diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 55f789c08..91136222a 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -9,7 +9,25 @@ Problems Corrected since 2.0.0 ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1: -None. +1) The function of 'norfc1918' is now split between that option and a + new 'nobogons' option. + + The rfc1918 file released with Shorewall now contains entries for + only those three address ranges reserved by RFC 1918. A 'nobogons' + interface option has been added which handles bogon source + addresses (those which are reserved by the IANA, those reserved for + DHCP auto-configuration and the class C test-net reserved for + testing and documentation examples). This will allow users to + perform RFC 1918 filtering without having to deal with out + of date data from IANA. Those who are willing to update their + /usr/share/shorewall/bogons file regularly can specify the + 'nobogons' option in addition to 'norfc1918'. + + The level at which bogon packets are logged is specified in the new + BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not + specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then + bogon packets whose TARGET is 'logdrop' in + /usr/share/shorewall/bogons are logged at the 'info' level. New Features: @@ -17,15 +35,5 @@ New Features: http://shorewall.net/bridge.html -2) The rfc1918 file released with Shorewall now contains entries for - only those three address ranges reserved by RFC 1918. A new - 'nobogons' interface option has been added which handles bogon - source addresses (those which are reserved by the IANA, those - reserved for DHCP auto-configuration and the class C test-net - reserved for testing and documentation examples). This will allow - users to perform RFC 1918 filtering without having to deal with out - of date data from IANA. Those who are willing to update their - /usr/share/shorewall/bogons file regularly can specify the - 'nobogons' option in addition to 'norfc1918'. diff --git a/Shorewall2/shorewall.conf b/Shorewall2/shorewall.conf index 9a3b6511e..fd33ce411 100755 --- a/Shorewall2/shorewall.conf +++ b/Shorewall2/shorewall.conf @@ -171,9 +171,24 @@ RFC1918_LOG_LEVEL=info # Specifies the logging level for smurf packets dropped by the #'nosmurfs' interface option in /etc/shorewall/interfaces. If set to the empty # value ( SMURF_LOG_LEVEL="" ) then dropped smurfs are not logged. +# +# See the comment at the top of this section for a description of log levels +# SMURF_LOG_LEVEL=info +# +# BOGON Log Level +# +# Specifies the logging level for bogon packets dropped by the +#'nobogons' interface option in /etc/shorewall/interfaces. If set to the empty +# value ( BOGON_LOG_LEVEL="" ) then packets whose TARGET is 'logdrop' +# in /usr/share/shorewall/bogons are logged at the 'info' level. +# +# See the comment at the top of this section for a description of log levels +# + +BOGON_LOG_LEVEL=info ################################################################################ # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S ################################################################################