Update Shorewall-perl migration issues

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9277 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-01-12 23:57:02 +00:00
parent de038dad1b
commit 48b85c5353

View File

@ -148,7 +148,8 @@
<listitem>
<para>The refresh command does not alter the Netfilter
configuration except for the static blacklist.</para>
configuration except for the static blacklist (it also refreshes
the mangle table, beginning with Shorewall 4.2.0).</para>
</listitem>
</itemizedlist>
</listitem>
@ -186,23 +187,13 @@
<row>
<entry>maclog</entry>
<entry>initdone</entry>
<entry></entry>
<entry>start</entry>
</row>
<row>
<entry>Per-chain (including those associated with
actions)</entry>
<entry>start</entry>
<entry></entry>
</row>
<row>
<entry></entry>
<entry>started</entry>
<entry></entry>
@ -518,6 +509,32 @@ ACCEPT loc:eth0:192.168.1.3,192.168.1.5 $FW tcp 22</programlisting>Wit
ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5 $fw tcp 22</programlisting>
Shorewall-perl does not support this alternative syntax.</para>
</listitem>
<listitem>
<para>Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
if a zone name is entered in the DEST column of a
<firstterm>nonat</firstterm> rule. Nonat rules include:</para>
<itemizedlist>
<listitem>
<para>DNAT-</para>
</listitem>
<listitem>
<para>REDIRECT-</para>
</listitem>
<listitem>
<para>NONAT</para>
</listitem>
</itemizedlist>
<para>So rather than this:<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT- net loc:192.168.1.3 tcp 21</programlisting></para>
<para>you instead want:<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
DNAT- net 192.168.1.3 tcp 21</programlisting></para>
</listitem>
</orderedlist>
</section>