mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 01:53:27 +01:00
0cab96e4e4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4248 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
63 lines
2.2 KiB
Plaintext
63 lines
2.2 KiB
Plaintext
Shorewall 3.3.0
|
|
|
|
Note to users upgrading from Shorewall 2.x or 3.0
|
|
|
|
Most problems associated with upgrades come from two causes:
|
|
|
|
- The user didn't read and follow the migration considerations in these
|
|
release notes.
|
|
|
|
- The user mis-handled the /etc/shorewall/shorewall.conf file during
|
|
upgrade. Shorewall is designed to allow the default behavior of
|
|
the product to evolve over time. To make this possible, the design
|
|
assumes that you will not replace your current shorewall.conf file
|
|
during upgrades. If you feel absolutely compelled to have the latest
|
|
comments and options in your shorewall.conf then you must proceed
|
|
carefully.
|
|
|
|
While you are at it, if you have a file named /etc/shorewall/rfc1918 then
|
|
please check that file. If it has addresses listed that are NOT in one of
|
|
these three ranges, then please rename the file to
|
|
/etc/shorewall/rfc1918.old.
|
|
|
|
10.0.0.0 - 10.255.255.255
|
|
172.16.0.0 - 172.31.255.255
|
|
192.168.0.0 - 192.168.255.255
|
|
|
|
If you have a file named /etc/shorewall/modules, please remove
|
|
it. The default modules file is now located in /usr/share/shorewall/
|
|
(see the "Migration Considerations" below).
|
|
|
|
Please see the "Migration Considerations" below for additional upgrade
|
|
information.
|
|
|
|
Problems Corrected in 3.3.0
|
|
|
|
1) The output formatting of the 'hits' command under BusyBox 1.2.0 has
|
|
been corrected.
|
|
|
|
2) The output of the 'hits' command was previously scrambled if
|
|
/etc/services contained spaces as column delimiters rather than
|
|
tabs.
|
|
|
|
Other changes in 3.3.0
|
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
in http://www.shorewall.net/DynamicZones.html.
|
|
|
|
Migration Considerations:
|
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
in http://www.shorewall.net/DynamicZones.html.
|
|
|
|
2) Shorewall no longer requires extended MARK support to use the 'track'
|
|
provider option when HIGH_ROUTE_MARKS=No.
|
|
|
|
New Features:
|
|
|
|
None.
|