Finish release note cleanup

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6785 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-20 01:37:59 +02:00 · 2007-07-04 19:39:49 +00:00 · 2007-07-04 19:39:49 +00:00 · fbb69ec909
commit fbb69ec909
parent 9b8d097a6a
1 changed files with 93 additions and 95 deletions
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -284,6 +284,9 @@ Migration Considerations:
       - Otherwise, the rule is added to accounting only.
       See http://www.shorewall.net/4.0/bridge-Shorewall-perl.html for
       additional information about the new bridge support.	
    d) The BROADCAST column in the interfaces file is essentially unused;
       if you enter anything in this column but '-' or 'detect', you will
       receive a warning.
@ -358,23 +361,6 @@ Migration Considerations:
 			      '-p tcp' #Pass as-is
                             );
       See http://www.shorewall.net/4.0/shorewall_extension_scripts.htm
       for further information about extension scripts under
       Shorewall-perl.
    f) The 'refresh' command now works like 'restart' with the
       following exceptions:
       - The refresh command is rejected if Shorewall is not running.
       - The refresh command only rebuilds the 'blacklst' chain.
       - A directory name may not be specified in the refresh command.
    g) Some run-time scripts have been converted to compile time
       scripts:
            initdone
 	    maclog
       Note that in the 'initdone' script, there is no default chain
       ($chainref). You can objtain a reference to a standard chain by:
@ -388,7 +374,18 @@ Migration Considerations:
       allow you to add special rules during [re]start. Shorewall-perl
       doesn't need such rules.
-    h) The /etc/shorewall/tos file now has zone-independent SOURCE and
+       See http://www.shorewall.net/4.0/shorewall_extension_scripts.htm
       for further information about extension scripts under
       Shorewall-perl.
    f) The 'refresh' command now works like 'restart' with the
       following exceptions:
       - The refresh command is rejected if Shorewall is not running.
       - The refresh command only rebuilds the 'blacklst' chain.
       - A directory name may not be specified in the refresh command.
    g) The /etc/shorewall/tos file now has zone-independent SOURCE and
       DEST columns as do all other files except the rules and policy
       files.
@ -409,7 +406,7 @@ Migration Considerations:
       requiring change to existing files. In particular, it will
       handle the tos file released with Shorewall 1.4 and earlier.
-    i) Shorewall is now out of the ipset load/reload business. With
+    h) Shorewall is now out of the ipset load/reload business. With
       scripts generated by the Perl-based Compiler, the Netfilter
       ruleset is never cleared. That means that there is no
       opportunity for Shorewall to load/reload your ipsets since that
@ -446,7 +443,7 @@ Migration Considerations:
       will ignore /etc/shorewall/ipsets and will issue a warning if
       you set SAVE_IPSETS=Yes in shorewall.conf.
-    j) Because the configuration files (with the exception of
+    i) Because the configuration files (with the exception of
       /etc/shorewall/params) are now processed by the Perl-based
       compiler rather than by the shell, only the basic forms of Shell
       expansion ($variable and ${variable}) are supported. The more
@ -455,24 +452,24 @@ Migration Considerations:
       environmental variables (exported by the shell) can be used in
       configuration files.
-    h) USE_ACTIONS=No is not supported. That option is intended to
+    j) USE_ACTIONS=No is not supported. That option is intended to
       minimize Shorewall's footprint in embedded applications. As a
       consequence, Default Macros are not supported.
-    i) DELAYBLACKLISTLOAD=Yes is not supported. The entire ruleset is
+    k) DELAYBLACKLISTLOAD=Yes is not supported. The entire ruleset is
       atomically loaded with one execution of iptables-restore.
-    j) MAPOLDACTIONS=Yes is not supported. People should have converted
+    l) MAPOLDACTIONS=Yes is not supported. People should have converted
       to using macros by now.
-    k) The pre Shorewall-3.0 format of the zones file is not supported;
+    m) The pre Shorewall-3.0 format of the zones file is not supported;
       neither is the /etc/shorewall/ipsec file.
-    l) BLACKLISTNEWONLY=No is not permitted with FASTACCEPT=Yes. This
+    n) BLACKLISTNEWONLY=No is not permitted with FASTACCEPT=Yes. This
       combination doesn't work in previous versions of Shorewall so
       the Perl-based compiler simply rejects it.
-    m) Shorewall-perl has a single rule generator that is used for all
+    o) Shorewall-perl has a single rule generator that is used for all
       rule-oriented files. So it is important that the syntax is
       consistent between files.
@ -491,11 +488,11 @@ Migration Considerations:
       #INTERFACE	SOURCE			ADDRESSES
       eth0		eth1:!192.168.4.9	...
-    n) The 'allowoutUPnP' built-in action is no longer supported. The
+    p) The 'allowoutUPnP' built-in action is no longer supported. The
       Netfilter team have removed support for '-m owner --owner-cmd'
       which that action depended on. 
-    o) The treatment of the following interface options has changed under
+    q) The treatment of the following interface options has changed under
       Shorewall-perl.
       - arp_filter
@ -517,16 +514,17 @@ Migration Considerations:
       A fatal compilation error is also generated if you specify one of
       these options with a wildcard interface (one ending with '+').
-    p) The LOG_MARTIANS and ROUTE_FILTER options are now tri-valued in
+    r) The LOG_MARTIANS and ROUTE_FILTER options are now tri-valued in
       Shorewall-perl.
 	Yes -  Same as before
 	No  -  Same as before except that it applies regardless of
 	       whether any interfaces have the logmartians/routefilter
 	       option
-	Keep - Shorewall ignores the option entirely.
+	Keep - Shorewall ignores the option entirely (which is the
 	default).
-2)  An 'optional' option has been added to
+    s)  Shorewall-perl support nn 'optional' option has been added to
        /etc/shorewall/interfaces. This option is recognized by
        Shorewall-perl but not by Shorewall-shell. When 'optional' is
        specified for an interface, Shorewall will be silent when:
@ -536,21 +534,50 @@ Migration Considerations:
        - The first address of the interface cannot be obtained.
-    I specify 'optional' on interfaces to Xen virtual machines that may
+        I specify 'optional' on interfaces to Xen virtual machines that
-    or may not be running when Shorewall is [re]started.
+        may or may not be running when Shorewall is [re]started.
        CAUTION: Use 'optional' at your own risk. If you [re]start
-    Shorewall when an 'optional' interface is not available and then do
+        Shorewall when an 'optional' interface is not available and then
-    a 'shorewall save', subsequent 'shorewall restore' and 'shorewall -f
+        do a 'shorewall save', subsequent 'shorewall restore' and
-    start' operations will instantiate a ruleset that does not support
+        'shorewall -f start' operations will instantiate a ruleset that
-    that interface, even if it is available at the time of the
+        does not support that interface, even if it is available at the
-    restore/start.
+        time of the restore/start.
-3)  Thanks to Paul Gear, an IPPServer macro has been added. Be sure to
+     t) Shorewall-perl validates all IP addresses and addresses ranges
        in rules. DNS names are resolved and an error is issued for any
 	name that cannot be resolved.
     u) Shorewall-perl checks configuration files for the presense of
 	characters that can cause problems if they are allowed into the
 	generated firewall script:
 	- Double Quotes. These are prohibited except in the
 	  shorewall.conf and params files.
 	- Single Quotes. These are prohibited except in the
 	  shorewall.conf and params files and in COMMENT lines.
 	- Single back quotes. These are prohibited except in the 
 	  shorewall.conf and params files.
 	- Backslash. Probibited except as the last character on a line
          to denote line continuation.
     v) Under Shorewall-perl, macros may invoke other macros with the
        restriction that such macros may not be invoked within an action
 	body.
 	When marcros are invoked recursively, the parameter passed to an
 	invocation are automatically propagated to lower level macros.
 	 Macro invocations may be nested to a maximum level of 5.
 2)  Thanks to Paul Gear, an IPPServer macro has been added. Be sure to
    read the comments in the macro file before trying to use this
    macro.
-4)  Eariler generations of Shorewall Lite required that remote root
+3)  Eariler generations of Shorewall Lite required that remote root
    login via ssh be enabled in order to use the 'load' and 'reload'
    commands.
@ -584,45 +611,16 @@ Migration Considerations:
       destination - The directory on the remote system that the files 
                     are to be copied into. 
-5)  The accounting, masq, rules and tos files now have a 'MARK' column
+4)  The accounting, masq, rules and tos files now have a 'MARK' column
    similar to the column of the same name in the tcrules file. This
    column allows filtering by MARK and CONNMARK value (CONNMARK is
    only accepted under Shorewall Perl).
-6)  SOURCE and DEST are now reserved zone names to avoid problems with
+5)  SOURCE and DEST are now reserved zone names to avoid problems with
    bi-directional macro definitions which use these as names as key
    words.
-7)  Shorewall-perl validates all IP addresses and addresses ranges
+6)  The "shorewall show zones" command now flags zone members that have
    in rules. DNS names are resolved and an error is issued for any
    name that cannot be resolved.
 8)  Shorewall-perl checks configuration files for the presense of
    characters that can cause problems if they are allowed into the
    generated firewall script:
    -	Double Quotes. These are prohibited except in the
        shorewall.conf and params files.
    -	Single Quotes. These are prohibited except in the
        shorewall.conf and params files and in COMMENT lines.
    -   Single back quotes. These are prohibited except in the 
 	shorewall.conf and params files.
    -   Backslash. Probibited except as the last character on a line to
        denote line continuation.
 9)  Under Shorewall-perl, macros may invoke other macros with the
    restriction that such macros may not be invoked within an action
    body.
    When marcros are invoked recursively, the parameter passed to an
    invocation are automatically propagated to lower level macros.
    Macro invocations may be nested to a maximum level of 5.
 12) The "shorewall show zones" command now flags zone members that have
    been added using "shorewall add" by preceding them with a plus sign
    ("+").
@ -649,16 +647,16 @@ Migration Considerations:
    versions, any entry could be deleted although the ruleset was only
    changed by deleting entries that had been added dynamically.
-13) The 'shorewall version' command now lists the version of the
+7)  The 'shorewall version' command now lists the version of the
-    installed compiler(s):
+    installed compiler(s) if the -a option is used:
-    gateway:/bulk/backup # shorewall version
+    gateway:/bulk/backup # shorewall version -a
    4.0.0-Beta1
    Shorewall-shell 4.0.0-Beta1
    Shorewall-perl 4.0.0-Beta1
    gateway:/bulk/backup #
-14) The Perl compiler is externalized. Both the compiler.pl program
+8)  The Perl compiler is externalized. Both the compiler.pl program
    and the Perl Module interface are documented.
    The compiler program is /usr/share/shorewall-perl/compiler.pl:
@ -751,11 +749,11 @@ Migration Considerations:
    The compiler function can be called repeatedly with different
    inputs.
-15) When TC_ENABLED=Internal, Shorewall-perl now validates classids in
+9)  When TC_ENABLED=Internal, Shorewall-perl now validates classids in
    the MARK/CLASSIFY column of /etc/shorewall/tcrules against the
    classes generated by /etc/shorewall/tcclasses.
-16) During installation, Shorewall generates the Perl module
+10) During installation, Shorewall generates the Perl module
    /usr/share/shorewall-perl/Shorewall/Ports.pm, using your
    /etc/protocols and /etc/services as input.
@ -817,11 +815,11 @@ Example:
 	shorewall restart -C perl
-Regardless of the setting of SHOREWALL_COMPILER, there is one change in
+When the Shorewall-perl compiler is used, your params file will be
-Shorewall operation that is triggered simply by installing
+processed during compilation with the shell's '-a' option  which causes
-shorewall-perl. Your params file will be processed during compilation 
+any variables that you set or create in that file to be automatically
-with the shell's '-a' option  which causes any variables that you set
+exported. Since the params file is processed before shorewall.conf,
-or create in that file to be automatically exported. Since the params
+using -a insures that the settings of your params variables are
-file is processed before shorewall.conf, using -a insures that the
+available to the new compiler should its use be specified in
-settings of your params variables are available to the new compiler
+shorewall.conf.
-should its use be specified in shorewall.conf.
+