From e2a212a30dfe86cd6be78a83c1047b381cbbf098 Mon Sep 17 00:00:00 2001 From: el_cubano Date: Mon, 16 Jul 2007 00:26:41 +0000 Subject: [PATCH] Update web site for 3.4.5 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6876 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- web/News.htm | 76 ++++++++++++++++++++++++++++++++++++++++- web/shorewall_index.htm | 8 ++--- 2 files changed, 79 insertions(+), 5 deletions(-) diff --git a/web/News.htm b/web/News.htm index 0e03e58d6..ead3c649c 100644 --- a/web/News.htm +++ b/web/News.htm @@ -24,10 +24,84 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation License”.

-

June 22, 2007
+

July 15, 2007

+

2007-07-15 Shorewall 3.4.5

+
+Problems Corrected in 3.4.5.
+
+1)  DYNAMIC_ZONES=Yes can now coexist with Shorewall-perl's 'bport'
+    zones. Those zones themselves may not be dynamically modified but
+    the presence of bport zones no longer causes the 'shorewall add'
+    command to fail.
+
+2)  Shorewall's internal traffic shaper once again works when the 'sed'
+    utility is provided by the Busybox package.
+
+3)  Version 3.4.4 erroneously accepted the values On, Off, on, off, ON
+    and OFF for the IP_FORWARDING option. These values were treated
+    like 'Keep'. The listed values are now once again flagged as an
+    error.
+
+4)  If 'routeback' and 'detectnets' were specified on an interface,
+    limited broadcasts (to 255.255.255.255) and multicasts were dropped
+    when forwarded through the interface. This could cause
+    broadcast-based and multicast applications to fail when running
+    through a bridge with 'detectnets'.
+
+5)  The 'hits' command works once again.
+
+6)  IPSECFILE=ipsec (either explicitly or defaulted) works
+    now. Previously, processing of the ipsec file was bypassed; often
+    with a confusing "missing file" message.
+
+7)  If DETECT_DNAT_IPADDRS=Yes in shorewall.conf but you did't have conntrack
+    match support, then the generated script was missing 'done's.
+
+Other changes in 3.4.5.
+
+1)  When a Shorewall release includes detection of an additional
+    capability, existing capabilities files become out of
+    date. Previously, this condition was not detected.
+
+    Beginning with this release, each generated capabilities file
+    contains a CAPVERSION specification which defines the capabilities
+    version of the file. If the CAPVERSION in a capabilities file is
+    less than the current CAPVERSION, then Shorewall will issue the
+    following message:
+
+    WARNING: <file> is out of date -- it does not contain all of
+    the capabilities defined by Shorewall version <version>
+
+    where
+
+	<file>    is the name of the capabilities file.
+	<version> is the current Shorewall version.
+
+    Existing capabilities files contain no CAPVERSION. When such a file
+    is read, Shorewall will issue this message:
+
+    WARNING: <file> may be not contain all of the capabilities defined
+    by Shorewall version <version>
+
+2)  When a directory is specified in a command such as 'start' or
+    'compile', Shorewall now reads the shorewall.conf file (if any) in
+    that directory before deciding which compiler to use. So if
+    SHOREWALL_COMPILER is not specified in
+    /etc/shorewall/shorewall.conf and the -C option was not specified
+    on the run-line, then if Shorewall-perl is installed, the additional
+    shorewall.conf file is read to see if it specifies a
+    SHOREWALL_COMPILER.
+
+3)  The 'save' command now uses iptables-save from the same directory
+    containing iptables. Previously, iptables-save was located via the
+    PATH setting.
+
+
+
+

2007-06-17 Shorewall 3.4.4

Problems corrected in 3.4.4:
 
diff --git a/web/shorewall_index.htm b/web/shorewall_index.htm
index 1dfd21e8c..854263420 100644
--- a/web/shorewall_index.htm
+++ b/web/shorewall_index.htm
@@ -103,17 +103,17 @@ Features page.

 
Current Shorewall Releases

 
 
The current
-Stable Release version is  3.4.4

+Stable Release version is  3.4.5