mirror of
https://gitlab.com/shorewall/code.git
synced 2025-02-22 20:51:15 +01:00
48 lines
1.3 KiB
Plaintext
48 lines
1.3 KiB
Plaintext
1) On systems running Upstart, shorewall-init cannot reliably secure
|
|
the firewall before interfaces are brought up.
|
|
|
|
2) Beginning with 4.4.16, compilation will fail if an empty shell
|
|
variable was referenced in a config file on a system where /bin/sh
|
|
is the Bourne Again Shell (bash).
|
|
|
|
Corrected in 4.4.16.1.
|
|
|
|
3) Startup can fail on a system where module autoloading is not
|
|
available and where TC_ENABLED=Simple is specified in
|
|
shorewall.conf.
|
|
|
|
Workaround:
|
|
|
|
If LOAD_HELPERS_ONLY=No,
|
|
|
|
a) Copy /usr/share/shorewall/modules to /etc/shorewall/
|
|
b) Add 'loadmodule sch_prio' to the copy
|
|
|
|
If LOAD_HELPERS_ONLY=Yes,
|
|
|
|
a) Copy /usr/share/shorewall/helpers to /etc/shorewall/
|
|
b) Add 'loadmodule sch_prio' to the copy
|
|
|
|
4) If the SOURCE column in /etc/shorewall6/rules contains an address
|
|
enclosed in [...], a spurious error is generated:
|
|
|
|
Example:
|
|
|
|
net:[::/0]
|
|
|
|
ERROR: Invalid VLSM (0]) : /etc/shorewall6/rules (line 20)
|
|
|
|
Workaround:
|
|
|
|
Enclose the address in <...>. In the example above, use
|
|
net:<::/0>.
|
|
|
|
3) Currently, Shorewall does not check the length of the names of
|
|
accounting chains and manual chains. This can result in
|
|
errors when loading the resulting ruleset if a chain name is longer
|
|
than 29 characters.
|
|
|
|
|
|
|
|
|