mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
ee3bab0642
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1211 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
57 lines
2.0 KiB
Plaintext
Executable File
57 lines
2.0 KiB
Plaintext
Executable File
Shorewall 2.0.1-Beta2
|
|
|
|
----------------------------------------------------------------------
|
|
Problems Corrected since 2.0.0
|
|
|
|
1) Using actions in the manner recommended in the documentation
|
|
results in a Warning that the rule is a policy.
|
|
|
|
Problems Corrected since 2.0.1 Beta 1
|
|
|
|
1) The BOGON_LOG_LEVEL variable is now included in shorewall.conf. It
|
|
was inadvertently omitted from the Beta 1 file.
|
|
|
|
2) Previously, setting 'norfc1918' also set 'nobogons'; setting
|
|
'nobogons' by itself had no effect.
|
|
|
|
-----------------------------------------------------------------------
|
|
Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:
|
|
|
|
1) The function of 'norfc1918' is now split between that option and a
|
|
new 'nobogons' option.
|
|
|
|
The rfc1918 file released with Shorewall now contains entries for
|
|
only those three address ranges reserved by RFC 1918. A 'nobogons'
|
|
interface option has been added which handles bogon source
|
|
addresses (those which are reserved by the IANA, those reserved for
|
|
DHCP auto-configuration and the class C test-net reserved for
|
|
testing and documentation examples). This will allow users to
|
|
perform RFC 1918 filtering without having to deal with out
|
|
of date data from IANA. Those who are willing to update their
|
|
/usr/share/shorewall/bogons file regularly can specify the
|
|
'nobogons' option in addition to 'norfc1918'.
|
|
|
|
The level at which bogon packets are logged is specified in the new
|
|
BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not
|
|
specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then
|
|
bogon packets whose TARGET is 'logdrop' in
|
|
/usr/share/shorewall/bogons are logged at the 'info' level.
|
|
|
|
New Features:
|
|
|
|
1) Support for Bridging Firewalls has been added. For details, see
|
|
|
|
http://shorewall.net/bridge.html
|
|
|
|
2) Support for NETMAP has been added. NETMAP allows NAT to be defined
|
|
between two network:
|
|
|
|
a.b.c.1 -> x.y.z.1
|
|
a.b.c.2 -> x.y.z.2
|
|
a.b.c.3 -> x.y.z.3
|
|
...
|
|
|
|
http://shorewall.net/netmap.html
|
|
|
|
|