shorewall_code/Shorewall-common/changelog.txt
2007-11-19 21:15:36 +00:00

457 lines
9.2 KiB
Plaintext

Changes in 4.1.0.
1) Add 'shared' provider option.
2) Allow refresh of entire table and refresh mangle by default.
3) Add NFLOG support.
4) Implement alternative syntax for params.
5) Add support for embedded shell and Perl scripts.
6) Add support for manual chains.
7) Don't require GATEWAY in tunnels file.
8) Fix HIGH_ROUTE_MARKS fsck-up.
9) Fix Makefiles for VARDIR
10) Add -t option to hits command.
11) Add DONT_LOAD option
12) Add support for --random.
Changes in 4.0.5
1) Delete 'detectnets' from Shorewall-perl
2) Use get_config() for processing secondary shorewall.conf
3) Add 'broadcast' and 'destonly' options to hosts file.
4) Allow "$FW::<port>" in the DEST column of a redirect rule"
5) Add MULTICAST option in shorewall.conf.
6) Allow port range for server port in NAT rules.
7) Validate server IP address and port(-range) in NAT rules.
8) Allow server port(s) to be specified as service names.
9) Split large DEST PORT(S) lists.
10) Fix TCP/UDP in rules file.
10) Add new semantics to 'debug' with Shorewall-perl
11) Satisfy the distros.
12) Change module versions to V-strings.
13) Fix ipsets.
Changes in 4.0.4
1) Fix 'refresh' with light-weight shells.
2) Various fixes for proxyarp.
3) Fix 'refresh' run-time error.
4) Cleaner behavior if module-init-tools not installed.
5) Fix [re-]initialization problems in Shorewall::Tc.
6) Make compile-time check for iptables-restore.
7) Fix dup chain name test for actions.
8) Improve KLUDGEFREE detection.
9) Remove unused functions from Chains module.
10) Allow 'TC_ENABLED=internal' as specified (Only 'Internal' is
currently allowed).
11) Correct 'loose' handling.
12) Correct handling of 'bridge' and accounting.
13) Fix SHOREWALL_DIR fiasco.
14) Avoid deleting wrong routing rule.
15) Allow provider number in route_rules with Shorewall-shell.
16) Add DELETE_THEN_ADD option.
17) Add warning about 'detectnets' going away.
18) Fix off-by-one bug in Tc.pm
19) Correct problems found in pre-testing.
20) Fix REDIRECT with Macros.
Changes in 4.0.3
1) Streamline the checking for builtin chains in the accounting file.
2) Don't try to write/restore /etc/iproute2/rt_tables if it isn't
writable.
3) Allow Shorewall-perl compiler and libraries to be installed
anywhere.
4) Add KEEP_RT_TABLES option.
5) Other provider changes.
6) Fix LOG target in Shorewall-shell.
7) Faster log processing.
8) Tweak handling of CLASSID in process_tc_rule().
9) Restore 3.4 'stop/clear/reset' behavior and make new behavior
optional.
10) Add act_police to modules file.
11) Add 'mss' interface option.
12) Add TCPMSS_MATCH to show capabilities -f.
13) Insure a space between log prefix and IN=.
14) Provide ESTABLISHED,RELATED rules for inappropriate CONTINUE policy
15) Add hashlimit match detection.
16) Fix 'add' and 'delete' when interface name contains special char.
17) Fix PREROUTING track fiasco.
18) Add NFQUEUE support.
19) Allow refresh of chains other than 'blacklst'.
20) Allow INCLUDE in run-time extension scripts.
21) Fix zone sort.
Changes in 4.0.2
1) Another ECN fix in Shorewall-perl.
2) Make 'state match' detection in Shorewall-perl quiet.
3) Detect port range in list without XMULTIPORT.
4) Move lockfile handling from 'firewall' to 'shorewall' and lib.cli.
5) Don't detect routed networks and interfaces addresses during
'restore'.
6) Upcase some global variables in the generated script.
7) Remove some 'chain_base' mapping.
8) Eliminate a couple of global variables in the Chains module.
9) Cosmetic change to generated script.
10) Allow tc configuration on bridge ports.
11) Fix add/delete problem when Shorewall-shell is not installed.
12) Don't overwrite ${VARDIR}/chains and ${VARDIR}/zones during
'refresh'.
13) Correct some error messages.
14) Correct calculations involving number of keys in a hash.
15) Load xt_multiport.
16) Apply Günter Niedermeier's patch for multiport.
17) Honor the BROADCAST column when address type match is not
available.
18) Fix accounting.
Changes in 4.0.1
1) Add EXPAND_POLICIES.
2) Fix uninstallers.
3) Correct handling of 'ipsec' option in the hosts file.
4) Corrent handling of 'PATH' in Shorewall-perl.
5) Correct handling of ECN with MANGLE_FORWARD.
6) Relax ADDRTYPE restriction.
7) Be sure that chkconfig runs after upgrade from < 4.0.0
8) Better out-of-order policy detection.
9) Fix dropBcast/allowBcast logging and other logging
fixes/improvements.
10) Cleaner way to handle quotes in rules.
11) Allow '/min' in RATE/BURST column.
12) Check for state match
13) Fix stale lock problems.
Changes in 4.0.0 Final
1) Fix lite install.sh manpage problem.
2) Fix shorewall-shell .spec to modify SHOREWALL_COMPILER.
3) Shuffle code in Providers.pm.
4) Consolicate Common.pm + Config.pm and Interfaces.pm + Hosts.pm +
Zones.pm.
5) Validate log level in policy file.
Changes in 4.0.0 RC 2
1) Fix zone type check in Tunnels File.
2) Remove -f as default start OPTIONS.
3) Remove 3.4 compatibility hacks.
4) Fix install.sh manpage problem.
5) Fix LITEDIR mess.
6) Fix IPSEC.
7) Add Tunneling Macros from Tuomo Soini.
Changes in 4.0.0 RC 1
1) shorewall-perl RPM no longer installable under shorewall 3.4.
2) Fix limited broadcast and detectnets/routeback interfaces.
3) Use optimized 'split' for faster compilation.
4) Validate host part in hosts file entry.
5) Fix IPSECFILE=ipsec.
6) Make ':noah' the default.
7) Work around SELinux nonsense.
8) Restore the 'refresh' command.
9) Allow ipsec zone in GATEWAY ZONE column of the tunnels file.
10) Raise error on chmod failure.
11) Handle shell variables with zero value correctly.
Changes in 4.0.0 Beta 6
1) First step to adding compiler debugging facility.
2) Assume that iptables-restore is in the same directory as $IPTABLES
3) Fix buildports.pm to handle bogus entries in /etc/protocols and
/etc/services.
4) Allow COMMENT in the accounting file.
Changes in 4.0.0 Beta 6
1) Validate the DISPOSITION in /etc/shorewall/maclist entries.
2) Add versioning to capabilities files.
3) Improve compiler selection.
4) DYNAMIC_ZONES=Yes and bridges.
5) Implement port validation.
Changes in 4.0.0 Beta 5
1) Fix undefined function call when both an input interface and an
output interface are present.
2) Externalize compiler and Compile.pm.
Changes in 4.0.0 Beta 4
1) Fix the 'Modules' output of 'dump'
2) Fix FW=xxx with IPSECFILE=ipsec.
3) Fix wildcard-rule/NONE-policy interaction.
4) Clean up generation of user-exit jacket functions.
5) Add new bridge code.
6) Fix bad bug in exclusion.
Changes in 4.0.0 Beta 2
1) Fix screwup in get_routed_networks().
2) Some minor tweaks.
3) Fix synflood chain jumps.
4) Simplify synflood handling and improve error diagnostics.
Changes in 4.0.0 Beta 1
1) Fix add/delete <interface>.
2) Fix do_proto() and 'use IPConfig' in Providers.pm.
3) Implement dynamic host group detection.
Changes in 3.9.7
1) Clean up release notes.
2) Fix several bugs having to do with exclusion in the hosts file.
3) Use '-m addrtype' in detectnet interface output rules.
4) Fix find_hosts_by_option().
5) Fix more hosts file bugs.
6) Fix 'detect' in GATEWAY column of providers file.
8) Other bug fixes (see release notes).
7) Fix action in 'logreject'.
8) Allow macros to invoke macros outside of action bodies.
Changes in 3.9.6
1) Fix parsing problems in protocol handling.
2) Fix bugs in handling of the MARK column.
3) Fix bug in routing table copying
4) Fix bug in ipset handling.
5) Fix bug in handling of CONTINUE in the tcrules file.
6) Add RCP_COMMAND and RSH_COMMAND options in shorewall.conf
7) Apply Luigi's MARK patch.
Changes in 3.9.5
1) Fix dynamic zone problem.
2) Fix LOGALLNEW.
3) Implement log level, protocol and port validation.
4) Fix MACLIST log rule generation problem.
Changes in 3.9.4
1) Fix port 0 problem (again!).
2) Fix log_martians.
3) Make LOG_MARTIANS and ROUTE_FILTER tri-valued.
4) Fix arp_ignore.
5) Re-work ROUTE_FILTER and LOG_MARTIANS.
6) Fix handling of interface options.
7) Fix handling of zone ipsec options.
8) Fix 'routeback' on multi-zone interface.
9) Fix 'check -d'.
10) Fix intra-zone policies.
11) Fix typo in maclist validation.
12) Allow 'optional' to work with 'maclist'.
Changes in 3.9.3
1) Apply Steven Springl's patch for port checking.
2) Implement 'optional' interface option.
3) Fix a couple of bugs in 'owner' handling.
4) Fix several bugs in address/network detection.
5) Make a number of interface options binary.
6) Add wildcard edits in interface processing.
7) Fix dropInvalid.
8) Fix 'none'.
9) Fix SAME with SOURCE $FW
10) Fix tcp:syn.
11) Fix all->z rules with 'NONE' policy.
12) Check for reserved zone names.
13) Add check for firewall zone existance.
14) Add checks for zone existance in 'all' processing.
Changes in 3.9.2
1) Implement '-C {shell|perl}'.
2) Implement LOCKFILE
3) Fix typo in prog.footer.
4) Fix Shorewall-perl hosts and tcclasses errors.
5) Add IPPserver macro.
6) Fix problem with 'stop' and 'clear' when shorewall-shell not
installed.
7) Moved lib.dynamiczones to Shorewall.
8) Fix silly bug in lib.base.
9) Apply Steven Springl's patch for ICMP.
>>>>>>> .r7695