From 882030789db1c254cc402dfb73d640ae31a8a819 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 23 Apr 2003 01:09:20 +0000 Subject: [PATCH] Update change log and release notes git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@545 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 16 ++----- Shorewall/releasenotes.txt | 87 ++------------------------------------ 2 files changed, 8 insertions(+), 95 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index baf7605be..eb71d4750 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,15 +1,7 @@ -Changes since 1.4.1 +Changes since 1.4.2 -1. Re-order steps in the 'check' command so that the policy file is - checked before the rules file. +1. The 'add' and 'delete' commands no longer leave behind a temporary + directory in /tmp. -2. Create an intermediate chain for input from zones defined in terms - of specific hosts or networks. +2. Added support for 6to4 tunnels. -3. Fixed common.def to use 'reject' rather than 'REJECT'. - -4. Added support for INCLUDE directive in all files. - -5. Made traceroute -I work. - -6. Add 'routeback' interface and host attribute. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 533fddedf..90f36a453 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -2,89 +2,10 @@ This is a minor release of Shorewall. Problems Corrected: -1) TCP connection requests rejected out of the common chain are now - properly rejected with TCP RST; previously, some of these requests - were rejeced with an ICMP port-unreachable response. - -2) 'traceroute -I' from behind the firewall previously timed out on the - first hop (e.g., to the firewall). This has been worked around. +1) There were several cases where Shorewall would fail to remove a + temporary directory from /tmp. These cases have been corrected. New Features: -1) Where an entry in the/etc/shorewall/hosts file specifies a - particular host or network, Shorewall now creates an intermediate - chain for handling input from the related zone. This can - substantially reduce the number of rules traversed by connections - requests from such zones. - -2) Any file may include an INCLUDE directive. An INCLUDE directive - consists of the word INCLUDE followed by a file name and causes the - contents of the named file to be logically included into the file - containing the INCLUDE. File names given in an INCLUDE directive - are assumed to reside in /etc/shorewall or in an alternate - configuration directory if one has been specified for the command. - - Examples: - shorewall/params.mgmt: - MGMT_SERVERS=1.1.1.1,2.2.2.2,3.3.3.3 - TIME_SERVERS=4.4.4.4 - BACKUP_SERVERS=5.5.5.5 - ----- end params.mgmt ----- - - - shorewall/params: - # Shorewall 1.3 /etc/shorewall/params - [..] - ####################################### - - INCLUDE params.mgmt - - # params unique to this host here - #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE - ----- end params ----- - - - shorewall/rules.mgmt: - ACCEPT net:$MGMT_SERVERS $FW tcp 22 - ACCEPT $FW net:$TIME_SERVERS udp 123 - ACCEPT $FW net:$BACKUP_SERVERS tcp 22 - ----- end rules.mgmt ----- - - shorewall/rules: - # Shorewall version 1.3 - Rules File - [..] - ####################################### - - INCLUDE rules.mgmt - - # rules unique to this host here - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE - ----- end rules ----- - - INCLUDE's may be nested to a level of 3 -- further nested INCLUDE - directives are ignored. - -3) Routing traffic from an interface back out that interface continues - to be a problem. While I firmly believe that this should never - happen, people continue to want to do it. To limit the damage that - such nonsense produces, I have added a new 'routeback' option in - /etc/shorewall/interfaces and /etc/shorewall/hosts. When used in - /etc/shorewall/interfaces, the 'ZONE' column may not contain '-'; in - other words, 'routeback' can't be used as an option for a multi-zone - interface. The 'routeback' option CAN be specified however on - individual group entries in /etc/shorewall/hosts. - - The 'routeback' option is similar to the old 'multi' option with two - exceptions: - - a) The option pertains to a particular zone,interface,address tuple. - - b) The option only created infrastructure to pass traffic from - (zone,interface,address) tuples back to themselves (the 'multi' - option affected all (zone,interface,address) tuples associated with - the given 'interface'). - - See the 'Upgrade Issues' for information about how this new option - may affect your configuration. - - +1) IPV6-IPV4 (6to4) tunnels are now supported in the + /etc/shorewall/tunnels file.