Document use of state match for NOTRACK

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00 · 2010-09-17 08:21:16 -07:00 · 8e2c8e5a8f
commit 8e2c8e5a8f
parent 882970a598
2 changed files with 6 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -29,6 +29,8 @@ Changes in Shorewall 4.4.13

 13) Implement an alternative blacklisting scheme.

+14) Use '-m state' for UNTRACKED.
+
 Changes in Shorewall 4.4.12

 1)  Fix IPv6 shorecap program.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -106,6 +106,10 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 10) Ipsets associated with 'dynamic' zones were being created during
    'restart' but not during 'start'.

+11) To work around an issue in Netfilter/iptables, Shorewall now uses
+    state match rather than conntrack match for UNTRACKED state
+    macthing.
+
 ----------------------------------------------------------------------------
           I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------