holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Remove ROUTE target detections/reporting

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2923 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-24 19:43:53 +00:00
parent abf477019c
commit 7630bace28
3 changed files with 13 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -1,3 +1,7 @@
Changes in 3.0.0 RC 3.
1) ROUTE target removed from capabilities.
Changes in 3.0.0 RC 2. Changes in 3.0.0 RC 2.
1) Fix support for OpenVPN and tcp. 1) Fix support for OpenVPN and tcp.

3
Shorewall/functions
View File

@ -893,7 +893,6 @@ determine_capabilities() {
RECENT_MATCH= RECENT_MATCH=
OWNER_MATCH= OWNER_MATCH=
IPSET_MATCH= IPSET_MATCH=
ROUTE_TARGET=
XMARK= XMARK=
CONNMARK= CONNMARK=
CONNMARK_MATCH= CONNMARK_MATCH=
@ -914,7 +913,6 @@ determine_capabilities() {
qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT && IPP2P_MATCH=Yes qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT && IPP2P_MATCH=Yes
qt $IPTABLES -t mangle -N fooX1234 qt $IPTABLES -t mangle -N fooX1234
qt $IPTABLES -t mangle -A fooX1234 -j ROUTE --oif eth0 && ROUTE_TARGET=Yes
qt $IPTABLES -t mangle -A fooX1234 -j MARK --or-mark 2 && XMARK=Yes qt $IPTABLES -t mangle -A fooX1234 -j MARK --or-mark 2 && XMARK=Yes
qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark && CONNMARK=Yes qt $IPTABLES -t mangle -A fooX1234 -j CONNMARK --save-mark && CONNMARK=Yes
qt $IPTABLES -t mangle -A fooX1234 -j CLASSIFY --set-class 1:1 && CLASSIFY_TARGET=Yes qt $IPTABLES -t mangle -A fooX1234 -j CLASSIFY --set-class 1:1 && CLASSIFY_TARGET=Yes
@ -965,7 +963,6 @@ report_capabilities() {
report_capability "Recent Match" $RECENT_MATCH report_capability "Recent Match" $RECENT_MATCH
report_capability "Owner Match" $OWNER_MATCH report_capability "Owner Match" $OWNER_MATCH
report_capability "Ipset Match" $IPSET_MATCH report_capability "Ipset Match" $IPSET_MATCH
report_capability "ROUTE Target" $ROUTE_TARGET
report_capability "Extended MARK Target" $XMARK report_capability "Extended MARK Target" $XMARK
report_capability "CONNMARK Target" $CONNMARK report_capability "CONNMARK Target" $CONNMARK
report_capability "Connmark Match" $CONNMARK_MATCH report_capability "Connmark Match" $CONNMARK_MATCH

31
Shorewall/releasenotes.txt
View File

@ -1,26 +1,10 @@
Shorewall 3.0.0 RC 2. Shorewall 3.0.0 RC 3.
Problems Corrected in 3.0.0 RC 2: Problems Corrected in 3.0.0 RC 3:
1) Support for OpenVPN TCP tunnels was released in Shorewall 2.2.0 but the 1) Shorewall no longer has any functionality that is dependent on the
implementation was incomplete. It has now been completed and is Netfilter ROUTE target so detection and reporting of that target
documented in the /etc/shorewall/tunnels file. has been removed.
2) When running on older kernels, the following message could be issued
during "shorewall start":
/usr/share/shorewall/firewall: line 1: \
/proc/sys/net/ipv4/conf/all/arp_ignore: No such file or directory
3) The /etc/shorewall/interfaces now clarifies that multiple interfaces
to a zone are supported.
New Features in Shorewall 3.0.0 RC 2:
1) The sample configurations are now packaged with the product. They are
in the Samples directory on the tarball and are in the RPM they are
in the Samples sub-directory of the Shorewall documentation
directory.
Migration Considerations: Migration Considerations:
@ -572,4 +556,7 @@ New Features in Shorewall 3.0.*
the REJECT target may not be used in the PREROUTING chain, the settings the REJECT target may not be used in the PREROUTING chain, the settings
MACLIST_DISPOSITION=REJECT and MACLIST_TABLE=mangle are incompatible. MACLIST_DISPOSITION=REJECT and MACLIST_TABLE=mangle are incompatible.
28) The sample configurations are now packaged with the product. They are
in the Samples directory on the tarball and are in the RPM they are
in the Samples sub-directory of the Shorewall documentation
directory.