From ead2959c3d013685ccdd42763a293f1bbfd1f038 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 1 Feb 2006 23:43:12 +0000 Subject: [PATCH] Update release notes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3421 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 3 ++ Shorewall/releasenotes.txt | 92 +++++++++++++++++--------------------- 2 files changed, 45 insertions(+), 50 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 8c3ab930b..2ef6e1c7e 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -39,3 +39,6 @@ Changes in 3.1.x. 19) Apply Ed Suominen's patch to tcrules. +20) Speed up compilation by rewriting 'fix_bang()'. + +21) Correct GATEWAY handling in the providers file. \ No newline at end of file diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ad6b3c41d..a24d1a473 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 3.1.4 +Shorewall 3.1.5 Note to users upgrading from Shorewall 2.x or 3.0 @@ -27,59 +27,16 @@ Note to users upgrading from Shorewall 2.x or 3.0 Please see the "Migration Considerations" below for additional upgrade information. -Problems Corrected in 3.1.4 +Problems Corrected in 3.1.5 -1) "shorewall check" generated an error if there were entries in - /etc/shorewall/massq. +1) Compilation has been speeded up by 10-15%. -2) Bridging now works. +2) Specifying a GATEWAY IP address in /etc/shorewall/providers no longer + causes "shorewall [re]start to fail". -3) The handling of the QUEUE target in the ESTABLISHED section has been - corrected. Previously, the "--syn" option was being added unconditionally - to rules with the QUEUE target with the result that no TCP packets in the - ESTABLISHED state would be sent to QUEUE. +New Features added in 3.1.5 -New Features added in 3.1.4 - -1) The /etc/shorewall/maclist file has a new column layout. The first column - is now DISPOSITION. This column determines what to do with matching - packets and can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it - can also contain REJECT). This change is upward compatible so your existing - maclist file can still be used. - - ACCEPT, DROP and REJECT may be optionally followed by a log level to - cause the packet to be logged. - -2) Shorewall has always been very noisy (lots of messages). No more. - - You set the default level of verbosity using the VERBOSITY option in - shorewall.conf. If you don't set it (as would be the case of you use your - old shorewall.conf file) then VERBOSITY defaults to a value of 2 which is - the old default. A value of 1 suppresses some of the output (like the old - -q option did) while a value of 0 makes Shorewall almost silent. - - The value specified in the 3.2 shorewall.conf is 1. So you can make - Shorewall as verbose as previously using a single -v and you can make it - silent by using a single -q. - - If the default is set at 2, you can still make a command silent by using - two "q"s (e.g., shorewall -qq restart). - - In summary, each "q" subtracts one from VERBOSITY while each "v" adds one - to VERBOSITY. - - The "shorewall show log", "shorewall logwatch" and "shorewall dump" - commands require VERBOSE to be greater than or equal to 3 to display MAC - addresses.This is consistent with the previous implementation which - required a single -v to enable MAC display but means that if you set - VERBOSITY=0 in shorewall.conf, then you will need to include -vvv in - commands that display log records in order to have MACs displayed. - -3) Shorewall now implements 'start' and 'restart' using a "compile and - go" approach. See the details under the first new feature below. - -4) The "-p" option to the 'compile' command is gone. Generation of a - complete program is now the default. +None. Migration Considerations: @@ -284,3 +241,38 @@ file> performs all of the same checks that compile does. Note that there is still no guarantee that the generated script won't encounter run-time errors. + +2) The /etc/shorewall/maclist file has a new column layout. The first column + is now DISPOSITION. This column determines what to do with matching + packets and can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it + can also contain REJECT). This change is upward compatible so your existing + maclist file can still be used. + + ACCEPT, DROP and REJECT may be optionally followed by a log level to + cause the packet to be logged. + +3) Shorewall has always been very noisy (lots of messages). No more. + + You set the default level of verbosity using the VERBOSITY option in + shorewall.conf. If you don't set it (as would be the case of you use your + old shorewall.conf file) then VERBOSITY defaults to a value of 2 which is + the old default. A value of 1 suppresses some of the output (like the old + -q option did) while a value of 0 makes Shorewall almost silent. + + The value specified in the 3.2 shorewall.conf is 1. So you can make + Shorewall as verbose as previously using a single -v and you can make it + silent by using a single -q. + + If the default is set at 2, you can still make a command silent by using + two "q"s (e.g., shorewall -qq restart). + + In summary, each "q" subtracts one from VERBOSITY while each "v" adds one + to VERBOSITY. + + The "shorewall show log", "shorewall logwatch" and "shorewall dump" + commands require VERBOSE to be greater than or equal to 3 to display MAC + addresses.This is consistent with the previous implementation which + required a single -v to enable MAC display but means that if you set + VERBOSITY=0 in shorewall.conf, then you will need to include -vvv in + commands that display log records in order to have MACs displayed. +