shorewall_code/Shorewall/known_problems.txt

1)  On systems running Upstart, shorewall-init cannot reliably start the
    firewall before interfaces are brought up.

2)  The date/time formatting in the STARTUP_LOG is not uniform.

    Fixed in 4.4.13.1

3)  The blacklisting change in 4.4.13 broke blacklisting in some simple
    configurations with the effect that blacklisting was not enabled.

    Fixed in 4.4.13.1

    The issue may also be worked around is follows.

    If you currently have an entry similar to this in
    /etc/shorewall/interfaces:

       #ZONE         INTERFACE BROADCAST        OPTIONS
       net 	     eth0      detect		blacklist,...

    then remove the 'blacklist' option from that entry and change the
    'net' entry in /etc/shorewall/zones as follows:

       #ZONE       TYPE       OPTIONS       IN_OPTIONS
       net         ipv4       -             blacklist

4)  The Debian init scripts for Shorewall-lite and Shorewall6-lite
    contain a syntax error.

    Fixed in 4.4.13.2.

5)  If the -v or -q option is passed to /sbin/shorewall-lite or
    /sbin/shorewall6-lite on a command that involves the compiled
    script, then the command will fail if the effective verbosity is
    > 2 or < -1.

    Fixed in 4.4.13.2.

6)  When running one of the -lite packages, the log reading commands
    (show log, logwatch and dump) show no log record.

    Fixed in 4.4.13.3.

7)  In /etc/shorewall/interfaces, if nets=(a.b.c.d/e) is entered then a
    fatal error is erroneously raised.

    Workaround: Remove the parentheses (e.g., nets=a.b.c.d/e). 

8)  If 10 or more interfaces are configured in Complex Traffic Shaping
    (/etc/shorewall/tcdevices), the following compilation diagnostic
    is issued:

        Argument "a" isn't numeric in sprintf at
	/usr/share/shorewall/Shorewall/Config.pm line 893.
 
    and an invalid TC configuration is generated.

    Fixed in 4.4.14.
Update known problems Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-09-21 16:50:13 +02:00			`1) On systems running Upstart, shorewall-init cannot reliably start the`
			`firewall before interfaces are brought up.`
Update Known Problems Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-09-24 20:49:46 +02:00
			`2) The date/time formatting in the STARTUP_LOG is not uniform.`

			`Fixed in 4.4.13.1`

			`3) The blacklisting change in 4.4.13 broke blacklisting in some simple`
			`configurations with the effect that blacklisting was not enabled.`

			`Fixed in 4.4.13.1`
Add workaround to known problems 2010-09-26 21:36:39 +02:00
			`The issue may also be worked around is follows.`

			`If you currently have an entry similar to this in`
			`/etc/shorewall/interfaces:`

			`#ZONE INTERFACE BROADCAST OPTIONS`
			`net eth0 detect blacklist,...`

			`then remove the 'blacklist' option from that entry and change the`
			`'net' entry in /etc/shorewall/zones as follows:`

			`#ZONE TYPE OPTIONS IN_OPTIONS`
			`net ipv4 - blacklist`
Shorewall 4.4.13.2 Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-10-02 00:25:39 +02:00
			`4) The Debian init scripts for Shorewall-lite and Shorewall6-lite`
			`contain a syntax error.`

			`Fixed in 4.4.13.2.`

			`5) If the -v or -q option is passed to /sbin/shorewall-lite or`
			`/sbin/shorewall6-lite on a command that involves the compiled`
			`script, then the command will fail if the effective verbosity is`
			`> 2 or < -1.`

			`Fixed in 4.4.13.2.`
Correct problems corrected. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-10-02 22:20:51 +02:00
			`6) When running one of the -lite packages, the log reading commands`
			`(show log, logwatch and dump) show no log record.`

			`Fixed in 4.4.13.3.`
Update known problems with split_list() issue 2010-10-26 16:10:01 +02:00
			`7) In /etc/shorewall/interfaces, if nets=(a.b.c.d/e) is entered then a`
			`fatal error is erroneously raised.`

			`Workaround: Remove the parentheses (e.g., nets=a.b.c.d/e).`
Update 4.4.13 Known Problems Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-10-28 20:02:20 +02:00
			`8) If 10 or more interfaces are configured in Complex Traffic Shaping`
			`(/etc/shorewall/tcdevices), the following compilation diagnostic`
			`is issued:`

			`Argument "a" isn't numeric in sprintf at`
			`/usr/share/shorewall/Shorewall/Config.pm line 893.`

			`and an invalid TC configuration is generated.`

			`Fixed in 4.4.14.`