shorewall_code/Shorewall2/changelog.txt

Changes since 2.0.3

1) Fix security vulnerability involving temporary files/directories.

2) Hack security fix so that it works under Slackware.

3) Correct mktempfile() for case where mktemp isn't installed.

4) Implement 'dropInvalid' builtin action.

5) Fix logging nat rules.

6) Fix COMMAND typos.

7) Add PKTTYPE option.

8) Enhancements to /etc/shorewall/masq

8) Allow overriding ADD_IP_ALIASES=Yes

9) Fix syntax error in setup_nat()

10) Port "shorewall status" changes from 2.0.7.

11) All config files are now empty.

12) Port blacklisting fix from 2.0.7

13) Pass rule chain and display chain separately to log_rule_limit.
    Prep work for action logging.

14) Show the iptables/ip/tc command that failed when failure is fatal.

15) Implement STARTUP_ENABLED.

16) Added DNAT ONLY column to /etc/shorewall/nat.

17) Removed SNAT from ORIGINAL DESTINATION column.

18) Removed DNAT ONLY column.

19) Added IPSEC column to /etc/shorewall/masq.

20) No longer enforce source port 500 for ISAKMP.

21) Apply policy to interface/host options.

22) Fix policy and maclist.

23) Implement additional IPSEC options for zones and masq entries.

24) Deprecate the -c option in /sbin/shorewall.

25) Allow distinct input and output IPSEC parameters.

26) Allow source port remapping in /etc/shorewall/masq.

27) Include params file on 'restore'

28) Apply Richard Musil's patch.

29) Correct parsing of PROTO column in setup_tc1().

30) Verify Physdev match if BRIDGING=Yes

31) Don't NAT tunnel traffic.

32) Fix shorewall.spec to run chkconfig/insserv after initial install.