diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 3544dc130..df42335a3 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in Shorewall 4.4.6 1) Fix for rp_filter and kernel 2.6.31. +2) Add a hack to work around a bug in Lenny + xtables-addons + Changes in Shorewall 4.4.5 1) Fix 15-port limit removal change. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 440624a0e..d7f1f6909 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -173,7 +173,14 @@ Shorewall 4.4.5 P R O B L E M S C O R R E C T E D I N 4 . 4 . 6 ---------------------------------------------------------------------------- -None. +1) A 'feature' of xtables-addons when applied to Lenny causes extra + /31 networks to appear for nethash sets in the output of "ipset + -L" and "ipset -S". A hack has been added to prevent these from + being saved when Shorewall is saving IPSETS during 'stop'. + + As part of this change, the generated script is more careful about + verifying the existence of the correct ipset utility before using + it to save the contents of the sets. ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G