diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 01829ef77..39d780072 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,9 @@ Changes in Shorewall 4.4.10.3 1) Fix 'debug' and 'trace' handling. +2) Make find_hosts_by_option() work correctly where ALL_IP appears in + hosts file. + Changes in Shorewall 4.4.10.2 1) Make IPv6 log and connections output readable. diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index f2c11599d..354329576 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -71,4 +71,22 @@ shorewall compile /var/lib/shorewall/.restart /var/lib/shorewall/.restart debug restart +7) If the following options are specified in /etc/shorewall/interfaces + for an interface with '-' in the ZONE column, then these options + will be ignored if there is an entry in the hosts file for the + interface with an explicit or implicit 0.0.0.0/0 (0.0.0.0/0 is + implied when the host list begins with '!'). + + blacklist + maclist + nosmurfs + tcpflags + + You can work around this issue by specifying these options in the + hosts file entry rather than in the interfaces file. + + Note: for IPv6, the network is ::/0 rather than 0.0.0.0/0. + + + diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index aab68effa..fd40ff617 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -237,6 +237,19 @@ I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E -V Set verbosity explicitly -R Override RESTOREFILE setting +2) If the following options were specified in /etc/shorewall/interfaces + for an interface with '-' in the ZONE column, then these options + would be ignored if there was an entry in the hosts file for the + interface with an explicit or implicit 0.0.0.0/0 (0.0.0.0/0 is + implied when the host list begins with '!'). + + blacklist + maclist + nosmurfs + tcpflags + + Note: for IPv6, the network is ::/0 rather than 0.0.0.0/0. + 4.4.10.2 1) The start priorities of the Shorewall products were incorrect on