mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
1.3.11 release changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@338 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9a8d39bdd5
commit
aff32b8269
@ -1,44 +1,17 @@
|
||||
Changes since 1.3.9
|
||||
Changes since 1.3.10
|
||||
|
||||
1. Fix dumb bug in 1.3.9 Tunnel Handling.
|
||||
1. Added TCP flags checking.
|
||||
|
||||
2. First implementaiton of dynamic zones.
|
||||
2. Accomodate bash clones like dash and ash
|
||||
|
||||
3. Corrections to Dynamic Zones.
|
||||
3. Added some comments in the policy chain creation/population logic.
|
||||
|
||||
4. More fixes for Dynamic Zones.
|
||||
4. Check for fw->fw rules.
|
||||
|
||||
5. Correct a typo in an error message.
|
||||
5. Allow 'all' in rules.
|
||||
|
||||
6. Fix rule insertion algorithms for Dynamic Zones.
|
||||
6. Add reverse GRE rules for PPTP server and clients.
|
||||
|
||||
7. Optimize dynamic zones code
|
||||
|
||||
8. Remove iptables 1.2.7 hacks.
|
||||
|
||||
9. Fix dumb typo in 1.3.9 (recalculate_interfacess)
|
||||
|
||||
10. Add PATH assignment to the install script
|
||||
|
||||
11. Correct 'functions' file handling in the install script.
|
||||
|
||||
12. Add ipsecnat tunnel type.
|
||||
|
||||
13. Correct typo in the shorewall.spec file.
|
||||
|
||||
14. Add support for PPTP client and server to the tunnels file.
|
||||
|
||||
15. Move the main firewall script to /usr/lib/shorewall
|
||||
|
||||
16. Allow SNAT using primary IP and ADD_SNAT_ALIASES=Yes
|
||||
|
||||
17. Add MAC verificaiton
|
||||
|
||||
18. Conserve space by removing comment decorations.
|
||||
|
||||
19. Improve comments in interfaces file re: use of aliases
|
||||
|
||||
20. Clear nat and mangle counters during 'shorewall reset'
|
||||
|
||||
21. Verify interface names in the SOURCE column of /etc/shorewall/tcrules
|
||||
7. Add warning to tcrules file.
|
||||
|
||||
8. Add warning to policy file that fw->fw policies aren't allowed.
|
||||
|
@ -28,7 +28,7 @@
|
||||
# shown below. Simply run this script to revert to your prior version of
|
||||
# Shoreline Firewall.
|
||||
|
||||
VERSION=1.3.10
|
||||
VERSION=1.3.11
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -54,7 +54,7 @@
|
||||
# /etc/rc.d/rc.local file is modified to start the firewall.
|
||||
#
|
||||
|
||||
VERSION=1.3.10
|
||||
VERSION=1.3.11
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
@ -1,27 +1,23 @@
|
||||
This is a minor release of Shorewall that has a number of new features..
|
||||
This is a minor release of Shorewall that has a couple of new features.
|
||||
|
||||
New features include:
|
||||
|
||||
1) You may now define the contents of a zone dynamically with the
|
||||
"shorewall add" and "shorewall delete" commands. These commands
|
||||
are expected to be used primarily within FreeS/Wan updown scripts.
|
||||
|
||||
2) Shorewall can now do MAC verification on ethernet segments. You can
|
||||
specify the set of allowed MAC addresses on the segment and you can
|
||||
optionally tie each MAC address to an IP address.
|
||||
|
||||
3) PPTP Servers and Clients running on the firewall system may now be
|
||||
defined in the /etc/shorewall/tunnels file.
|
||||
1) A 'tcpflags' option has been added to entries in
|
||||
/etc/shorewall/interfaces. This option causes Shorewall to make a
|
||||
set of sanity check on TCP packet header flags.
|
||||
|
||||
2) It is now allowed to use 'all' in the SOURCE or DEST column in a
|
||||
rule. When used, 'all' must appear by itself (in may not be
|
||||
qualified) and it does not enable intra-zone traffic (e.g., the rule
|
||||
"ACCEPT loc all tcp 80" does not enable http traffic from
|
||||
'loc' to 'loc').
|
||||
|
||||
3) Shorewall's use of the 'echo' command is now compatible with bash
|
||||
clones such as ash and dash.
|
||||
|
||||
4) fw->fw policies now generate a startup error. fw->fw rules generate
|
||||
a warning and are ignored.
|
||||
|
||||
|
||||
|
||||
|
||||
4) A new 'ipsecnat' tunnel type is supported for use when the remote
|
||||
IPSEC endpoint is behind a NAT gateway.
|
||||
|
||||
5) The PATH used by Shorewall may now be specified in
|
||||
/etc/shorewall/shorewall.conf.
|
||||
|
||||
6) The main firewall script is now /usr/lib/shorewall/firewall. The
|
||||
script in /etc/init.d/shorewall is very small and uses
|
||||
/sbin/shorewall to do the real work. This change makes custom
|
||||
distributions such as for Debian and for Gentoo easier to manage
|
||||
since it is /etc/init.d/shorewall that tends to have
|
||||
distribution-dependent code.
|
||||
|
@ -1,5 +1,5 @@
|
||||
%define name shorewall
|
||||
%define version 1.3.10
|
||||
%define version 1.3.11
|
||||
%define release 1
|
||||
%define prefix /usr
|
||||
|
||||
@ -101,6 +101,8 @@ fi
|
||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||
|
||||
%changelog
|
||||
* Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>
|
||||
- Changes version to 1.3.11
|
||||
* Sat Nov 09 2002 Tom Eastep <tom@shorewall.net>
|
||||
- Changes version to 1.3.10
|
||||
* Wed Oct 23 2002 Tom Eastep <tom@shorewall.net>
|
||||
|
@ -26,7 +26,7 @@
|
||||
# You may only use this script to uninstall the version
|
||||
# shown below. Simply run this script to remove Seattle Firewall
|
||||
|
||||
VERSION=1.3.10
|
||||
VERSION=1.3.11
|
||||
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user