shorewall_code/Shorewall2/changelog.txt
2004-11-16 15:04:34 +00:00

141 lines
3.1 KiB
Plaintext

Changes since 2.0.3
1) Fix security vulnerability involving temporary files/directories.
2) Hack security fix so that it works under Slackware.
3) Correct mktempfile() for case where mktemp isn't installed.
4) Implement 'dropInvalid' builtin action.
5) Fix logging nat rules.
6) Fix COMMAND typos.
7) Add PKTTYPE option.
8) Enhancements to /etc/shorewall/masq
8) Allow overriding ADD_IP_ALIASES=Yes
9) Fix syntax error in setup_nat()
10) Port "shorewall status" changes from 2.0.7.
11) All config files are now empty.
12) Port blacklisting fix from 2.0.7
13) Pass rule chain and display chain separately to log_rule_limit.
Prep work for action logging.
14) Show the iptables/ip/tc command that failed when failure is fatal.
15) Implement STARTUP_ENABLED.
16) Added DNAT ONLY column to /etc/shorewall/nat.
17) Removed SNAT from ORIGINAL DESTINATION column.
18) Removed DNAT ONLY column.
19) Added IPSEC column to /etc/shorewall/masq.
20) No longer enforce source port 500 for ISAKMP.
21) Apply policy to interface/host options.
22) Fix policy and maclist.
23) Implement additional IPSEC options for zones and masq entries.
24) Deprecate the -c option in /sbin/shorewall.
25) Allow distinct input and output IPSEC parameters.
26) Allow source port remapping in /etc/shorewall/masq.
27) Include params file on 'restore'
28) Apply Richard Musil's patch.
29) Correct parsing of PROTO column in setup_tc1().
30) Verify Physdev match if BRIDGING=Yes
31) Don't NAT tunnel traffic.
32) Fix shorewall.spec to run chkconfig/insserv after initial install.
33) Add iprange support.
34) Add CLASSIFY support.
35) Fix iprange support so that ranges in both source and destination
work.
36) Remove logunclean and dropunclean
37) Fixed proxy arp flag setting for complex configurations.
38) Added RETAIN_ALIASES option.
39) Relax OpenVPN source port restrictions.
40) Implement DELAYBLACKLISTLOAD.
41) Avoid double-setting proxy arp flags.
42) Fix DELAYBLACKLISTLOAD=No.
43) Merge 'brctl show' change from 2.0.9.
44) Implememt LOGTAGONLY.
45) Merge 'tcrules' clarification from 2.0.10.
46) Implement 'sourceroute' interface option.
47) Add 'AllowICMPs' action.
48) Changed 'activate_rules' such that traffic from IPSEC hosts gets
handled before traffic from non-IPSEC zones.
49) Correct logmartians handling.
50) Add a clarification and fix a typo in the blacklist file.
51) Allow setting a specify MSS value.
52) Detect duplicate zone names.
53) Add mss=<number> option to the ipsec file.
54) Added CONNMARK/ipp2p support.
55) Added LOGALLNEW support.
56) Fix typo in check_config()
57) Allow outgoing NTP responses in action.AllowNTP.
58) Clarification of the 'ipsec' hosts file option.
59) Allow list in the SUBNET column of the rfc1918 file.
60) Restore missing '#' in the rfc1918 file.
61) Add note for Slackware users to INSTALL.
62) Allow interface in DEST tcrules column.
63) Remove 'ipt_unclean' from search expression in "log" commands.
64) Remove nonsense from IPSEC description in masq file.
65) Correct typo in rules file.
66) Update bogons file.
67) Add a rule for NNTPS to action.AllowNNTP