shorewall_code/Shorewall/releasenotes.txt
2003-10-09 21:26:08 +00:00

47 lines
1.4 KiB
Plaintext
Executable File

This is a minor release of Shorewall.
Problems Corrected since version 1.4.6:
1) Tuomo Soini has supplied a correction to a problem that occurs using
some versions of 'ash'. The symptom is that "shorewall start" fails
with:
local: --limit: bad variable name
iptables v1.2.8: Couldn't load match `-j':/lib/iptables/libipt_-j.so:
cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
2) Andres Zhoglo has supplied a correction that avoids trying to use
the multiport match iptables facility on ICMP rules.
Example of rule that previously caused "shorewall start" to fail:
ACCEPT loc $FW icmp 0,8,11,12
Migration Issues:
None.
New Features:
1. A new QUEUE action has been introduced for rules. QUEUE allows you
to pass connection requests to a user-space filter such as p2pwall
(http://p2pwall.sourceforge.net).
For example, to use p2pwall to filter P2P applications, you would
add the following rules:
QUEUE loc net tcp
QUEUE loc net udp
QUEUE loc fw udp
You would normally want to place those two rules BEFORE any ACCEPT
rules for loc->net.
Note: When the protocol specified is TCP ("tcp", "TCP" or "6"),
Shorewall will only pass connection requests (SYN packets) to user
space. This is for compatibility with p2pwall.