT_ADDRS option has been added to 
-   /etc/shoreall/shorewall.conf. When this option is selected, DNAT 
-   rules only apply when the destination address is the external
-   interface's primary IP address.
-
-4. The QuickStart Guide has been broken into three guides and has been
-   almost entirely rewritten.
-
-5. The Samples have been updated to reflect the new capabilities in
-   this release.
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@ -18,7 +18,7 @@ FW=fw
 # Set this to the name of the lock file expected by your init scripts. For
 # RedHat, this should be /var/lock/subsys/shorewall. On Debian, it
 # should be /var/state/shorewall. If your init scripts don't use lock files,
-# set -this to "".
+# set this to "".
 #

 SUBSYSLOCK=/var/lock/subsys/shorewall
@ -274,17 +274,20 @@ DETECT_DNAT_IPADDRS=No
 #
 # Interfaces:
 #
-#	loc	eth2	
+#	net	eth0
+#	loc	eth1	
 #	-	ppp+
 #
 # Hosts:
 #
 #	loc	ppp+:192.168.1.0/24
+#	wrk	ppp+:!192.168.1.0/24
 #
-# With MERGE_HOSTS=No or unspecified, the contents of the 'loc' zone
-# would be just ppp+:192.168.1.0/24. With MERGE_HOSTS=Yes, the
-# contents would be ppp+:192.168.1.0 and eth2:0.0.0.0/0
+# With MERGE_HOSTS=No, the contents of the 'loc' zone would be just
+# ppp+:192.168.1.0/24. With MERGE_HOSTS=Yes, the contents would be
+# ppp+:192.168.1.0 and eth1:0.0.0.0/0
 #
+# If this variable is not set or is set to the empty value, "No" is assumed.

 MERGE_HOSTS=Yes