diff --git a/Samples/three-interfaces/masq b/Samples/three-interfaces/masq index b9f6e3a8e..2ce6874b5 100755 --- a/Samples/three-interfaces/masq +++ b/Samples/three-interfaces/masq @@ -6,6 +6,11 @@ # Use this file to define dynamic NAT (Masquerading) and to define # Source NAT (SNAT). # +# WARNING: If you have more than one ISP, adding entries to this +# file will *not* force connections to go out through a particular +# ISP. You must use PREROUTING entries in /etc/shorewall/tcrules +# to do that. +# # Columns are: # # INTERFACE -- Outgoing interface. This is usually your internet diff --git a/Samples/two-interfaces/masq b/Samples/two-interfaces/masq index f9adf3f73..a820e69a6 100755 --- a/Samples/two-interfaces/masq +++ b/Samples/two-interfaces/masq @@ -6,6 +6,11 @@ # Use this file to define dynamic NAT (Masquerading) and to define # Source NAT (SNAT). # +# WARNING: If you have more than one ISP, adding entries to this +# file will *not* force connections to go out through a particular +# ISP. You must use PREROUTING entries in /etc/shorewall/tcrules +# to do that. +# # Columns are: # # INTERFACE -- Outgoing interface. This is usually your internet diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 7d71cd371..00054fa9f 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -7,6 +7,8 @@ Changes in 3.0.1 3) Add Farkas ordering to generated SOURCE and DEST column when expanding macros. +4) Clarify PORTS column in blacklist file. + Changes in 3.0.0 Final None. diff --git a/Shorewall/masq b/Shorewall/masq index 4c8e72d98..92582f43c 100755 --- a/Shorewall/masq +++ b/Shorewall/masq @@ -6,6 +6,11 @@ # Use this file to define dynamic NAT (Masquerading) and to define # Source NAT (SNAT). # +# WARNING: If you have more than one ISP, adding entries to this +# file will *not* force connections to go out through a particular +# ISP. You must use PREROUTING entries in /etc/shorewall/tcrules +# to do that. +# # Columns are: # # INTERFACE -- Outgoing interface. This is usually your internet @@ -80,7 +85,7 @@ # a port range with the format - # . If this is done, you must # specify "tcp" or "udp" in the PROTO column. -# +# # Examples: # # 192.0.2.4:5000-6000 @@ -117,12 +122,12 @@ # /etc/services) separated by commas or you # may list a single port range # (:). -# +# # Where a comma-separated list is given, your # kernel and iptables must have multiport match # support and a maximum of 15 ports may be # listed. -# +# # IPSEC -- (Optional) If you specify a value other than "-" in this # column, you must be running kernel 2.6 and # your kernel and iptables must include policy diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 187263418..e5643c532 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -13,6 +13,10 @@ Problems Corrected in 3.0.1 ("-") appeared in the corresponding column of an invocation of that macro, then an invalid rule was generated. +4) The comments in the /etc/shorewall/blacklist file have been updated to + clarify that the PORTS column refers to destination port number/service + names. + New Features in 3.0.1 1) To make the macro facility more flexible, Shorewall now examines the