mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
081bd461a2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1470 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
40 lines
1.3 KiB
Plaintext
Executable File
40 lines
1.3 KiB
Plaintext
Executable File
Shorewall 2.1.0
|
|
|
|
----------------------------------------------------------------------
|
|
Problems Corrected since 2.0.3
|
|
|
|
1) A non-empty DEST entry in /etc/shorewall/tcrules will generate an
|
|
error and Shorewall fails to start.
|
|
|
|
2) A potential security vulnerablilty in the way that Shorewall
|
|
handles temporary files and directories has been corrected.
|
|
|
|
3) Two problems with logging NAT rules (DNAT and REDIRECT) could cause
|
|
startup failures.
|
|
|
|
4) Some users have reported the pkttype match option in iptables/
|
|
Netfilter failing to match certain broadcast packets. The result
|
|
is that the firewall log shows a lot of broadcast packets.
|
|
|
|
Users experiencing this problem can use PKTTYPE=No in
|
|
shorewall.conf to cause Shorewall to use IP address filtering of
|
|
broadcasts rather than packet type.
|
|
|
|
Problems Corrected since 2.1.0
|
|
|
|
1) The "check" command fails with the following message:
|
|
|
|
iptables: No chain/target/match by that name
|
|
|
|
-----------------------------------------------------------------------
|
|
Issues when migrating from Shorewall 2.0 to Shorewall 2.1:
|
|
|
|
None.
|
|
|
|
-----------------------------------------------------------------------
|
|
New Features:
|
|
|
|
1) ICMP packets that are in the INVALID state are now dropped by the
|
|
Reject and Drop default actions. They do so using the new
|
|
'dropInvalid' builtin action.
|