2003-10-21 22:26:23 +02:00
|
|
|
This is a bugfix release of Shorewall.
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-10-07 00:38:40 +02:00
|
|
|
Problems Corrected since version 1.4.6:
|
2003-03-18 16:16:33 +01:00
|
|
|
|
2003-10-08 16:53:26 +02:00
|
|
|
1) Tuomo Soini has supplied a correction to a problem that occurs using
|
|
|
|
some versions of 'ash'. The symptom is that "shorewall start" fails
|
|
|
|
with:
|
2003-07-23 16:25:05 +02:00
|
|
|
|
2003-10-08 16:53:26 +02:00
|
|
|
local: --limit: bad variable name
|
|
|
|
iptables v1.2.8: Couldn't load match `-j':/lib/iptables/libipt_-j.so:
|
|
|
|
cannot open shared object file: No such file or directory
|
|
|
|
Try `iptables -h' or 'iptables --help' for more information.
|
2003-10-07 00:38:40 +02:00
|
|
|
|
2003-10-08 17:07:18 +02:00
|
|
|
2) Andres Zhoglo has supplied a correction that avoids trying to use
|
|
|
|
the multiport match iptables facility on ICMP rules.
|
|
|
|
|
|
|
|
Example of rule that previously caused "shorewall start" to fail:
|
|
|
|
|
|
|
|
ACCEPT loc $FW icmp 0,8,11,12
|
|
|
|
|
2003-10-11 18:18:58 +02:00
|
|
|
3) Previously, if the following error message was issued, Shorewall
|
|
|
|
was left in an inconsistent state.
|
|
|
|
|
2003-10-23 01:24:58 +02:00
|
|
|
Error: Unable to determine the routes through interface xxx
|
2003-10-11 18:18:58 +02:00
|
|
|
|
|
|
|
4) Handling of the LOGUNCLEAN option in shorewall.conf has been
|
|
|
|
corrected.
|
|
|
|
|
2003-10-21 17:03:02 +02:00
|
|
|
5) In Shorewall 1.4.2, an optimization was added. This optimization
|
|
|
|
involved creating a chain named "<zone>_frwd" for most zones
|
|
|
|
defined using the /etc/shorewall/hosts file. It has since been
|
|
|
|
discovered that in many cases these new chains contain redundant
|
|
|
|
rules and that the "optimization" turns out to be less than
|
2003-10-21 22:26:23 +02:00
|
|
|
optimal. The implementation has now been corrected.
|
|
|
|
|
|
|
|
6) When the MARK value in a tcrules entry is followed by ":F" or ":P",
|
|
|
|
the ":F" or ":P" was previously only applied to the first Netfilter
|
2003-10-23 01:24:58 +02:00
|
|
|
rule generated by the entry. It is now applied to all entries.
|
|
|
|
|
|
|
|
7) The original fix for item 5) above contained a bug which caused the
|
2003-10-26 05:26:45 +01:00
|
|
|
"<zone>_frwd" chain to have too few rules. That has been corrected
|
|
|
|
(twice).
|
2003-10-21 17:03:02 +02:00
|
|
|
|
2003-10-07 00:38:40 +02:00
|
|
|
Migration Issues:
|
2003-07-22 00:06:18 +02:00
|
|
|
|
2003-10-08 16:53:26 +02:00
|
|
|
None.
|
2003-05-21 01:21:38 +02:00
|
|
|
|
2003-06-23 22:24:51 +02:00
|
|
|
New Features:
|
2003-05-21 01:21:38 +02:00
|
|
|
|
2003-10-08 16:53:26 +02:00
|
|
|
None.
|