forked from extern/shorewall_code
Document fix for IPSETs and ORIGINAL DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
27f1c494a0
commit
4a4d74b52b
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 1
|
||||
|
||||
1) Apply Togan's patch for installation flexibility.
|
||||
|
||||
2) Restore use of IPSETS in the ORIGINAL DEST column.
|
||||
|
||||
Changes in Shorewall 4.4.19.1
|
||||
|
||||
1) Eliminate silly duplicate rule when stopped.
|
||||
|
@ -39,6 +39,19 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
DNAT and REDIRECT rules. That capability, inadvertently dropped in
|
||||
Shorewall-perl, has now been restored.
|
||||
|
||||
Please note, however, that using an IPSET in this way will open the
|
||||
server port from the SOURCE zone.
|
||||
|
||||
Example:
|
||||
|
||||
This rule:
|
||||
|
||||
DNAT net dmz:10.1.10.2 tcp 80 - +foo
|
||||
|
||||
will implicitly add this rule:
|
||||
|
||||
ACCEPT net dmz:10.1.10.2 tcp 80
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||
----------------------------------------------------------------------------
|
||||
|
Loading…
Reference in New Issue
Block a user