Fix some problems in the Release Notes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2844 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-10 14:57:56 +00:00 · 2005-10-10 14:57:56 +00:00 · 799d579a15
commit 799d579a15
parent a7511e1469
1 changed files with 22 additions and 26 deletions
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -207,7 +207,7 @@ Migration Considerations:
    TC_ENABLED=internal then tc4shorewall will be used.   If the option is
    set to Yes then Shorewall will continue to look for a 'tcstart' script.
-New Features in Shorewall 2.5.*
+New Features in Shorewall 3.0.*
 1) Error and warning messages are made easier to spot by using
   capitalization (e.g., ERROR: and WARNING:).
@ -349,9 +349,9 @@ New Features in Shorewall 2.5.*
 7)  A new FASTACCEPT option has been added to shorewall.conf.
-    Normally, Shorewall accepting ESTABLISHED/RELATED packets until
+    Normally, Shorewall defers accepting ESTABLISHED/RELATED packets
-    these packets reach the chain in which the original connection was
+    until these packets reach the chain in which the original connection
-    accepted. So for packets going from the 'loc' zone to the 'net'
+    was accepted. So for packets going from the 'loc' zone to the 'net'
    zone, ESTABLISHED/RELATED packets are ACCEPTED in the 'loc2net'
    chain.
@ -385,19 +385,15 @@ New Features in Shorewall 2.5.*
    That rule would allow loc->net HTTP access from the local
    network 10.0.0.0/24 except for hosts 10.0.0.4 and 10.0.0.22.
-10) You may now specify "!" followed by a list of addresses in the
+10) Tunnel types "openvpnserver" and "openvpnclient" have been added
    SOURCE and DEST columns of entries in /etc/shorewall/tcrules and
    Shorewall will generate the rule that you expect.
 11) Tunnel types "openvpnserver" and "openvpnclient" have been added
    to reflect the introduction of client and server OpenVPN
    configurations in OpenVPN 2.0.
-12) The COMMAND variable is now set to 'restore' in restore
+11) The COMMAND variable is now set to 'restore' in restore
    scripts. The value of this variable is sometimes of interest to
    programmers providing custom /etc/shorewall/tcstart scripts.
-13) Previously, if you defined any intra-zone rule(s) then any traffic
+12) Previously, if you defined any intra-zone rule(s) then any traffic
    not matching the rule(s) was subject to normal policies (which
    usually turned out to involve the all->all REJECT policy). Now, the
    intra-zone ACCEPT policy will still be in effect in the presense of
@ -417,7 +413,7 @@ New Features in Shorewall 2.5.*
    #SOURCE	DEST	POLICY	LOG LEVEL
    loc		loc	ACCEPT	info
-14) Prior to Shorewall 2.5.3, the rules file only controlled packets in
+13) Prior to Shorewall 2.5.3, the rules file only controlled packets in
    the Netfilter states NEW and INVALID. Beginning with this release,
    the rules file can also deal with packets in the ESTABLISHED and
    RELATED states.
@ -456,12 +452,12 @@ New Features in Shorewall 2.5.*
    /etc/shorewall.shorewall.conf then the ESTABLISHED and RELATED
    sections must be empty.
-15) The value 'ipp2p' is once again allowed in the PROTO column of
+14) The value 'ipp2p' is once again allowed in the PROTO column of
    the rules file. It is recommended that rules specifying 'ipp2p'
    only be included in the ESTABLISHED section of the file.
-16) Shorewall actions lack a generalized way to pass parameters to an
+15) Shorewall actions lack a generalized way to pass parameters to an
    extension script associated with an action. To work around this
    lack, some users have used the log tag as a parameter. This works
    but requires that a log level other than 'none' be specified when
@ -484,17 +480,17 @@ New Features in Shorewall 2.5.*
    Now, $1 = these, $2 = are and $3 = parameters
-17) The "shorewall check" command now checks the /etc/shorewall/masq,
+16) The "shorewall check" command now checks the /etc/shorewall/masq,
    /etc/shorewall/blacklist, /etc/shorewall/proxyarp,
    /etc/shorewall/nat and /etc/shorewall/providers files.
-18) Arne Bernin's "tc4shorewall" package has been integrated into
+17) Arne Bernin's "tc4shorewall" package has been integrated into
    Shorewall. Arne will be providing documentation and support for
    this part of Shorewall.
    Thanks, Arne!
-19) When /usr/share/shorewall/functions is loaded it now sets
+18) When /usr/share/shorewall/functions is loaded it now sets
 	 SHOREWALL_LIBRARY=Loaded
@ -502,7 +498,7 @@ New Features in Shorewall 2.5.*
    variable to determine if the library has been loaded into the
    current shell process.
-20) The install.sh script now does a much cleaner job of backing up the
+19) The install.sh script now does a much cleaner job of backing up the
    current installation. It copies the directories /etc/shorewall,
    /usr/share/shorewall and /var/lib/shorewall to a directory of the
    same name with "-$VERSION.bkout" appended. The init script and
@ -514,7 +510,7 @@ New Features in Shorewall 2.5.*
 	   rm -rf /usr/share/shorewall-*.bkout
 	   rm -rf /var/lib/shorewall-*.bkout
-21) A new '-n' option has been added to the "start", "restart",
+20) A new '-n' option has been added to the "start", "restart",
    "restore",  "stop" and "try" commands. This option instructs
    Shorewall to not alter the routing in any way.
@ -522,27 +518,27 @@ New Features in Shorewall 2.5.*
    it prevents the route cache from being flushed which preserves the
    mapping of end-point address pairs to routes.
-22) The output of "shorewall dump" now includes a capabilities report
+21) The output of "shorewall dump" now includes a capabilities report
    such as the one produced by "shorewall show capabilities".
-23) The "plain" zone type has been replaced by "ipv4". The types
+22) The "plain" zone type has been replaced by "ipv4". The types
    "IPv4" and "IPV4" are synonyms for "ipv4". In addition, "IPSEC",
    "ipsec4" and "IPSEC4" are recognized synonyms for "ipsec".
-24) The NEWNOTSYN and LOGNEWNOTSYN options in shorewall.conf have been
+23) The NEWNOTSYN and LOGNEWNOTSYN options in shorewall.conf have been
    removed as have the 'newnotsyn' options in /etc/shorewall/interfaces
    and /etc/shorewall/hosts. See the Migration Considerations for
    instructions if you wish to block "new-not-syn" TCP packets.
-25) The "shorewall show zones" command now displays the zone type. You
+24) The "shorewall show zones" command now displays the zone type. You
    must have restarted Shorewall using this release before this feature
    will work correctly.
-26) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes
+25) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes
    in shorewall.conf. This is done to ensure that "shorewall refresh" will
    work correctly.
-27) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
+26) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
    keyword in the PROTOCOL column of the relevant files, the following
    values may be specified:
@ -552,7 +548,7 @@ New Features in Shorewall 2.5.*
 	ipp2p:all           Matches both UDP and TCP traffic. You may
 			    not specify a SOURCE PORT with this PROTOCOL.
-28) Normally MAC verification triggered by the 'maclist' interface and host
+27) Normally MAC verification triggered by the 'maclist' interface and host
    options is done out of the INPUT and FORWARD chains of the filter table.
    Users have reported that under some circumstances, MAC verification is
    failing for forwarded packets when the packets are being forwarded out