extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
997c722946
shorewall_code/Shorewall2/releasenotes.txt
teastep 997c722946 Allow overriding ADD_IP_ALIASES 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1480 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-07-15 20:29:06 +00:00

68 lines
2.1 KiB
Plaintext
Executable File
Raw Blame History

Shorewall 2.1.0
----------------------------------------------------------------------
Problems Corrected since 2.0.3
1) A non-empty DEST entry in /etc/shorewall/tcrules will generate an
error and Shorewall fails to start.
2) A potential security vulnerablilty in the way that Shorewall
handles temporary files and directories has been corrected.
3) Two problems with logging NAT rules (DNAT and REDIRECT) could cause
startup failures.
4) Some users have reported the pkttype match option in iptables/
Netfilter failing to match certain broadcast packets. The result
is that the firewall log shows a lot of broadcast packets.
Users experiencing this problem can use PKTTYPE=No in
shorewall.conf to cause Shorewall to use IP address filtering of
broadcasts rather than packet type.
Problems Corrected since 2.1.0
1) The "check" command fails with the following message:
iptables: No chain/target/match by that name
-----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0 to Shorewall 2.1:
None.
-----------------------------------------------------------------------
New Features:
1) ICMP packets that are in the INVALID state are now dropped by the
Reject and Drop default actions. They do so using the new
'dropInvalid' builtin action.
2) The /etc/shorewall/masq file INTERFACE column now allows additional
options.
Normally MASQUERADE/SNAT rules are evaluated after one-to-one NAT
rules defined in the /etc/shorewall/nat file. If you preceed the
interface name with a plus sign ("+") then the rule will be
evaluated before one-to-one NAT.
Examples:
+eth0
+eth1:192.0.2.32/27
Also, the effect of ADD_SNAT_ALIASES=Yes can be negated for an
entry by following the interface name by ":" but no digit.
Examples:
eth0:
eth1::192.0.2.32/27
+eth3:
3) Similar to 2), the /etc/shorewall/nat file INTERFACE column now allows
you to override the setting of ADD_IP_ALIASES=Yes by following the
interface name with ":" but no digit.
Reference in New Issue View Git Blame Copy Permalink