2009-10-02 20:31:08 +02:00
|
|
|
Changes in Shorewall 4.4.3
|
|
|
|
|
2009-10-03 01:10:14 +02:00
|
|
|
1) Move Debian INITLOG initialization to /etc/default/shorewall
|
2009-10-02 20:31:08 +02:00
|
|
|
|
2009-10-03 19:53:53 +02:00
|
|
|
2) Fix 'routeback' in /etc/shorewall/routestopped.
|
|
|
|
|
2009-10-06 00:43:29 +02:00
|
|
|
3) Rename 'object' to 'script' in compiler and config modules.
|
|
|
|
|
2009-09-03 23:58:46 +02:00
|
|
|
Changes in Shorewall 4.4.2
|
|
|
|
|
2009-09-05 17:43:14 +02:00
|
|
|
1) BUGFIX: Correct detection of Persistent SNAT support
|
2009-09-03 23:58:46 +02:00
|
|
|
|
2009-09-05 17:43:14 +02:00
|
|
|
2) BUGFIX: Fix chain table initialization
|
2009-09-03 23:58:46 +02:00
|
|
|
|
2009-09-05 17:43:14 +02:00
|
|
|
3) BUGFIX: Validate routestopped file on 'check'
|
|
|
|
|
|
|
|
4) Let the Actions module add the builtin actions to
|
|
|
|
%Shorewall::Chains::targets. Much better modularization that way.
|
2009-09-04 04:27:25 +02:00
|
|
|
|
2009-09-07 01:17:22 +02:00
|
|
|
5) Some changes to make Lenny->Squeeze less painful.
|
|
|
|
|
|
|
|
6) Allow comments at the end of continued lines.
|
2009-09-06 22:37:24 +02:00
|
|
|
|
2009-09-09 21:18:31 +02:00
|
|
|
7) Call process_routestopped() during 'check' rather than
|
2009-09-12 17:48:52 +02:00
|
|
|
'compile_stop_firewall()'.
|
2009-09-09 21:18:31 +02:00
|
|
|
|
|
|
|
8) Don't look for an extension script for built-in actions.
|
2009-09-08 21:55:14 +02:00
|
|
|
|
2009-09-11 16:47:31 +02:00
|
|
|
9) Apply Jesse Shrieve's patch for SNAT range.
|
|
|
|
|
2009-09-12 17:48:52 +02:00
|
|
|
10) Add -<family> to 'ip route del default' command.
|
|
|
|
|
2009-09-13 17:09:40 +02:00
|
|
|
11) Add three new columns to macro body.
|
|
|
|
|
2009-09-14 22:43:32 +02:00
|
|
|
12) Change 'wait4ifup' so that it requires no PATH
|
|
|
|
|
2009-09-15 21:22:51 +02:00
|
|
|
13) Allow extension scripts for accounting chains.
|
|
|
|
|
2009-09-20 15:12:35 +02:00
|
|
|
14) Allow per-ip LIMIT to work on ancient iptables releases.
|
|
|
|
|
2009-09-25 22:15:56 +02:00
|
|
|
15) Add 'MARK' column to action body.
|
|
|
|
|
2009-08-14 23:46:31 +02:00
|
|
|
Changes in Shorewall 4.4.1
|
|
|
|
|
2009-08-18 17:44:55 +02:00
|
|
|
1) Deleted extra 'use ...IPAddrs.pm' from Nat.pm.
|
2009-08-14 23:46:31 +02:00
|
|
|
|
2009-08-15 17:15:38 +02:00
|
|
|
2) Deleted superfluous export from Chains.pm.
|
|
|
|
|
|
|
|
3) Added support for --persistent.
|
|
|
|
|
2009-08-16 18:24:51 +02:00
|
|
|
4) Don't do module initialization in an INIT block.
|
|
|
|
|
2009-08-18 17:44:55 +02:00
|
|
|
5) Minor performance improvements.
|
|
|
|
|
2009-08-23 19:43:01 +02:00
|
|
|
6) Add 'clean' target to Makefile.
|
|
|
|
|
2009-08-24 20:56:16 +02:00
|
|
|
7) Redefine 'full' for sub-classes.
|
|
|
|
|
2009-08-25 18:22:26 +02:00
|
|
|
8) Fix log level in rules at the end of INPUT and OUTPUT chains.
|
|
|
|
|
2009-08-26 21:44:10 +02:00
|
|
|
9) Fix nested ipsec zones.
|
|
|
|
|
2009-08-28 17:31:48 +02:00
|
|
|
10) Change one-interface sample to IP_FORWARDING=Off.
|
|
|
|
|
2009-09-03 00:30:26 +02:00
|
|
|
11) Allow multicast to non-dynamic zones defined with nets=.
|
2009-08-29 00:17:10 +02:00
|
|
|
|
2009-08-29 16:41:27 +02:00
|
|
|
12) Allow zones with nets= to be extended by /etc/shorewall/hosts
|
|
|
|
entries.
|
|
|
|
|
|
|
|
13) Don't allow nets= in a multi-zone interface definition.
|
2009-08-29 16:20:16 +02:00
|
|
|
|
2009-08-29 18:34:16 +02:00
|
|
|
14) Fix rule generated by MULTICAST=Yes
|
|
|
|
|
2009-08-30 17:05:10 +02:00
|
|
|
15) Fix silly hole in zones file parsing.
|
|
|
|
|
2009-08-31 23:19:15 +02:00
|
|
|
16) Tighen up zone membership checking.
|
|
|
|
|
2009-09-03 00:30:26 +02:00
|
|
|
17) Combine portlist-spitting routines into a single function.
|
|
|
|
|
2009-08-03 20:20:34 +02:00
|
|
|
Changes in Shorewall 4.4.0
|
|
|
|
|
|
|
|
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
|
|
|
|
2009-08-05 21:48:14 +02:00
|
|
|
2) Fix rule generation for logging nat rules with no exclusion.
|
|
|
|
|
2009-08-07 22:33:07 +02:00
|
|
|
3) Fix log record formatting.
|
|
|
|
|
2009-08-12 22:52:56 +02:00
|
|
|
4) Restore ipset binding
|
|
|
|
|
|
|
|
5) Fix 'upnpclient' with required interfaces.
|
|
|
|
|
2009-09-12 18:20:38 +02:00
|
|
|
6) Fix provider number in masq file.
|
2009-08-12 22:52:56 +02:00
|
|
|
|
2009-07-26 21:26:49 +02:00
|
|
|
Changes in Shorewall 4.4.0-RC2
|
|
|
|
|
|
|
|
1) Fix capabilities file with Shorewall6.
|
|
|
|
|
2009-07-26 21:29:37 +02:00
|
|
|
2) Allow Shorewall6 to recognize TC, IP and IPSET
|
|
|
|
|
|
|
|
3) Make 'any' a reserved zone name.
|
|
|
|
|
2009-07-29 23:35:27 +02:00
|
|
|
4) Correct handling of an ipsec zone nested in a non-ipsec zone.
|
2009-07-29 16:49:06 +02:00
|
|
|
|
2009-07-12 19:06:57 +02:00
|
|
|
Changes in Shorewall 4.4.0-RC1
|
|
|
|
|
|
|
|
1) Delete duplicate Git macro.
|
|
|
|
|
2009-07-15 22:03:49 +02:00
|
|
|
2) Fix routing when no providers.
|
|
|
|
|
2009-07-16 02:50:55 +02:00
|
|
|
3) Add 'any' as a SOURCE/DEST in rules.
|
|
|
|
|
|
|
|
4) Fix NONAT on child zone.
|
|
|
|
|
2009-07-21 21:32:25 +02:00
|
|
|
5) Fix rpm -U from earlier versions
|
|
|
|
|
|
|
|
6) Generate error on 'status' by non-root.
|
|
|
|
|
2009-07-24 23:51:24 +02:00
|
|
|
7) Get rid of prog.functions and prog.functions6
|
|
|
|
|
2009-06-30 03:33:13 +02:00
|
|
|
Changes in Shorewall 4.4.0-Beta4
|
|
|
|
|
2009-07-07 03:23:23 +02:00
|
|
|
1) Add more macros.
|
2009-06-30 06:05:23 +02:00
|
|
|
|
2009-07-12 19:06:57 +02:00
|
|
|
2) Correct broadcast address detection
|
|
|
|
|
|
|
|
3) Fix 'show dynamic'
|
|
|
|
|
|
|
|
4) Fix BGP and OSFP macros.
|
|
|
|
|
|
|
|
5) Change DISABLE_IPV6 default and use 'correct' ip6tables.
|
|
|
|
|
2009-06-30 03:33:13 +02:00
|
|
|
Changes in Shorewall 4.4.0-Beta3
|
2009-06-24 17:58:37 +02:00
|
|
|
|
|
|
|
1) Add new macros.
|
|
|
|
|
|
|
|
2) Work around mis-configured interfaces.
|
|
|
|
|
2009-06-25 00:28:43 +02:00
|
|
|
3) Fix 'show dynamic'.
|
|
|
|
|
2009-06-25 22:50:27 +02:00
|
|
|
4) Check for xt_LOG.
|
|
|
|
|
2009-06-29 17:14:53 +02:00
|
|
|
5) Fix 'findgw'
|
|
|
|
|
2009-06-14 23:29:12 +02:00
|
|
|
Changes in Shorewall 4.4.0-Beta2
|
|
|
|
|
|
|
|
1) The 'find_first_interface_address()' and
|
|
|
|
'find_first_interface_address_if_any()' functions have been restored to
|
|
|
|
lib.base.
|
|
|
|
|
2009-06-15 15:49:57 +02:00
|
|
|
2) Integerize r2q before inserting it into 'tc qdisc add root'
|
|
|
|
command.
|
|
|
|
|
|
|
|
3) Remove '-h' from the help text for install.sh in Shorewall and
|
|
|
|
Shorewall6.
|
|
|
|
|
|
|
|
4) Delete the 'continue' file from the Shorewall package.
|
2009-06-14 23:29:12 +02:00
|
|
|
|
2009-06-15 22:34:35 +02:00
|
|
|
5) Add 'upnpclient' interface option.
|
|
|
|
|
2009-06-17 21:03:05 +02:00
|
|
|
6) Fix handling of optional interfaces.
|
|
|
|
|
|
|
|
7) Add 'iptrace' and 'noiptrace' command.
|
|
|
|
|
2009-06-19 17:00:26 +02:00
|
|
|
8) Add 'USER/GROUP' column to masq file.
|
|
|
|
|
2009-06-20 18:35:08 +02:00
|
|
|
9) Added lib.private.
|
2009-06-19 23:39:45 +02:00
|
|
|
|
2009-06-13 00:51:43 +02:00
|
|
|
Changes in Shorewall 4.4.0-Beta1
|
2009-06-07 19:52:53 +02:00
|
|
|
|
2009-06-09 16:59:23 +02:00
|
|
|
1) Correct typo in Shorewall6 two-interface sample shorewall.conf.
|
2009-06-07 19:52:53 +02:00
|
|
|
|
2009-06-12 16:27:08 +02:00
|
|
|
2) Fix TOS mnemonic handling in /etc/shorewall/tcfilters.
|
|
|
|
|
2009-05-23 18:04:06 +02:00
|
|
|
Changes in Shorewall 4.3.12
|
|
|
|
|
|
|
|
1) Eliminate 'large quantum' warnings.
|
|
|
|
|
2009-05-24 19:06:36 +02:00
|
|
|
2) Add HFSC support.
|
|
|
|
|
2009-05-28 16:22:48 +02:00
|
|
|
3) Delete support for ipset binding. Jozsef has removed the capability
|
|
|
|
from ipset.
|
|
|
|
|
2009-05-29 01:41:14 +02:00
|
|
|
4) Add TOS and LENGTH columns to tcfilters file.
|
2009-05-28 23:29:33 +02:00
|
|
|
|
2009-05-31 19:21:37 +02:00
|
|
|
5) Fix 'reset' command.
|
|
|
|
|
2009-06-04 22:03:56 +02:00
|
|
|
6) Fix 'findgw'.
|
|
|
|
|
2009-06-05 19:51:30 +02:00
|
|
|
7) Remove 'norfc1918' support.
|
|
|
|
|
2009-05-05 23:21:34 +02:00
|
|
|
Changes in Shorewall 4.3.11
|
|
|
|
|
|
|
|
1) Reduce the number of arguments passed in may cases.
|
|
|
|
|
|
|
|
2) Fix SCTP source port handling in tcfilters.
|
|
|
|
|
2009-05-11 23:35:20 +02:00
|
|
|
3) Add 'findgw' user exit.
|
|
|
|
|
2009-05-16 02:22:33 +02:00
|
|
|
4) Add macro.Trcrt
|
|
|
|
|
2009-04-20 02:37:36 +02:00
|
|
|
Changes in Shorewall 4.3.10
|
|
|
|
|
2009-04-20 22:26:47 +02:00
|
|
|
1) Fix handling of shared optional providers.
|
|
|
|
|
|
|
|
2) Add WIDE_TC_MARKS option.
|
2009-04-20 02:37:36 +02:00
|
|
|
|
2009-04-21 18:41:23 +02:00
|
|
|
3) Allow compile to STDOUT.
|
|
|
|
|
2009-04-23 21:43:57 +02:00
|
|
|
4) Fix handling of class IDs.
|
|
|
|
|
2009-05-02 22:23:29 +02:00
|
|
|
5) Deprecate use of an interface in the SOURCE column of
|
|
|
|
/etc/shorewall/masq.
|
|
|
|
|
|
|
|
6) Fix handling of 'all' in the SOURCE of DNAT- rules.
|
2009-04-30 00:13:22 +02:00
|
|
|
|
2009-05-03 18:56:13 +02:00
|
|
|
7) Fix compile for export.
|
2009-05-03 18:01:33 +02:00
|
|
|
|
2009-05-04 21:04:04 +02:00
|
|
|
8) Optimize IPMARK.
|
|
|
|
|
2009-05-05 01:03:14 +02:00
|
|
|
9) Implement nested HTB classes.
|
|
|
|
|
2009-05-07 16:21:46 +02:00
|
|
|
10) Fix 'iprange' command.
|
|
|
|
|
2009-05-08 23:05:27 +02:00
|
|
|
11) Make traffic shaping work better with IPv6.
|
|
|
|
|
|
|
|
12) Externalize 'flow'.
|
|
|
|
|
2009-05-09 19:03:33 +02:00
|
|
|
13) Fix 'start' with AUTOMAKE=Yes
|
2009-05-09 19:00:33 +02:00
|
|
|
|
2009-04-09 20:45:21 +02:00
|
|
|
Changes in Shorewall 4.3.9
|
|
|
|
|
|
|
|
1) Logging rules now create separate chain.
|
|
|
|
|
2009-04-12 17:22:00 +02:00
|
|
|
2) Fix netmask genereation in tcfilters.
|
|
|
|
|
2009-04-17 18:04:54 +02:00
|
|
|
3) Allow Shorewall6 with kernel 2.6.24
|
|
|
|
|
2009-04-18 00:57:59 +02:00
|
|
|
4) Avoid 'Invalid BROADCAST address' errors.
|
|
|
|
|
2009-04-18 18:19:31 +02:00
|
|
|
5) Allow Shorewall6 on kernel 4.2.24:Shorewall/changelog.txt
|
|
|
|
|
2009-04-18 18:28:25 +02:00
|
|
|
6) Add IP, TC and IPSET options in shorewall.conf and shorewall6.conf.
|
|
|
|
|
2009-04-19 19:25:14 +02:00
|
|
|
7) Add IPMARK support
|
|
|
|
|
2009-03-17 19:51:17 +01:00
|
|
|
Changes in Shorewall 4.3.8
|
|
|
|
|
2009-03-19 15:04:57 +01:00
|
|
|
1) Apply Tuomo Soini's patch for USE_DEFAULT_RT.
|
2009-03-17 19:51:17 +01:00
|
|
|
|
2009-03-23 23:51:05 +01:00
|
|
|
2) Use 'startup_error' for those errors caught early.
|
|
|
|
|
|
|
|
3) Fix swping
|
|
|
|
|
2009-03-24 21:58:04 +01:00
|
|
|
4) Detect gateway via dhclient leases file.
|
|
|
|
|
2009-03-27 17:55:51 +01:00
|
|
|
5) Suppress leading whitespace on certain continuation lines.
|
|
|
|
|
2009-03-30 02:49:00 +02:00
|
|
|
6) Use iptables[6]-restore to stop the firewall.
|
|
|
|
|
2009-03-31 19:31:23 +02:00
|
|
|
7) Add AUTOMAKE option
|
|
|
|
|
2009-04-01 03:31:04 +02:00
|
|
|
8) Remove SAME support.
|
|
|
|
|
2009-04-02 03:12:34 +02:00
|
|
|
9) Allow 'compile' without a pathname.
|
|
|
|
|
2009-04-02 18:33:56 +02:00
|
|
|
10) Fix LOG_MARTIANS=Yes.
|
|
|
|
|
2009-04-07 19:35:06 +02:00
|
|
|
11) Adapt I. Buijs's hashlimit patch.
|
|
|
|
|
2009-03-02 04:25:16 +01:00
|
|
|
Changes in Shorewall 4.3.7
|
|
|
|
|
|
|
|
1) Fix forward treatment of interface options.
|
|
|
|
|
|
|
|
2) Replace $VARDIR/.restore with $VARDIR/firewall
|
|
|
|
|
2009-03-05 17:18:58 +01:00
|
|
|
3) Fix DNAT- parsing of DEST column.
|
|
|
|
|
2009-03-06 21:25:59 +01:00
|
|
|
4) Implement dynamic zones
|
|
|
|
|
2009-03-07 21:22:20 +01:00
|
|
|
5) Allow 'HOST' options on bridge ports.
|
|
|
|
|
2009-03-16 19:01:42 +01:00
|
|
|
6) Deprecate old macro parameter syntax.
|
|
|
|
|
2009-02-26 17:34:31 +01:00
|
|
|
Changes in Shorewall 4.3.6
|
|
|
|
|
|
|
|
1) Add SAME tcrules target.
|
|
|
|
|
|
|
|
2) Make 'dump' display the raw table. Fix shorewall6 dump anomalies.
|
|
|
|
|
2009-02-26 17:53:33 +01:00
|
|
|
3) Fix split_list1()
|
|
|
|
|
2009-02-27 02:17:59 +01:00
|
|
|
4) Fix Shorewall6 file location bugs.
|
|
|
|
|
2009-02-22 18:43:56 +01:00
|
|
|
Changes in Shorewall 4.3.5
|
2009-02-21 18:21:51 +01:00
|
|
|
|
2009-02-24 00:39:46 +01:00
|
|
|
1) Remove support for shorewall-shell.
|
|
|
|
|
2009-08-18 17:50:50 +02:00
|
|
|
2) Combine shorewall-common and shorewall-perl to produce shorewall.
|
2009-02-24 00:39:46 +01:00
|
|
|
|
|
|
|
3) Add nets= OPTION in interfaces file.
|
|
|
|
|
|
|
|
|