Document fix for ORIGINAL DEST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-28 12:21:59 -07:00 · 2011-04-28 12:21:59 -07:00 · 54f368c413
commit 54f368c413
parent 1f362b32f2
2 changed files with 16 additions and 2 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,6 +1,7 @@
 Changes in Shorewall 4.4.19.2

-None.
+1)  Restore the ability to have IPSET names in the ORIGINAL DEST column
+    of a DNAT or REDIRECT rule.

 Changes in Shorewall 4.4.19.1

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -15,7 +15,20 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES

 4.4.19.2

-None.
+1)  In Shorewall-shell, there was the ability to specify IPSET names in
+    the ORIGINAL DEST column of DNAT and REDIRECT rules. That ability,
+    inadvertently dropped in Shorewall-perl, has been restored.
+
+    CAUTION: When an IPSET is used in this way, the server port is
+    opened from the SOURCE zone. 
+
+    Example:
+
+	DNAT	net	dmz:10.1.1.2	tcp	80	-	+foo
+
+    will implicitly add this rule
+
+	ACCEPT	net	dmz:10.1.1.2	tcp	80	

 4.4.19.1