mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-22 04:31:23 +01:00
41 lines
1.0 KiB
Plaintext
41 lines
1.0 KiB
Plaintext
1) On systems running Upstart, shorewall-init cannot reliably secure
|
|
the firewall before interfaces are brought up.
|
|
|
|
2) Beginning with 4.4.16, compilation will fail if an empty shell
|
|
variable was referenced in a config file on a system where /bin/sh
|
|
is the Bourne Again Shell (bash).
|
|
|
|
Corrected in 4.4.16.1.
|
|
|
|
3) Startup can fail on a system where module autoloading is not
|
|
available and where TC_ENABLED=Simple is specified in
|
|
shorewall.conf.
|
|
|
|
Workaround:
|
|
|
|
If LOAD_HELPERS_ONLY=No,
|
|
|
|
a) Copy /usr/share/shorewall/modules to /etc/shorewall/
|
|
b) Add 'loadmodule sch_prio' to the copy
|
|
|
|
If LOAD_HELPERS_ONLY=Yes,
|
|
|
|
a) Copy /usr/share/shorewall/helpers to /etc/shorewall/
|
|
b) Add 'loadmodule sch_prio' to the copy
|
|
|
|
4) If the SOURCE column in /etc/shorewall6/rules contains [address],
|
|
a spurious error is generated:
|
|
|
|
Example:
|
|
|
|
net:[::/0]
|
|
|
|
ERROR: Invalid VLSM (0]) : /etc/shorewall6/rules (line 20)
|
|
|
|
Workaround:
|
|
|
|
Use <address> instead. In the example above, use net:<::/0>.
|
|
|
|
|
|
|