From 8a744de906beaefaaf939d3b95b04e5b6bb0e5f8 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 22 Nov 2012 09:10:07 -0800 Subject: [PATCH] Document semantic change to 'all' handling in the conntrack file. Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-conntrack.xml | 10 ++++++++++ Shorewall6/manpages/shorewall6-conntrack.xml | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml index 1ac3c2ac1..bfd50866d 100644 --- a/Shorewall/manpages/shorewall-conntrack.xml +++ b/Shorewall/manpages/shorewall-conntrack.xml @@ -254,6 +254,16 @@ Beginning with Shorewall 4.5.10, can be used as the zone name to mean all off-firewall zones. + + + In 4.5.10, handling of was changed. + now causes the generated netfilter rule to be + appended to the raw table PREROUTING and OUTPUT chains directly. + rules are added directly to PREROUTING. + and rules are processed + after the more specific rules that specify an individual + zone. + diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml index a04bc5d9a..0952ea788 100644 --- a/Shorewall6/manpages/shorewall6-conntrack.xml +++ b/Shorewall6/manpages/shorewall6-conntrack.xml @@ -149,6 +149,16 @@ Beginning with Shorewall 4.5.10, can be used as the zone name to mean all off-firewall zones. + + + In 4.5.10, handling of was changed. + now causes the generated netfilter rule to be + appended to the raw table PREROUTING and OUTPUT chains directly. + rules are added directly to PREROUTING. + and rules are processed + after the more specific rules that specify an individual + zone. +