holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update release docs for 4.4.11.1 upload

Browse Source
This commit is contained in:
Tom Eastep 2010-07-24 07:23:01 -07:00
parent d33c96e4c6
commit 90222c86ac
2 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall/known_problems.txt
View File

@ -17,25 +17,34 @@
IP6TABLES=/sbin/ip6tables). IP6TABLES=/sbin/ip6tables).
c) 'shorewall6 load <firewall>'. c) 'shorewall6 load <firewall>'.
Corrected in Shorewall 4.4.11.1
2) In a number of cases, Shorewall6 generates incorrect rules 2) In a number of cases, Shorewall6 generates incorrect rules
involving the IPv6 multicast network. The rules specify involving the IPv6 multicast network. The rules specify
ff00::/10 where they should specify ff00::/8. Also, rules ff00::/10 where they should specify ff00::/8. Also, rules
instantiated when the IPv6 firewall is stopped use ff80::/10 rather instantiated when the IPv6 firewall is stopped use ff80::/10 rather
than fe80::/10 (IPv6 link local network). than fe80::/10 (IPv6 link local network).
Corrected in Shorewall 4.4.11.1
3) Using a destination port-range with :random produces a fatal 3) Using a destination port-range with :random produces a fatal
compilation error in REDIRECT rules. compilation error in REDIRECT rules unless the firewall zone is
explicitly specified (e.g., $FW::2000-2010:random).
4) Shorewall-init is not reliable in bringing up interfaces during Corrected in Shorewall 4.4.11.1
boot on Ubuntu systems that use upstart.
Suggested workaround is to set startup=1 in your 4) /sbin/shorewall and /sbin/shorewall6 sometimes fail to honor the
/etc/default/shorewall* files.
5) /sbin/shorewall and /sbin/shorewall6 sometimes fail to honor the
'nolock' option. In other cases, this option is incorrectly passed 'nolock' option. In other cases, this option is incorrectly passed
on to the compiled script, causing the script to issue a usage on to the compiled script, causing the script to issue a usage
synopsis and to terminate. synopsis and to terminate.
Corrected in Shorewall 4.4.11.1
5) On systems that use the Upstart init system (such as Ubuntu and
Fedora), Shorewall-init is not reliable at starting the firewall
during boot when normal firewall startup is disabled and UPDOWN=1
is specified in /etc/default/shorewall-init.
Suggested workaround is to not disable normal startup (e.g., do not
set startup=0 on Debian-based systems and do not 'checkconfig
--del...' on Fedora).

9
Shorewall/releasenotes.txt
View File

@ -295,7 +295,14 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
I V. K N O W N P R O B L E M S R E M A I N I N G I V. K N O W N P R O B L E M S R E M A I N I N G
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
None. 1) On systems that use the Upstart init system (such as Ubuntu and
Fedora), Shorewall-init is not reliable at starting the firewall
during boot when normal firewall startup is disabled and UPDOWN=1
is specified in /etc/default/shorewall-init.
Suggested workaround is to not disable normal startup (e.g., do not
set startup=0 on Debian-based systems and do not 'checkconfig
--del...' on Fedora).
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
V. N E W F E A T U R E S I N T H I S R E L E A S E V. N E W F E A T U R E S I N T H I S R E L E A S E