diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 7c49c5275..0c7ef4a98 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -1,3 +1,7 @@ +Changes in 3.9.7 + +1) Clean up release notes. + Changes in 3.9.6 1) Fix parsing problems in protocol handling. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index ee921285d..b21875e53 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.9.6 +Shorewall 3.9.7 ---------------------------------------------------------------------------- R E L E A S E H I G H L I G H T S ---------------------------------------------------------------------------- @@ -15,111 +15,13 @@ Shorewall 3.9.6 You must install Shorewall and at least one of the compiler packages (you may install them both). -Problems corrected in 3.9.6. +Problems corrected in 3.9.7. -1) Placing 'ipp2p' in the PROTOCOL column of configuration files now - works. +None. -2) Previously, '!' in the TEST column of the tcrules file was not - handled correctly. - -3) The code generated for copying routing tables from provider file - entries was previously incorrect, resulting in run-time errors. - -4) Previously, using an ipset in a rule would generate invalid - iptables-restore input. - -5) Previously, use of CONTINUE in the tcrules file would cause - generation of invalid iptables-restore input. - -6) If a chain's only reference is in the ACTION column of an - accounting rule, a run-time error would occur: - - iptables-restore v1.3.6: Couldn't load target - `SJS':/lib/iptables/libipt_SJS.so: cannot open shared object file: No such - file or directory - -7) A problem with merging the log level and tag in macro or action - invocations has been corrected. - -8) An empty action body no longer results in a run-time error. - -9) Shorewall-perl now traps the case where an action invokes itself. - -10) Shorewall-perl now traps COMMENT followed by a colon (":") and a - log level. - -11) COMMENT in an action body is now properly handled. - -12) LOG rules in macros are now handled correctly. - -13) Parsing of 'ipp2p' rules has been corrected. - -14) Inversion is now handled correctly in packet/connection mark tests. - -15) Parsing errors in RATE/BURST and USER/GROUP columns have been - eliminated. - -16) ipsets have now been tested and several bugs in their handling have - been corrected. - -17) Errors in handling the SOURCE and DEST column during macro - expansion have been corrected. - -18) The correct mask is now used when testing HIGH_ROUTE_MARK marks. - -19) Shorewall-perl now correctly handles the COPY column in provider - definitions. - -20) A number of cases where Shorewall-perl did not handle undefined - zones have been corrected. - -21) A number of bugs relating to parsing the tunnels file have been - corrected. - Other changes in Shorewall 3.9.6. -1) Eariler generations of Shorewall Lite required that remote root - login via ssh be enabled in order to use the 'load' and 'reload' - commands. - - Beginning with this release, you may define an alternative means - for accessing the remote firewall system. - - Two new options have been added to shorewall.conf: - - RSH_COMMAND - RCP_COMMAND - - The default values for these are as follows: - - RSH_COMMAND: ssh ${root}@${system} ${command} - RCP_COMMAND: scp ${files} ${root}@${system}:${destination} - - Shell variables that will be set when the commands are envoked are - as follows: - - root - root user. Normally 'root' but may be overridden using - the '-r' option. - - system - The name/IP address of the remote firewall system. - - command - For RSH_COMMAND, the command to be executed on the - firewall system. - - files - For RCP_COMMAND, a space-separated list of files to - be copied to the remote firewall system. - - destination - The directory on the remote system that the files - are to be copied into. - -2) The accounting, masq, rules and tos files now have a 'MARK' column - similar to the column of the same name in the tcrules file. This - column allows filtering by MARK and CONNMARK value. - -3) SOURCE and DEST are now reserved zone names to avoid problems with - bi-directional macro definisions which use these as names as key - words. +None. Migration Considerations: @@ -453,6 +355,48 @@ Migration Considerations: option Keep - Shorewall ignores the option entirely. +6) Eariler generations of Shorewall Lite required that remote root + login via ssh be enabled in order to use the 'load' and 'reload' + commands. + + Beginning with this release, you may define an alternative means + for accessing the remote firewall system. + + Two new options have been added to shorewall.conf: + + RSH_COMMAND + RCP_COMMAND + + The default values for these are as follows: + + RSH_COMMAND: ssh ${root}@${system} ${command} + RCP_COMMAND: scp ${files} ${root}@${system}:${destination} + + Shell variables that will be set when the commands are envoked are + as follows: + + root - root user. Normally 'root' but may be overridden using + the '-r' option. + + system - The name/IP address of the remote firewall system. + + command - For RSH_COMMAND, the command to be executed on the + firewall system. + + files - For RCP_COMMAND, a space-separated list of files to + be copied to the remote firewall system. + + destination - The directory on the remote system that the files + are to be copied into. + +7) The accounting, masq, rules and tos files now have a 'MARK' column + similar to the column of the same name in the tcrules file. This + column allows filtering by MARK and CONNMARK value. + +8) SOURCE and DEST are now reserved zone names to avoid problems with + bi-directional macro definitions which use these as names as key + words. + ---------------------------------------------------------------------------- P R E R E Q U I S I T E S ----------------------------------------------------------------------------