extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-18 18:51:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update release notes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3421 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-02-01 23:43:12 +00:00
parent 20d3f6afdc
commit ead2959c3d
2 changed files with 45 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -39,3 +39,6 @@ Changes in 3.1.x.
19) Apply Ed Suominen's patch to tcrules. 19) Apply Ed Suominen's patch to tcrules.
20) Speed up compilation by rewriting 'fix_bang()'.
21) Correct GATEWAY handling in the providers file.

92
Shorewall/releasenotes.txt
View File

@ -1,4 +1,4 @@
Shorewall 3.1.4 Shorewall 3.1.5
Note to users upgrading from Shorewall 2.x or 3.0 Note to users upgrading from Shorewall 2.x or 3.0
@ -27,59 +27,16 @@ Note to users upgrading from Shorewall 2.x or 3.0
Please see the "Migration Considerations" below for additional upgrade Please see the "Migration Considerations" below for additional upgrade
information. information.
Problems Corrected in 3.1.4 Problems Corrected in 3.1.5
1) "shorewall check" generated an error if there were entries in 1) Compilation has been speeded up by 10-15%.
/etc/shorewall/massq.
2) Bridging now works. 2) Specifying a GATEWAY IP address in /etc/shorewall/providers no longer
causes "shorewall [re]start to fail".
3) The handling of the QUEUE target in the ESTABLISHED section has been New Features added in 3.1.5
corrected. Previously, the "--syn" option was being added unconditionally
to rules with the QUEUE target with the result that no TCP packets in the
ESTABLISHED state would be sent to QUEUE.
New Features added in 3.1.4 None.
1) The /etc/shorewall/maclist file has a new column layout. The first column
is now DISPOSITION. This column determines what to do with matching
packets and can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it
can also contain REJECT). This change is upward compatible so your existing
maclist file can still be used.
ACCEPT, DROP and REJECT may be optionally followed by a log level to
cause the packet to be logged.
2) Shorewall has always been very noisy (lots of messages). No more.
You set the default level of verbosity using the VERBOSITY option in
shorewall.conf. If you don't set it (as would be the case of you use your
old shorewall.conf file) then VERBOSITY defaults to a value of 2 which is
the old default. A value of 1 suppresses some of the output (like the old
-q option did) while a value of 0 makes Shorewall almost silent.
The value specified in the 3.2 shorewall.conf is 1. So you can make
Shorewall as verbose as previously using a single -v and you can make it
silent by using a single -q.
If the default is set at 2, you can still make a command silent by using
two "q"s (e.g., shorewall -qq restart).
In summary, each "q" subtracts one from VERBOSITY while each "v" adds one
to VERBOSITY.
The "shorewall show log", "shorewall logwatch" and "shorewall dump"
commands require VERBOSE to be greater than or equal to 3 to display MAC
addresses.This is consistent with the previous implementation which
required a single -v to enable MAC display but means that if you set
VERBOSITY=0 in shorewall.conf, then you will need to include -vvv in
commands that display log records in order to have MACs displayed.
3) Shorewall now implements 'start' and 'restart' using a "compile and
go" approach. See the details under the first new feature below.
4) The "-p" option to the 'compile' command is gone. Generation of a
complete program is now the default.
Migration Considerations: Migration Considerations:
@ -284,3 +241,38 @@ file>
performs all of the same checks that compile does. Note that there is performs all of the same checks that compile does. Note that there is
still no guarantee that the generated script won't encounter run-time still no guarantee that the generated script won't encounter run-time
errors. errors.
2) The /etc/shorewall/maclist file has a new column layout. The first column
is now DISPOSITION. This column determines what to do with matching
packets and can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it
can also contain REJECT). This change is upward compatible so your existing
maclist file can still be used.
ACCEPT, DROP and REJECT may be optionally followed by a log level to
cause the packet to be logged.
3) Shorewall has always been very noisy (lots of messages). No more.
You set the default level of verbosity using the VERBOSITY option in
shorewall.conf. If you don't set it (as would be the case of you use your
old shorewall.conf file) then VERBOSITY defaults to a value of 2 which is
the old default. A value of 1 suppresses some of the output (like the old
-q option did) while a value of 0 makes Shorewall almost silent.
The value specified in the 3.2 shorewall.conf is 1. So you can make
Shorewall as verbose as previously using a single -v and you can make it
silent by using a single -q.
If the default is set at 2, you can still make a command silent by using
two "q"s (e.g., shorewall -qq restart).
In summary, each "q" subtracts one from VERBOSITY while each "v" adds one
to VERBOSITY.
The "shorewall show log", "shorewall logwatch" and "shorewall dump"
commands require VERBOSE to be greater than or equal to 3 to display MAC
addresses.This is consistent with the previous implementation which
required a single -v to enable MAC display but means that if you set
VERBOSITY=0 in shorewall.conf, then you will need to include -vvv in
commands that display log records in order to have MACs displayed.