extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-16 04:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restate vulnerability

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-06-06 13:19:40 -07:00
parent 447d0f0b2d
commit e8f61e2109
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/releasenotes.txt
View File

@ -35,9 +35,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
did not specify a number. Now, the compiler selects the lowest
unallocated number when no device number is explicitly allocated.
2) Network developers have discovered an exploit that allows hosts to
poke holes in a firewall. The known ways to protect against the
exploit are:
2) Certain attacks can be best defended through use of one of these
two measures.
a) rt_filter (Shorewall's routefilter). Only applicable to IPv4
and can't be used with some multi-ISP configurations.
@ -47,8 +46,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
rules. This approach is not appropriate for bridges and other
cases, where the 'routeback' option is specified or implied.
For non-routeback interfaces, Shorewall and Shorewall6 will insert
a hairpin rule, provided that the routefilter option is not
For non-routeback interfaces, Shorewall and Shorewall6 will now
insert a hairpin rule, provided that the routefilter option is not
specified. The rule will dispose of hairpins according to the
setting of two new options in shorewall.conf and shorewall6.conf: