Document duplicate policy detection change

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6972 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-07-27 04:25:56 +00:00 · 2007-07-27 04:25:56 +00:00 · 7a6ac0a561
commit 7a6ac0a561
parent 48b993f0cf
3 changed files with 27 additions and 0 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -14,6 +14,8 @@ Changes in 4.0.1

 7)  Be sure that chkconfig runs after upgrade from < 4.0.0

+8)  Better out-of-order policy detection.
+
 Changes in 4.0.0 Final

 1)  Fix lite install.sh manpage problem.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -73,6 +73,12 @@ Problems corrected in 4.0.1.
    4.0.0. Previously, Shorewall was not started automatically after an
    upgrade using the RPM.

+9)  Shorewall-perl now detects dead policy file entries that result
+    when an entry is masked by an earlier entry. Example:
+
+	 all	 all	  REJECT    info
+	 loc	 net	  ACCEPT
+
 Other changes in Shorewall 4.0.1.

 1)  A new EXPAND_POLICIES option is added to shorewall.conf. The
@ -670,6 +676,14 @@ Migration Considerations:
     w) The PKTTYPE option is ignored by Shorewall-perl. Shorewall-perl 
        will use Address type match if it is available; otherwise, it 
 	will behave as if PKTTYPE=No had been specified.
+
+     x) Shorewall-perl detects dead policy file entries that result
+        when an entry is masked by an earlier more general
+        entry. Example:
+
+	 all	 all	  REJECT    info
+	 loc	 net	  ACCEPT
+
    ------------------------------------------------------------------------
                      P R E R E Q U I S I T E S
    ------------------------------------------------------------------------
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -491,6 +491,17 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>
            available; otherwise, they will behave as if PKTTYPE=No had been
            specified.</para>
          </listitem>
+
+          <listitem>
+            <para> Shorewall-perl detects dead policy file entries that result
+            when an entry is masked by an earlier more general entry.</para>
+
+            <para>Example:</para>
+
+            <programlisting>#SOURCE DEST     POLICY    LOG LEVEL
+all     all      REJECT    info
+loc     net      ACCEPT</programlisting>
+          </listitem>
        </orderedlist>
      </listitem>