extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-14 19:54:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
f1a6726dc0
shorewall_code/web/Notices.html
teastep f1a6726dc0 New old-look website 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9280 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-01-14 18:33:14 +00:00

95 lines
5.1 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
<title>Shoreline Firewall (Shorewall)</title>
<base target="_self">
<meta name="CREATED" content="20040920;15031500">
<meta name="CHANGED"
content="$Id$">
</head>
<body dir="ltr" lang="en-US">
Copyright © 2001-2009 Thomas M. Eastep
<p>Permission is granted to copy, distribute and/or modify this
document
under the terms of the GNU Free Documentation License, Version 1.2 or
any
later version published by the Free Software Foundation; with no
Invariant
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
the
license is included in the section entitled <span
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
target="_self">GNU Free Documentation License</a>".<br>
</p>
<p>2009-01-14</p>
<hr>
<h2><a name="Notice">Important Notice to Users of Shorewall's Multi-ISP
Feature</a></h2>
<p>A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and
Shorewall-shell
4.0.0-4.0.2 prevents proper handling of PREROUTING marks when
HIGH_ROUTE_MARKS=No and the <strong>track</strong> option is
specified.
Patches are available to correct this problem:</p>
<p>Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: <a
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff</a></p>
<p>Shorewall version 3.4.4-3.4.6: <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/errata/patches/Shorewall/patch-3.4.6-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff</a></p>
<p>Shorewall-shell version 4.0.0-4.0.2: <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff</a></p>
<p>Note that a patch may succeed with an offset when applied to a
release
other than the one for which it was specifically prepared. For example,
when
the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release
3.2.10) is applied to release 3.4.3, the following is the result:</p>
<pre>root@wookie:~# <strong>cd /usr/share/shorewall</strong>
root@wookie/usr/share/shorewall#: <strong>patch &lt; ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff</strong> <br>patching file compiler<br>Hunk #1 succeeded at 958 (offset -1669 lines).<br>root@wookie:/usr/share/shorewall#</pre>
<h3>Update -- 7 November 2007</h3>
<p>A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and
4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks
when
HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this
problem:</p>
<p>Shorewall version 3.2.3-3.2.11: <a
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff</a></p>
<p>Shorewall version 3.4.0-3.4.7: <a
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff</a></p>
<p>Shorewall version 4.0.0-4.0.5: <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff</a>
and <a
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff</a>.</p>
<hr>
<h2><a name="Notice1">Important Notice to Users of BRIDGING=Yes</a></h2>
<p>In Linux Kernel version 2.6.20, the Netfilter team changed Physdev
Match
so that it is no longer capable of supporting BRIDGING=Yes. The
solutions
available to users are to either:</p>
<ol>
<li>Switch to using the technique described at <a
href="http://www.shorewall.net/3.0/NewBridge.html">http://www.shorewall.net/3.0/NewBridge.html</a>;
or<br>
</li>
<li>Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and
follow the instructions at <a
href="http://www1.shorewall.net/bridge-Shorewall-perl.html">http://www1.shorewall.net/bridge-Shorewall-perl.html.</a>
</li>
</ol>
<p>The first approach allows you to switch back and forth between
kernels
older and newer than 2.6.20. The second approach is a better long-term
solution.</p>
<hr style="width: 100%; height: 2px;">
<h2><a name="Kernel2.4"></a>Important Notice to Users of Kernel 2.4</h2>
The Shorewall developers do not test Shorewall running on Kernel 2.4
and we make no representation about the functionality of Shorewall on
that Kernel. Any failure of Shorewall on Kernel 2.4 will not be
investigated by the Shorewall team.<br>
<hr>
<h2><br>
</h2>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink