From c57ee7d68d8c44f048f700ae6c77e1661d18cf03 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 30 Mar 2010 07:23:17 -0700 Subject: [PATCH] Update release notes with additional trace information. Signed-off-by: Tom Eastep --- Shorewall/releasenotes.txt | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 92046922f..a4d091c84 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -258,12 +258,36 @@ None. table, where 'x' is one of the following: - A - Append - R - Replaced - I - Inserted - T - Shell source text -- converted into rules at run-time. - D - Deleted Rule - X - Deleted Chain + N - Create a chain. + A - Append a rule to a chain. + R - Replace a rule in a chain. + I - Inserted a rule into a chain. + T - Shell source text appended/inserted into a chain -- + converted into rules at run-time. + D - Deleted Rule from a chain + X - Deleted a chain + + Netfilter trace records indicate the table and chain being + changed. If the change involves a particular rule, then the rule + number is also included. + + Example (append the first rule to the filter FORWARD chain): + + NF-(A)-> filter:FORWARD:1 + + If the trace record involves the chain itself, then no rule number + is present. + + Example (Delete the mangle tcpost chain): + + NF-(X)-> mangle:tcpost + + The compiler keeps the rules for each chain in a Perl array. When + deleting a rule, the corresponding array entry is set to + 'undef'. So when a rule is deleted, the rule numbers of the + remaining rules do not change. If the last rule in an array is + deleted, then the array itself is truncated back to the last valid + rule and subsequent append operations grow the array from there. ---------------------------------------------------------------------------- V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S