forked from extern/shorewall_code
Fix ZONE type check in tunnels file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e925f2fce5
commit
6e73d52321
@ -1,3 +1,7 @@
|
||||
Changes in 4.0.0 RC 2
|
||||
|
||||
1) Fix zone type check in Tunnels File.
|
||||
|
||||
Changes in 4.0.0 RC 1
|
||||
|
||||
1) shorewall-perl RPM no longer installable under shorewall 3.4.
|
||||
|
@ -1,4 +1,4 @@
|
||||
Shorewall 4.0.0 RC 1
|
||||
Shorewall 4.0.0 RC 2
|
||||
----------------------------------------------------------------------------
|
||||
R E L E A S E H I G H L I G H T S
|
||||
----------------------------------------------------------------------------
|
||||
@ -12,9 +12,12 @@ Shorewall 4.0.0 RC 1
|
||||
- Shorewall-shell ( the shell-based compiler )
|
||||
- Shorewall-perl (the Perl-based compiler )
|
||||
|
||||
You must install Shorewall-common and at least one of the compiler
|
||||
packages (you may install them both). See the Migration
|
||||
Considerations below for further information.
|
||||
You must install at least one of the compiler packages (you may
|
||||
install them both) along with Shorewall-common.
|
||||
|
||||
YOU DO NOT NEED TO UNINSTALL ANY OF YOUR CURRENT PACKAGES.
|
||||
|
||||
See the Migration Considerations below for further information.
|
||||
|
||||
3) The facilities for supporting bridge/firewalls under earlier
|
||||
releases are deprecated and their documentation is omitted from the
|
||||
@ -22,49 +25,14 @@ Shorewall 4.0.0 RC 1
|
||||
Shorewall-perl compiler. This support utilizes the reduced-function
|
||||
physdev match support available in Linux kernel 2.6.20 and later.
|
||||
|
||||
Problems corrected in 4.0.0 RC 1.
|
||||
Problems corrected in 4.0.0 RC 2.
|
||||
|
||||
1) If 'routeback' and 'detectnets' were specified on an interface,
|
||||
limited broadcasts (to 255.255.255.255) and multicasts were dropped
|
||||
when forwarded through the interface. This could cause broadcast
|
||||
and multicast based applications to fail when running through a
|
||||
bridge with 'detectnets'.
|
||||
1) Shorewall-perl now correctly permits zones of type 'ipsec' in the
|
||||
ZONE column of /etc/shorewall/tunnels.
|
||||
|
||||
2) Entries in the hosts file are now more carefully validated by
|
||||
Shorewall-perl. Previously, very obvious typing errors would result
|
||||
in run-time errors.
|
||||
Other changes in Shorewall 4.0.0 RC 2.
|
||||
|
||||
3) "shorewall start" and "shorewall restart" with Shorewall-perl no
|
||||
longer fail on SELinux due to iptables-restore not being allowed to
|
||||
read from /var.
|
||||
|
||||
4) ipsec zones are now allowed in the GATEWAY ZONE(S) column when
|
||||
using Shorewall-perl.
|
||||
|
||||
5) A fatal error is now raised if the Shorewall-perl compiler is
|
||||
unable to secure the output file for execute access.
|
||||
|
||||
6) Shell variables that have a value of zero are now handled
|
||||
correctly.
|
||||
|
||||
Other changes in Shorewall 4.0.0 RC 1.
|
||||
|
||||
1) The shorewall-perl RPM may no longer be installed under Shorewall
|
||||
3.4. It requires shorewall-common.
|
||||
|
||||
2) The Shorewall-perl compiler's CPU utilization has been reduced
|
||||
further.
|
||||
|
||||
3) ":noah" is now the default for all IPSEC tunnels. Tunnels that use
|
||||
AH (protocol 51) must specify "ipsec:ah" in the TYPE column.
|
||||
|
||||
4) The 'refresh' command has been restored. It now behaves like
|
||||
'restart' except:
|
||||
|
||||
- 'refresh' fails if Shorewall is not started.
|
||||
- A directory name cannot be passed to 'refresh'.
|
||||
- 'refresh' only rebuilds the static blacklist whereas 'restore'
|
||||
rebuilds the entire Netfilter ruleset.
|
||||
None.
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
|
@ -81,7 +81,8 @@ sub setup_tunnels() {
|
||||
unless ( $gatewayzones eq '-' ) {
|
||||
for my $zone ( split /,/, $gatewayzones ) {
|
||||
fatal_error "Unknown zone ($zone)" unless $zones{$zone};
|
||||
fatal_error "Invalid zone ($zone)" if $zones{$zone}{type} eq 'firewall';
|
||||
my $type = $zones{$zone}{type};
|
||||
fatal_error "Invalid zone ($zone) for GATEWAY ZONE" if $type eq 'firewall' || $type eq 'bport4';
|
||||
$inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
|
||||
$outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;
|
||||
|
||||
@ -227,7 +228,9 @@ sub setup_tunnels() {
|
||||
|
||||
fatal_error "Unknown zone ($zone)" unless $zones{$zone};
|
||||
|
||||
fatal_error "Invalid zone ($zone)" unless $zones{$zone}{type} eq 'ipv4';
|
||||
my $zonetype = $zones{$zone}{type};
|
||||
|
||||
fatal_error "Invalid zone ($zone) for tunnel ZONE" if $zonetype eq 'firewall' || $zonetype eq 'bport4';
|
||||
|
||||
my $inchainref = ensure_filter_chain "${zone}2${firewall_zone}", 1;
|
||||
my $outchainref = ensure_filter_chain "${firewall_zone}2${zone}", 1;
|
||||
|
@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
|
||||
license is included in the section entitled “<a href="GnuCopyright.htm"
|
||||
target="_self">GNU Free Documentation License</a>”.</p>
|
||||
|
||||
<p>2007-06-29</p>
|
||||
<p>2007-07-05</p>
|
||||
<hr style="width: 100%; height: 2px;">
|
||||
|
||||
<h2>Table of Contents</h2>
|
||||
@ -131,20 +131,20 @@ is 3.2.10<br>
|
||||
href="http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.10/errata/">updates</a>.</li>
|
||||
</ul>
|
||||
The <span style="font-weight: bold;">current Development Release</span> is
|
||||
4.0.0 Beta 7
|
||||
4.0.0 RC1
|
||||
<ul>
|
||||
<li>Here are the <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/releasenotes.txt">release
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/releasenotes.txt">release
|
||||
notes</a> <br>
|
||||
</li>
|
||||
<li>Here are the <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/known_problems.txt">known
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/known_problems.txt">known
|
||||
problems</a> and <a
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-Beta7/errata/">updates</a>.</li>
|
||||
href="http://www1.shorewall.net/pub/shorewall/development/4.0/shorewall-4.0.0-RC1/errata/">updates</a>.</li>
|
||||
</ul>
|
||||
|
||||
<div style="margin-left: 40px;">
|
||||
Read about the <a href="Shorewall-4.html">New Development Release
|
||||
Read about the <a href="4.0/Shorewall-4.html">New Development Release
|
||||
here</a>.<br>
|
||||
</div>
|
||||
</div>
|
||||
|
Loading…
Reference in New Issue
Block a user