extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
5f554b61dd
shorewall_code/Shorewall2/releasenotes.txt
teastep 5f554b61dd Add -x option to /sbin/shorewall 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1214 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-20 15:10:17 +00:00

73 lines
2.5 KiB
Plaintext
Executable File
Raw Blame History

Shorewall 2.0.1-Beta2
----------------------------------------------------------------------
Problems Corrected since 2.0.0
1) Using actions in the manner recommended in the documentation
results in a Warning that the rule is a policy.
2) When a zone on a single interface is defined using
/etc/shorewall/hosts, superfluous rules are generated in the
<zone>_frwd chain.
Problems Corrected since 2.0.1 Beta 1
1) The BOGON_LOG_LEVEL variable is now included in shorewall.conf. It
was inadvertently omitted from the Beta 1 file.
2) Previously, setting 'norfc1918' also set 'nobogons'; setting
'nobogons' by itself had no effect.
-----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
1) The function of 'norfc1918' is now split between that option and a
new 'nobogons' option.
The rfc1918 file released with Shorewall now contains entries for
only those three address ranges reserved by RFC 1918. A 'nobogons'
interface option has been added which handles bogon source
addresses (those which are reserved by the IANA, those reserved for
DHCP auto-configuration and the class C test-net reserved for
testing and documentation examples). This will allow users to
perform RFC 1918 filtering without having to deal with out
of date data from IANA. Those who are willing to update their
/usr/share/shorewall/bogons file regularly can specify the
'nobogons' option in addition to 'norfc1918'.
The level at which bogon packets are logged is specified in the new
BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not
specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then
bogon packets whose TARGET is 'logdrop' in
/usr/share/shorewall/bogons are logged at the 'info' level.
New Features:
1) Support for Bridging Firewalls has been added. For details, see
http://shorewall.net/bridge.html
2) Support for NETMAP has been added. NETMAP allows NAT to be defined
between two network:
a.b.c.1 -> x.y.z.1
a.b.c.2 -> x.y.z.2
a.b.c.3 -> x.y.z.3
...
http://shorewall.net/netmap.html
3) The /sbin/shorewall program now accepts a "-x" option to cause
iptables to print out the actual packet and byte counts rather than
abbreviated counts such as "13MB".
Commands affected by this are:
shorewall -x show [ <chain>[ <chain> ...] ]
shorewall -x show tos|mangle
shorewall -x show nat
shorewall -x status
shorewall -x monitor [ <interval> ]
Reference in New Issue View Git Blame Copy Permalink