Document Lenny/xtables-addons hack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 10:20:40 -08:00 · 2010-01-04 10:20:40 -08:00 · b491eae3c0
commit b491eae3c0
parent a1fd3aa7e3
2 changed files with 10 additions and 1 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.6

 1)  Fix for rp_filter and kernel 2.6.31.

+2)  Add a hack to work around a bug in Lenny + xtables-addons
+
 Changes in Shorewall 4.4.5

 1)  Fix 15-port limit removal change.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -173,7 +173,14 @@ Shorewall 4.4.5
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 6
 ----------------------------------------------------------------------------

-None.
+1)  A 'feature' of xtables-addons when applied to Lenny causes extra
+    /31 networks to appear for nethash sets in the output of "ipset
+    -L" and "ipset -S". A hack has been added to prevent these from
+    being saved when Shorewall is saving IPSETS during 'stop'.
+
+    As part of this change, the generated script is more careful about
+    verifying the existence of the correct ipset utility before using
+    it to save the contents of the sets.

 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G