mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 11:04:03 +01:00
Shorewall 1.4.8-RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f046ea3ab1
commit
c334e92103
@ -30,3 +30,6 @@ Changes since 1.4.7
|
|||||||
lengthening the variable name.
|
lengthening the variable name.
|
||||||
|
|
||||||
13) Applied and improved Eric Bowles's fix for route filtering.
|
13) Applied and improved Eric Bowles's fix for route filtering.
|
||||||
|
|
||||||
|
14) Corrected handling of /32 addresses with broadcast in maclist
|
||||||
|
processing.
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
# shown below. Simply run this script to revert to your prior version of
|
# shown below. Simply run this script to revert to your prior version of
|
||||||
# Shoreline Firewall.
|
# Shoreline Firewall.
|
||||||
|
|
||||||
VERSION=1.4.7
|
VERSION=1.4.8-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -54,7 +54,7 @@
|
|||||||
# /etc/rc.d/rc.local file is modified to start the firewall.
|
# /etc/rc.d/rc.local file is modified to start the firewall.
|
||||||
#
|
#
|
||||||
|
|
||||||
VERSION=1.4.7
|
VERSION=1.4.8-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
@ -46,13 +46,18 @@ Problems Corrected since version 1.4.7:
|
|||||||
|
|
||||||
9) Previously, neither the 'routefilter' interface option nor the
|
9) Previously, neither the 'routefilter' interface option nor the
|
||||||
ROUTE_FILTER parameter were working properly. This has been
|
ROUTE_FILTER parameter were working properly. This has been
|
||||||
corrected. The definition of the ROUTE_FILTER option has changed
|
corrected (thanks to Eric Bowles for his patch). The definition
|
||||||
however. Previously, ROUTE_FILTER=Yes was documented as enabling
|
of the ROUTE_FILTER option has changed however. Previously,
|
||||||
route filtering on all interfaces (which didn't work). Beginning
|
ROUTE_FILTER=Yes was documented as enabling route filtering on all
|
||||||
with this release, setting ROUTE_FILTER=Yes will enable route
|
interfaces (which didn't work). Beginning with this release, setting
|
||||||
filtering of all interfaces brought up while Shorewall is
|
ROUTE_FILTER=Yes will enable route filtering of all interfaces
|
||||||
started. As a consequence, ROUTE_FILTER=Yes can coexist with the use
|
brought up while Shorewall is started. As a consequence,
|
||||||
of the 'routefilter' option in the interfaces file.
|
ROUTE_FILTER=Yes can coexist with the use of the 'routefilter'
|
||||||
|
option in the interfaces file.
|
||||||
|
|
||||||
|
10) If MAC verification was enabled on an interface that had a /32
|
||||||
|
address with a broadcast address then an error would occur during
|
||||||
|
startup.
|
||||||
|
|
||||||
Migration Issues:
|
Migration Issues:
|
||||||
|
|
||||||
@ -62,22 +67,23 @@ Migration Issues:
|
|||||||
New Features:
|
New Features:
|
||||||
|
|
||||||
1. A new QUEUE action has been introduced for rules. QUEUE allows you
|
1. A new QUEUE action has been introduced for rules. QUEUE allows you
|
||||||
to pass connection requests to a user-space filter such as p2pwall
|
to pass connection requests to a user-space filter such as ftwall
|
||||||
(http://p2pwall.sourceforge.net).
|
(http://p2pwall.sourceforge.net). The ftwall program allows for
|
||||||
|
effective filtering of p2p applications such as Kazaa.
|
||||||
|
|
||||||
For example, to use p2pwall to filter P2P applications, you would
|
For example, to use ftwall to filter P2P clients in your 'loc' zone,
|
||||||
add the following rules:
|
you would add the following rules:
|
||||||
|
|
||||||
QUEUE loc net tcp
|
QUEUE loc net tcp
|
||||||
QUEUE loc net udp
|
QUEUE loc net udp
|
||||||
QUEUE loc fw udp
|
QUEUE loc fw udp
|
||||||
|
|
||||||
You would normally want to place those two rules BEFORE any ACCEPT
|
You would normally want to place those three rules BEFORE any ACCEPT
|
||||||
rules for loc->net.
|
rules for loc->net or loc->fw udp or tcp.
|
||||||
|
|
||||||
Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
|
Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
|
||||||
Shorewall will only pass connection requests (SYN packets) to user
|
Shorewall will only pass connection requests (SYN packets) to user
|
||||||
space. This is for compatibility with p2pwall.
|
space. This is for compatibility with ftwall.
|
||||||
|
|
||||||
2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
|
2. A BLACKLISTNEWNONLY option has been added to shorewall.conf. When
|
||||||
this option is set to "Yes", the blacklists (dynamic and static)
|
this option is set to "Yes", the blacklists (dynamic and static)
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
%define name shorewall
|
%define name shorewall
|
||||||
%define version 1.4.7
|
%define version 1.4.8
|
||||||
%define release 1
|
%define release 0RC1
|
||||||
%define prefix /usr
|
%define prefix /usr
|
||||||
|
|
||||||
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
|
||||||
@ -108,6 +108,8 @@ fi
|
|||||||
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 30 2003 Tom Eastep <tom@shorewall.net>
|
||||||
|
- Changed version to 1.4.8-0RC1
|
||||||
* Sat Oct 04 2003 Tom Eastep <tom@shorewall.net>
|
* Sat Oct 04 2003 Tom Eastep <tom@shorewall.net>
|
||||||
- Changed version to 1.4.7-1
|
- Changed version to 1.4.7-1
|
||||||
- Removed conflict with 2.2 Kernels
|
- Removed conflict with 2.2 Kernels
|
||||||
|
@ -26,7 +26,7 @@
|
|||||||
# You may only use this script to uninstall the version
|
# You may only use this script to uninstall the version
|
||||||
# shown below. Simply run this script to remove Seattle Firewall
|
# shown below. Simply run this script to remove Seattle Firewall
|
||||||
|
|
||||||
VERSION=1.4.7
|
VERSION=1.4.8-RC1
|
||||||
|
|
||||||
usage() # $1 = exit status
|
usage() # $1 = exit status
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user