shorewall_code/Shorewall/known_problems.txt

37 lines
1.2 KiB
Plaintext
Raw Normal View History

2009-08-29 00:58:14 +02:00
1) If ULOG is specified as the LOG LEVEL in the all->all policy, the
rules at the end of the INPUT and OUTPUT chains still use the
LOG target rather than ULOG.
You can work around this problem by adding two additional policies
before the all->all one:
all $FW DROP ULOG
$FW all REJECT ULOG
This problem was corrected in Shorewall 4.4.0.1.
2) Use of CONTINUE policies with a nested IPSEC zone was broken in
some cases.
This problem was corrected in Shorewall 4.4.0.1.
3) If MULTICAST=Yes in shorewall.conf, multicast traffic is
incorrectly exempted from ACCEPT policies.
This problem was corrected in Shorewall 4.4.0.2.
2009-08-29 17:58:21 +02:00
4) If a zone is defined with "nets=" in /etc/shorewall/zones, that
2009-08-29 16:27:32 +02:00
definition cannot be extended by entries in /etc/shorewall/hosts.
This problem was corrected in Shorewall 4.4.0.2.
2009-08-29 17:58:21 +02:00
5) Shoerwall accepts "nets=" in a multi-zone interface entry (one with
"-" in the ZONES column) in /etc/shorewall/interfaces.
This problem was corrected in Shorewall 4.4.0.2.
2009-08-29 18:32:38 +02:00
6) MULTICAST=Yes generates an incorrect rule that limits its
effectiveness to a small part of the multicast address space.