1.3.11 release changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@338 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-11-24 19:23:31 +00:00
parent 9a8d39bdd5
commit aff32b8269
6 changed files with 34 additions and 63 deletions

View File

@ -1,44 +1,17 @@
Changes since 1.3.9
Changes since 1.3.10
1. Fix dumb bug in 1.3.9 Tunnel Handling.
1. Added TCP flags checking.
2. First implementaiton of dynamic zones.
2. Accomodate bash clones like dash and ash
3. Corrections to Dynamic Zones.
3. Added some comments in the policy chain creation/population logic.
4. More fixes for Dynamic Zones.
4. Check for fw->fw rules.
5. Correct a typo in an error message.
5. Allow 'all' in rules.
6. Fix rule insertion algorithms for Dynamic Zones.
6. Add reverse GRE rules for PPTP server and clients.
7. Optimize dynamic zones code
8. Remove iptables 1.2.7 hacks.
9. Fix dumb typo in 1.3.9 (recalculate_interfacess)
10. Add PATH assignment to the install script
11. Correct 'functions' file handling in the install script.
12. Add ipsecnat tunnel type.
13. Correct typo in the shorewall.spec file.
14. Add support for PPTP client and server to the tunnels file.
15. Move the main firewall script to /usr/lib/shorewall
16. Allow SNAT using primary IP and ADD_SNAT_ALIASES=Yes
17. Add MAC verificaiton
18. Conserve space by removing comment decorations.
19. Improve comments in interfaces file re: use of aliases
20. Clear nat and mangle counters during 'shorewall reset'
21. Verify interface names in the SOURCE column of /etc/shorewall/tcrules
7. Add warning to tcrules file.
8. Add warning to policy file that fw->fw policies aren't allowed.

View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=1.3.10
VERSION=1.3.11
usage() # $1 = exit status
{

View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall.
#
VERSION=1.3.10
VERSION=1.3.11
usage() # $1 = exit status
{

View File

@ -1,27 +1,23 @@
This is a minor release of Shorewall that has a number of new features..
This is a minor release of Shorewall that has a couple of new features.
New features include:
1) You may now define the contents of a zone dynamically with the
"shorewall add" and "shorewall delete" commands. These commands
are expected to be used primarily within FreeS/Wan updown scripts.
2) Shorewall can now do MAC verification on ethernet segments. You can
specify the set of allowed MAC addresses on the segment and you can
optionally tie each MAC address to an IP address.
3) PPTP Servers and Clients running on the firewall system may now be
defined in the /etc/shorewall/tunnels file.
1) A 'tcpflags' option has been added to entries in
/etc/shorewall/interfaces. This option causes Shorewall to make a
set of sanity check on TCP packet header flags.
2) It is now allowed to use 'all' in the SOURCE or DEST column in a
rule. When used, 'all' must appear by itself (in may not be
qualified) and it does not enable intra-zone traffic (e.g., the rule
"ACCEPT loc all tcp 80" does not enable http traffic from
'loc' to 'loc').
3) Shorewall's use of the 'echo' command is now compatible with bash
clones such as ash and dash.
4) fw->fw policies now generate a startup error. fw->fw rules generate
a warning and are ignored.
4) A new 'ipsecnat' tunnel type is supported for use when the remote
IPSEC endpoint is behind a NAT gateway.
5) The PATH used by Shorewall may now be specified in
/etc/shorewall/shorewall.conf.
6) The main firewall script is now /usr/lib/shorewall/firewall. The
script in /etc/init.d/shorewall is very small and uses
/sbin/shorewall to do the real work. This change makes custom
distributions such as for Debian and for Gentoo easier to manage
since it is /etc/init.d/shorewall that tends to have
distribution-dependent code.

View File

@ -1,5 +1,5 @@
%define name shorewall
%define version 1.3.10
%define version 1.3.11
%define release 1
%define prefix /usr
@ -101,6 +101,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog
* Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.11
* Sat Nov 09 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.10
* Wed Oct 23 2002 Tom Eastep <tom@shorewall.net>

View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall
VERSION=1.3.10
VERSION=1.3.11
usage() # $1 = exit status
{