shorewall_code/Shorewall/known_problems.txt

Known problems in Shorewall 4.4.8

1)  Logical interface names in the EXTERNAL column of
    /etc/shorewall/proxyarp were previously not mapped to their
    corresponding physical interface names. This could cause 'start' or
    'restart' to fail.

    Corrected in Shorewall 4.4.8.1

2)  If find_first_interface_address() cannot determine the address of
    the passed interface, the following message is issued and the
    process continues:

    	    /usr/share/shorewall/lib.common: line 438:
                startup_error: command not found

    Corrected in Shorewall 4.4.8.1

3)  If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script
    is executed, messages such as the following will be issued:

       /var/lib/shorewall6/.restart: line 65: [: -gt: unary operator
                                              expected

    Corrected in Shorewall 4.4.8.1

4)  With optimize 4, if an unnecessary NONAT rule is included in
    /etc/shorewall/rules, 'shorewall start' and/or 'shorewall restart'
    can fail with invalid iptables-restore input.

    Corrected in Shorewall 4.4.8.2

5)  The -lite products are inconsistent in how they referred to their
    startup log. Some references included '-lite' where some did
    not. This was particularly bad in the case of the Shorewall-lite
    logrotate file which duplicated the name used by the Shorewall
    package. This inconsistency could cause logrotate to fail if both
    packages were installed.

    Corrected in Shorewall 4.4.8.2

6)  Wildcard interface names (those ending in '+') can result in
    iptables-restore failure with optimize 4.

    Corrected in Shorewall 4.4.8.3

7)  Invalid iptables-restore input involving the 'tcpre'
    mangle chain is possible with optimize 4.

    Corrected in Shorewall 4.4.8.3

8)  A couple of fixes to the 4.4.8.2 change for startup log naming are
    included. The main symptom occurred on Debian systems where perl
    reported that /etc/shorewall.conf did not exist.

    Corrected in Shorewall 4.4.8.3

9)  If OPTIMIZE 2 and there are no OUTPUT rules and the only effective
    output policy is $FW->all ACCEPT, then the OUTPUT chain is empty
    and no packets can be sent.

    Corrected in Shorewall 4.4.8.4
Document optimization 2 fix. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-04-22 20:51:17 +02:00			`Known problems in Shorewall 4.4.8`

Document correction of EXTERNAL handling in the proxyarp file Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-03-25 19:47:59 +01:00			`1) Logical interface names in the EXTERNAL column of`
			`/etc/shorewall/proxyarp were previously not mapped to their`
			`corresponding physical interface names. This could cause 'start' or`
			`'restart' to fail.`

			`Corrected in Shorewall 4.4.8.1`

Update release documents Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-04-07 23:49:33 +02:00			`2) If find_first_interface_address() cannot determine the address of`
			`the passed interface, the following message is issued and the`
			`process continues:`

			`/usr/share/shorewall/lib.common: line 438:`
			`startup_error: command not found`

			`Corrected in Shorewall 4.4.8.1`

			`3) If LOG_VERBOSITY=0 in shorewall.conf, then when the compiled script`
			`is executed, messages such as the following will be issued:`

			`/var/lib/shorewall6/.restart: line 65: [: -gt: unary operator`
			`expected`

			`Corrected in Shorewall 4.4.8.1`
Update release documents. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-04-10 21:20:12 +02:00
			`4) With optimize 4, if an unnecessary NONAT rule is included in`
			`/etc/shorewall/rules, 'shorewall start' and/or 'shorewall restart'`
			`can fail with invalid iptables-restore input.`

			`Corrected in Shorewall 4.4.8.2`

			`5) The -lite products are inconsistent in how they referred to their`
			`startup log. Some references included '-lite' where some did`
			`not. This was particularly bad in the case of the Shorewall-lite`
			`logrotate file which duplicated the name used by the Shorewall`
			`package. This inconsistency could cause logrotate to fail if both`
			`packages were installed.`

			`Corrected in Shorewall 4.4.8.2`

Document optimization 2 fix. Signed-off-by: Tom Eastep <teastep@shorewall.net> 2010-04-22 20:51:17 +02:00			`6) Wildcard interface names (those ending in '+') can result in`
			`iptables-restore failure with optimize 4.`

			`Corrected in Shorewall 4.4.8.3`

			`7) Invalid iptables-restore input involving the 'tcpre'`
			`mangle chain is possible with optimize 4.`

			`Corrected in Shorewall 4.4.8.3`

			`8) A couple of fixes to the 4.4.8.2 change for startup log naming are`
			`included. The main symptom occurred on Debian systems where perl`
			`reported that /etc/shorewall.conf did not exist.`

			`Corrected in Shorewall 4.4.8.3`

			`9) If OPTIMIZE 2 and there are no OUTPUT rules and the only effective`
			`output policy is $FW->all ACCEPT, then the OUTPUT chain is empty`
			`and no packets can be sent.`

			`Corrected in Shorewall 4.4.8.4`