Clean up release notes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-05-23 06:55:54 -07:00
parent 54f9a0e671
commit 7c250cd5b3

View File

@ -33,17 +33,18 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
1) The implementation of the environmental variables LIBEXEC and
PERLLIB that was introduced in 4.4.19 has been changed
slightly. The installers now allow absolute path names to be
supplied so that the executables and/or Perl modules may be
installed under a top-level directory other than /usr. The change
is compatible with 4.4.19 in that if a relative path name is
supplied, then '/usr/' is prepended to the name.
supplied in these variables so that the executables and/or Perl
modules may be installed under a top-level directory other than
/usr. The change is compatible with 4.4.19 in that if a relative
path name is supplied, then '/usr/' is prepended to the supplied
name.
2) A new ACCOUNTING_TABLE option has been added to shorewall.conf and
shorwall6.conf. The setting determines the Netfilter table (filter
shorewall6.conf. The setting determines the Netfilter table (filter
or mangle) where accounting rules are created.
When ACCOUNTING_TABLE=mangle, the allowable sections in the
accounting file are as follows:
When ACCOUNTING_TABLE=mangle, the allowable accounting file
sections are:
PREROUTING
INPUT
@ -74,11 +75,13 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
release.
Use 'shorewall show capabilities' after installing this release
to see if your kernel/iptables support the AUDIT target.
to see if your kernel and iptables support the AUDIT target.
b) In /etc/shorewall/policy's POLICY column, the policy (and
default action, if any) may be followed by ':audit' to cause
application of the policy to be audited.
applications of the policy to be audited. This means that any
NEW connection that does not match any rule in the rules file
or in the applicable 'default action' will be audited.
Only ACCEPT, DROP and REJECT policies may be audited.
@ -120,8 +123,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
f) An 'audit' option has been added to the
/etc/shorewall/blacklist file which causes the packets matching
the entryto be audited. 'audit' may not be specified together
with 'accept'.
the entry to be audited. 'audit' may not be specified together
with 'whitelist'.
g) The builtin actions (dropBroadcast, rejNonSyn, etc.) now support
an 'audit' parameter which causes all ACCEPT, DROP and REJECTs
@ -130,14 +133,19 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
(action.Drop and action.Reject).
Note: The builtin actions are those actions listed in the
output of 'shorewall show actions' whose names begin with a
output of 'shorewall show actions' with names begin with a
lower-case letter.
Example:
#ACTION SOURCE DEST
rejNonSyn(audit) net all
6) Up to this release, the behaviors of 'start -f' and 'restart -f'
has been inconsistent with AUTOMAKE=Yes. The 'start -f' and
'restart -f' commands compares the modification times of
/etc/shorewall[6] with /var/lib/shorewall[6]/restore while
AUTOMAKE compares with /var/lib/shorewall[6]/firewall.
has been inconsistent. The 'start -f' command compares the
modification times of /etc/shorewall[6] with
/var/lib/shorewall[6]/restore while 'restart -f' compares with
/var/lib/shorewall[6]/firewall.
To make the two consistent, a new LEGACY_FASTSTART option has been
added. The default value when the option isn't specified is
@ -217,6 +225,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
17) A 'Universal' sample configuration is now availale for a
'plug-and-play' firewall.
18) Support for the AUDIT iptables target has been added.
----------------------------------------------------------------------------
V. M I G R A T I O N I S S U E S
----------------------------------------------------------------------------