Update Known Problems

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-02-18 10:10:38 -08:00
parent 7eddb8310a
commit b3ae035302

View File

@ -32,3 +32,35 @@
Corrected in 4.4.7.5.
6) If multiple entries are present in /etc/shorewall/tcdevices and
globally unique class numbers are not explicitly specified in
/etc/shorewall/tcclasses, then 'shorewall start' will fail with a
diagnostic such as:
Setting up Traffic Control...
RTNETLINK answers: File exists
ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum
1500 limit 127 perturb 10" Failed
Processing /etc/shorewall/stop ...
Corrected in 4.4.7.5.
7) If a low per-IP rate limit (such as 1/hour) is specified, the
effective enforced rate is much higher (approximately 6/min). The
Shorewall compiler now configures the hashlimit table idle timeout
based on the rate units (min, hour, ...) so that the rate is more
accurately enforced.
Corrected in 4.4.7.5.
As part of this change, a unique hash table name is assigned to
each per-IP rate limiting rule that does not specify a table name
in the rule. The assigned names are of the form 'shorewallN' where
N is an integer. Previously, all such rules shared a single
'shorewall' table which lead to unexpected results.
8) All prior versions of Shorewall-perl mishandle per-IP rate limiting
in REDIRECT and DNAT rules. The effective rate and burst are 1/2 of
the values given in the rule.
Corrected in 4.4.7.5.