forked from extern/shorewall_code
Document optimization 2 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
4c6df657da
commit
b9c303cf92
@ -1,3 +1,7 @@
|
|||||||
|
Changes in Shorewall 4.4.8.4
|
||||||
|
|
||||||
|
1) Restore lone ACCEPT rule to the OUTPUT chain under OPTIMIZE 2.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.8.3
|
Changes in Shorewall 4.4.8.3
|
||||||
|
|
||||||
1) Make wildcard interfaces play well with optimize 4.
|
1) Make wildcard interfaces play well with optimize 4.
|
||||||
|
|||||||
@ -1,3 +1,5 @@
|
|||||||
|
Known problems in Shorewall 4.4.8
|
||||||
|
|
||||||
1) Logical interface names in the EXTERNAL column of
|
1) Logical interface names in the EXTERNAL column of
|
||||||
/etc/shorewall/proxyarp were previously not mapped to their
|
/etc/shorewall/proxyarp were previously not mapped to their
|
||||||
corresponding physical interface names. This could cause 'start' or
|
corresponding physical interface names. This could cause 'start' or
|
||||||
@ -37,3 +39,24 @@
|
|||||||
|
|
||||||
Corrected in Shorewall 4.4.8.2
|
Corrected in Shorewall 4.4.8.2
|
||||||
|
|
||||||
|
6) Wildcard interface names (those ending in '+') can result in
|
||||||
|
iptables-restore failure with optimize 4.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.8.3
|
||||||
|
|
||||||
|
7) Invalid iptables-restore input involving the 'tcpre'
|
||||||
|
mangle chain is possible with optimize 4.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.8.3
|
||||||
|
|
||||||
|
8) A couple of fixes to the 4.4.8.2 change for startup log naming are
|
||||||
|
included. The main symptom occurred on Debian systems where perl
|
||||||
|
reported that /etc/shorewall.conf did not exist.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.8.3
|
||||||
|
|
||||||
|
9) If OPTIMIZE 2 and there are no OUTPUT rules and the only effective
|
||||||
|
output policy is $FW->all ACCEPT, then the OUTPUT chain is empty
|
||||||
|
and no packets can be sent.
|
||||||
|
|
||||||
|
Corrected in Shorewall 4.4.8.4
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
S H O R E W A L L 4 . 4 . 8 . 3
|
S H O R E W A L L 4 . 4 . 8 . 4
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
I. RELEASE 4.4 HIGHLIGHTS
|
I. RELEASE 4.4 HIGHLIGHTS
|
||||||
@ -217,6 +217,11 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
4.4.8.4
|
||||||
|
|
||||||
|
1) If OPTIMIZE 2 and there were no OUTPUT rules and the only effective
|
||||||
|
output policy was $FW->all ACCEPT, then the OUTPUT chain was empty
|
||||||
|
and no packets could be sent.
|
||||||
|
|
||||||
4.4.8.3
|
4.4.8.3
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user