shorewall_code/Shorewall/known_problems.txt

1)  In kernel 2.6.31, the handling of the rp_filter interface option was
    changed incompatibly. Previously, the effective value was determined
    by the setting of net.ipv4.config.dev.rp_filter logically ANDed with
    the setting of net.ipv4.config.all.rp_filter.

    Beginning with kernel 2.6.31, the value is the arithmetic MAX of
    those two values. 

    Given that Shorewall sets net.ipv4.config.all.rp_filter to 1 if
    there are any interfaces specifying 'routefilter', specifying
    'routefilter' on any interface has the effect of setting the option
    on all interfaces.

    A workaround for this problem is included in Shorewall 4.4.5.1.

2)  When using an up-to-date capabilities file with Shorewall 4.4.5.1, the
    following warning messages were issued.

       WARNING: Unknown capability (KERNELVERSION) 
         ignored : /etc/shorewall2/capabilities (line 49)
       WARNING: Your capabilities file does not contain a Kernel Version --
         using 2.6.30

    This defect was corrected in 4.4.5.2.

3)  'shorewall6 start' on Shorewall 4.4.5.2 generates a Perl run-time
    error. Also, handling of ROUTE_FILTER on kernel 2.6.31 and later
    was broken.

    This was fixed in 4.4.5.3.

4)  With Shorewall 4.4.5.3, using a capabilities file with Shorewall6
    will result in the following warnings during compilation:

       WARNING: Your capabilities file is out of date -- it does not
          contain all of the capabilities defined by Shorewall6 version
          4.4.5.3

       WARNING: Your capabilities file does not contain a Kernel
          Version -- using 2.6.30

    Corrected in 4.4.5.4.

5)  The change in Shorewall 4.4.5.1 broke the 'forward' interface
    option in Shorewall6.

    Corrected in 4.4.5.4.

6)  Under circumstances, the Netfilter ruleset generated by Shorewall
    can include jumps to non-existent chains. This problem was
    apparently introduced between 4.4.0 and 4.4.5.

    Corrected in 4.4.5.5.
4.4.5.3 2009-12-23 23:46:55 +01:00			`1) In kernel 2.6.31, the handling of the rp_filter interface option was`
			`changed incompatibly. Previously, the effective value was determined`
			`by the setting of net.ipv4.config.dev.rp_filter logically ANDed with`
			`the setting of net.ipv4.config.all.rp_filter.`
Update known problems 2009-12-20 00:24:33 +01:00
4.4.5.3 2009-12-23 23:46:55 +01:00			`Beginning with kernel 2.6.31, the value is the arithmetic MAX of`
			`those two values.`
Update known problems 2009-12-20 00:24:33 +01:00
4.4.5.3 2009-12-23 23:46:55 +01:00			`Given that Shorewall sets net.ipv4.config.all.rp_filter to 1 if`
			`there are any interfaces specifying 'routefilter', specifying`
			`'routefilter' on any interface has the effect of setting the option`
			`on all interfaces.`
Update known problems with fix information 2009-12-20 16:31:35 +01:00
4.4.5.3 2009-12-23 23:46:55 +01:00			`A workaround for this problem is included in Shorewall 4.4.5.1.`

			`2) When using an up-to-date capabilities file with Shorewall 4.4.5.1, the`
			`following warning messages were issued.`

			`WARNING: Unknown capability (KERNELVERSION)`
			`ignored : /etc/shorewall2/capabilities (line 49)`
			`WARNING: Your capabilities file does not contain a Kernel Version --`
			`using 2.6.30`

			`This defect was corrected in 4.4.5.2.`

			`3) 'shorewall6 start' on Shorewall 4.4.5.2 generates a Perl run-time`
			`error. Also, handling of ROUTE_FILTER on kernel 2.6.31 and later`
			`was broken.`

			`This was fixed in 4.4.5.3.`

			`4) With Shorewall 4.4.5.3, using a capabilities file with Shorewall6`
			`will result in the following warnings during compilation:`

			`WARNING: Your capabilities file is out of date -- it does not`
			`contain all of the capabilities defined by Shorewall6 version`
			`4.4.5.3`

			`WARNING: Your capabilities file does not contain a Kernel`
			`Version -- using 2.6.30`

Shorewall 4.4.5.4 2009-12-24 19:26:27 +01:00			`Corrected in 4.4.5.4.`

			`5) The change in Shorewall 4.4.5.1 broke the 'forward' interface`
			`option in Shorewall6.`

			`Corrected in 4.4.5.4.`
Update known problems with fix information 2009-12-20 16:31:35 +01:00
Update known problems 2009-12-28 23:59:51 +01:00			`6) Under circumstances, the Netfilter ruleset generated by Shorewall`
			`can include jumps to non-existent chains. This problem was`
			`apparently introduced between 4.4.0 and 4.4.5.`
Prepare 4.4.5.5 2009-12-28 19:45:14 +01:00
			`Corrected in 4.4.5.5.`