mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 04:04:10 +01:00
Shorewall 2.0.0 Beta3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1153 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
36fb7fa62b
commit
b1a544a107
@ -46,3 +46,5 @@ Changes since 1.4.10
|
||||
22) Added DISABLE_IPV6 option.
|
||||
|
||||
23) Allow rate limiting on CONTINUE and REJECT.
|
||||
|
||||
24) Move rfc1918 to /usr/share/shorewall
|
||||
|
||||
@ -926,7 +926,8 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
|
||||
eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"'
|
||||
;;
|
||||
*)
|
||||
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"'
|
||||
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level \
|
||||
--log-prefix '"$(printf "$LOGFORMAT" $chain $rulenum $disposition)"'
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -943,7 +944,8 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = disposition , $4 = rate limi
|
||||
eval iptables -A $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"'
|
||||
;;
|
||||
*)
|
||||
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"'
|
||||
eval iptables -A $chain $@ $limit -j LOG $LOGPARMS --log-level $level \
|
||||
--log-prefix '"$(printf "$LOGFORMAT" $chain $disposition)"'
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
@ -1,9 +1,16 @@
|
||||
Shorewall 2.0.0-Beta2
|
||||
Shorewall 2.0.0-Beta3
|
||||
|
||||
----------------------------------------------------------------------
|
||||
Problems Corrected since prior version.
|
||||
|
||||
None - this is the initial release.
|
||||
1) A blank USER/GROUP column in /etc/shorewall/tcrules no longer causes
|
||||
a [re]start error.
|
||||
|
||||
2) The 'fgrep' utility is no longer required (caused startup problems
|
||||
on LEAF/Bering).
|
||||
|
||||
3) The "shorewall add" command no longer inserts rules before checking
|
||||
of the blacklist.
|
||||
-----------------------------------------------------------------------
|
||||
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
||||
|
||||
@ -27,7 +34,8 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
||||
/etc/shorewall/common.def
|
||||
/etc/shorewall/common
|
||||
/etc/shorewall/icmpdef
|
||||
/etc/shorewall/action.template
|
||||
/etc/shorewall/action.template (Moved to /usr/share/shorewall)
|
||||
/etc/shorewall/rfc1918 (Moved to /usr/share/shorewall).
|
||||
|
||||
The /etc/shorewall/action file now allows an action to be
|
||||
designated as the "common" action for a particular policy type by
|
||||
@ -132,6 +140,13 @@ Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
||||
column of /etc/shorewall/rules -- you must use the RATE LIMIT
|
||||
column.
|
||||
|
||||
7) Depending on which method you use to upgrade, if you have your own
|
||||
version of /etc/shorewall/rfc1918, you may have to take special
|
||||
action to restore it after the upgrade. Look for
|
||||
/etc/shorewall/rfc1918*, locate the proper file and rename it back
|
||||
to /etc/shorewall/rfc1918. The contents of that file will supercede
|
||||
the contents of /usr/share/shorewall/rfc1918.
|
||||
|
||||
New Features:
|
||||
|
||||
1) The INCLUDE directive now allows absolute file names.
|
||||
|
||||
@ -54,29 +54,11 @@
|
||||
# <action> -- The name of an action defined in
|
||||
# /etc/shorewall/actions.
|
||||
#
|
||||
# You may rate-limit the rule by optionally
|
||||
# following ACCEPT, DNAT[-], REDIRECT[-] or LOG with
|
||||
#
|
||||
# < <rate>/<interval>[:<burst>] >
|
||||
#
|
||||
# where <rate> is the number of connections per
|
||||
# <interval> ("sec" or "min") and <burst> is the
|
||||
# largest burst permitted. If no <burst> is given,
|
||||
# a value of 5 is assumed. There may be no
|
||||
# no whitespace embedded in the specification.
|
||||
#
|
||||
# Example: ACCEPT<10/sec:20>
|
||||
#
|
||||
# The ACTION (and rate limit) may optionally be followed
|
||||
# The ACTION may optionally be followed
|
||||
# by ":" and a syslog log level (e.g, REJECT:info or
|
||||
# DNAT<4/sec:8>:debugging). This causes the packet to be
|
||||
# DNAT:debug). This causes the packet to be
|
||||
# logged at the specified level.
|
||||
#
|
||||
# NOTE: For those of you who prefer to place the
|
||||
# rate limit in a separate column, see the RATE LIMIT
|
||||
# column below. If you specify a value in that column,
|
||||
# you must not include a rate limit in the ACTION column
|
||||
#
|
||||
# You may also specify ULOG (must be in upper case) as a
|
||||
# log level.This will log to the ULOG target for routing
|
||||
# to a separate log through use of ulogd
|
||||
@ -232,9 +214,6 @@
|
||||
#
|
||||
# Example: 10/sec:20
|
||||
#
|
||||
# If you place a rate limit in this column, you may not
|
||||
# place a similar limit in the ACTION column.
|
||||
#
|
||||
# USER/GROUP This column may only be non-empty if the SOURCE is
|
||||
# the firewall itself.
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user