2002-08-07 16:28:04 +02:00
|
|
|
This is a minor release of Shorewall which rolls up a number of bug
|
|
|
|
fixes.
|
|
|
|
|
|
|
|
New features include:
|
|
|
|
|
2002-09-16 19:02:08 +02:00
|
|
|
1. A NEWNOTSYN option has been added to shorewall.conf. This option
|
|
|
|
determines whether Shorewall accepts TCP packets which are not part
|
|
|
|
of an established connection and that are not 'SYN' packets (SYN
|
|
|
|
flag on and ACK flag off).
|
2002-08-22 23:33:54 +02:00
|
|
|
|
2002-08-07 16:28:04 +02:00
|
|
|
|
2002-09-16 19:02:08 +02:00
|
|
|
2. The need for the 'multi' option to communicate between zones za and
|
|
|
|
zb on the same interface is removed in the case where the chain
|
|
|
|
'za2zb' and/or 'zb2za' exists. 'za2zb' will exist if:
|
2002-08-07 16:28:04 +02:00
|
|
|
|
2002-09-16 19:02:08 +02:00
|
|
|
a. There is a policy for za to zb.
|
|
|
|
b. There is at least one rule for za to zb.
|
|
|
|
|
|
|
|
3. The /etc/shorewall/blacklist file now contains three columns. In
|
|
|
|
addition to the SUBNET/ADDRESS column, there are optional PROTOCOL
|
|
|
|
and PORT columns to block only certain applications from the
|
|
|
|
blacklisted addresses.
|