shorewall_code/STABLE/releasenotes.txt

23 lines
848 B
Plaintext
Raw Normal View History

This is a minor release of Shorewall which rolls up a number of bug
fixes.
New features include:
1. A NEWNOTSYN option has been added to shorewall.conf. This option
determines whether Shorewall accepts TCP packets which are not part
of an established connection and that are not 'SYN' packets (SYN
flag on and ACK flag off).
2. The need for the 'multi' option to communicate between zones za and
zb on the same interface is removed in the case where the chain
'za2zb' and/or 'zb2za' exists. 'za2zb' will exist if:
a. There is a policy for za to zb.
b. There is at least one rule for za to zb.
3. The /etc/shorewall/blacklist file now contains three columns. In
addition to the SUBNET/ADDRESS column, there are optional PROTOCOL
and PORT columns to block only certain applications from the
blacklisted addresses.