forked from extern/shorewall_code
Document fix for ORIGINAL DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
1f362b32f2
commit
54f368c413
@ -1,6 +1,7 @@
|
|||||||
Changes in Shorewall 4.4.19.2
|
Changes in Shorewall 4.4.19.2
|
||||||
|
|
||||||
None.
|
1) Restore the ability to have IPSET names in the ORIGINAL DEST column
|
||||||
|
of a DNAT or REDIRECT rule.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.19.1
|
Changes in Shorewall 4.4.19.1
|
||||||
|
|
||||||
|
|||||||
@ -15,7 +15,20 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
|
|
||||||
4.4.19.2
|
4.4.19.2
|
||||||
|
|
||||||
None.
|
1) In Shorewall-shell, there was the ability to specify IPSET names in
|
||||||
|
the ORIGINAL DEST column of DNAT and REDIRECT rules. That ability,
|
||||||
|
inadvertently dropped in Shorewall-perl, has been restored.
|
||||||
|
|
||||||
|
CAUTION: When an IPSET is used in this way, the server port is
|
||||||
|
opened from the SOURCE zone.
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
DNAT net dmz:10.1.1.2 tcp 80 - +foo
|
||||||
|
|
||||||
|
will implicitly add this rule
|
||||||
|
|
||||||
|
ACCEPT net dmz:10.1.1.2 tcp 80
|
||||||
|
|
||||||
4.4.19.1
|
4.4.19.1
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user