mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-16 19:30:44 +01:00
f1a6726dc0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9280 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
95 lines
5.1 KiB
HTML
95 lines
5.1 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=UTF-8">
|
|
<title>Shoreline Firewall (Shorewall)</title>
|
|
<base target="_self">
|
|
<meta name="CREATED" content="20040920;15031500">
|
|
<meta name="CHANGED"
|
|
content="$Id$">
|
|
</head>
|
|
<body dir="ltr" lang="en-US">
|
|
Copyright © 2001-2009 Thomas M. Eastep
|
|
<p>Permission is granted to copy, distribute and/or modify this
|
|
document
|
|
under the terms of the GNU Free Documentation License, Version 1.2 or
|
|
any
|
|
later version published by the Free Software Foundation; with no
|
|
Invariant
|
|
Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of
|
|
the
|
|
license is included in the section entitled <span
|
|
style="text-decoration: underline;">"</span><a href="GnuCopyright.htm"
|
|
target="_self">GNU Free Documentation License</a>".<br>
|
|
</p>
|
|
<p>2009-01-14</p>
|
|
<hr>
|
|
<h2><a name="Notice">Important Notice to Users of Shorewall's Multi-ISP
|
|
Feature</a></h2>
|
|
<p>A bug in Shorewall versions 3.2.0-3.2.10, 3.4.0-3.4.6 and
|
|
Shorewall-shell
|
|
4.0.0-4.0.2 prevents proper handling of PREROUTING marks when
|
|
HIGH_ROUTE_MARKS=No and the <strong>track</strong> option is
|
|
specified.
|
|
Patches are available to correct this problem:</p>
|
|
<p>Shorewall version 3.2.0-3.2.10, 3.4.0-3.4.3: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/patches/Shorewall/patch-3.2.10-2.diff</a></p>
|
|
<p>Shorewall version 3.4.4-3.4.6: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.6/errata/patches/Shorewall/patch-3.4.6-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.66/errata/patches/Shorewall/patch-3.4.6-1.diff</a></p>
|
|
<p>Shorewall-shell version 4.0.0-4.0.2: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.2/errata/patches/Shorewall-shell/patch-shell-4.0.2-2.diff</a></p>
|
|
<p>Note that a patch may succeed with an offset when applied to a
|
|
release
|
|
other than the one for which it was specifically prepared. For example,
|
|
when
|
|
the patch for 3.2.0-3.2.10, 3.4.0-3.4.3 (which was prepared for release
|
|
3.2.10) is applied to release 3.4.3, the following is the result:</p>
|
|
<pre>root@wookie:~# <strong>cd /usr/share/shorewall</strong>
|
|
root@wookie/usr/share/shorewall#: <strong>patch < ~/shorewall/tags/3.2.10/Shorewall.updated/patch-3.2.10-2.diff</strong> <br>patching file compiler<br>Hunk #1 succeeded at 958 (offset -1669 lines).<br>root@wookie:/usr/share/shorewall#</pre>
|
|
<h3>Update -- 7 November 2007</h3>
|
|
<p>A second bug in Shorewall versions 3.2.0-3.2.11, 3.4.0-3.4.7 and
|
|
4.0.0-4.0.5 can cause improper handing of PREROUTING and OUTPUT marks
|
|
when
|
|
HIGH_ROUTE_MARKS=Yes. Patches are also available to correct this
|
|
problem:</p>
|
|
<p>Shorewall version 3.2.3-3.2.11: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff">http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.11/errata/patches/Shorewall/patch-3.2.11-1.diff</a></p>
|
|
<p>Shorewall version 3.4.0-3.4.7: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff">http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-1.diff</a></p>
|
|
<p>Shorewall version 4.0.0-4.0.5: <a
|
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-shell/patch-shell-4.0.5-1.diff</a>
|
|
and <a
|
|
href="http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff">http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.5/errata/patches/Shorewall-perl/patch-perl-4.0.5-4.diff</a>.</p>
|
|
<hr>
|
|
<h2><a name="Notice1">Important Notice to Users of BRIDGING=Yes</a></h2>
|
|
<p>In Linux Kernel version 2.6.20, the Netfilter team changed Physdev
|
|
Match
|
|
so that it is no longer capable of supporting BRIDGING=Yes. The
|
|
solutions
|
|
available to users are to either:</p>
|
|
<ol>
|
|
<li>Switch to using the technique described at <a
|
|
href="http://www.shorewall.net/3.0/NewBridge.html">http://www.shorewall.net/3.0/NewBridge.html</a>;
|
|
or<br>
|
|
</li>
|
|
<li>Upgrade to Shorewall 4.0, migrate to using Shorewall-perl, and
|
|
follow the instructions at <a
|
|
href="http://www1.shorewall.net/bridge-Shorewall-perl.html">http://www1.shorewall.net/bridge-Shorewall-perl.html.</a>
|
|
</li>
|
|
</ol>
|
|
<p>The first approach allows you to switch back and forth between
|
|
kernels
|
|
older and newer than 2.6.20. The second approach is a better long-term
|
|
solution.</p>
|
|
<hr style="width: 100%; height: 2px;">
|
|
<h2><a name="Kernel2.4"></a>Important Notice to Users of Kernel 2.4</h2>
|
|
The Shorewall developers do not test Shorewall running on Kernel 2.4
|
|
and we make no representation about the functionality of Shorewall on
|
|
that Kernel. Any failure of Shorewall on Kernel 2.4 will not be
|
|
investigated by the Shorewall team.<br>
|
|
<hr>
|
|
<h2><br>
|
|
</h2>
|
|
</body>
|
|
</html>
|