mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 19:30:44 +01:00
da993d8c10
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@239 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
23 lines
848 B
Plaintext
23 lines
848 B
Plaintext
This is a minor release of Shorewall which rolls up a number of bug
|
|
fixes.
|
|
|
|
New features include:
|
|
|
|
1. A NEWNOTSYN option has been added to shorewall.conf. This option
|
|
determines whether Shorewall accepts TCP packets which are not part
|
|
of an established connection and that are not 'SYN' packets (SYN
|
|
flag on and ACK flag off).
|
|
|
|
|
|
2. The need for the 'multi' option to communicate between zones za and
|
|
zb on the same interface is removed in the case where the chain
|
|
'za2zb' and/or 'zb2za' exists. 'za2zb' will exist if:
|
|
|
|
a. There is a policy for za to zb.
|
|
b. There is at least one rule for za to zb.
|
|
|
|
3. The /etc/shorewall/blacklist file now contains three columns. In
|
|
addition to the SUBNET/ADDRESS column, there are optional PROTOCOL
|
|
and PORT columns to block only certain applications from the
|
|
blacklisted addresses.
|