forked from extern/shorewall_code
Update web site for 3.2.6
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4903 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c41e4c1173
commit
bba2e84ae9
@ -20,11 +20,14 @@ Texts. A copy of the license is included in the section entitled “<span
|
||||
class="quote"><a href="GnuCopyright.htm" target="_self">GNU Free
|
||||
Documentation License</a></span>”.<br>
|
||||
</p>
|
||||
<p>October 28, 2006<br>
|
||||
<p>November 18, 2006<br>
|
||||
</p>
|
||||
<hr style="width: 100%; height: 2px;">
|
||||
<p></p>
|
||||
<!-- Shorewall Release 3.0.5 -->
|
||||
<span style="font-weight: bold;">2006-11-18 Shorewall 3.2.6<br>
|
||||
</span><span style="font-weight: bold;"></span>
|
||||
<pre>Problems Corrected in 3.2.6.<br><br>1) When using a light-weight shell (e.g., ash) with multiple<br>providers, the /etc/iproute2/rt_tables database may become corrupted.<br><br>2) A startup error occurred when the LENGTH or TOS column was<br> non-empty in /etc/shorewall/tcrules.<br><br>3) A startup error resulted when whitespace as included in LOGFORMAT.<br><br>4) Previously, when conntrack match support was not available, the<br> 'norfc1918' option on an interface or host group was incorrectly<br> filtering IPSEC traffic whose source IP address was reserved by RFC<br> 1918.<br><br>5) If a DNAT or REDIRECT rule was used where the effective policy<br> between the source and final destination zones is ACCEPT, the ACCEPT<br> part of the rule was not generated. This was intended as an<br> optimizaiton but it could lead to confusing results if there was a<br> DROP or REJECT rule following.<br><br> This optimization has been removed. You may always use DNAT- and<br> REDIRECT- to suppress generation of the ACCEPT rule.<br><br>6) Shorewall[-lite] previously would return an error exit status to a<br> "start" command where Shorewall was already running. It not returns<br> a "success" status.<br><br>7) The install.sh scripst have been corrected to work properly when <br> used to create packages on Slackware and Arch Linux.<br><br>5) A change in version 3.2.5 broke Mac Filtration in some<br> cases. Result was:<br><br> Setting up MAC Filtration -- Phase 1...<br> iptables v1.3.6: policy match: invalid policy `--dir'<br> Try `iptables -h' or 'iptables --help' for more information.<br> ERROR: Command "/sbin/iptables -A eth1_fwd -s 0.0.0.0/0 -m state <br> --state NEW -m policy --pol --dir in -j eth1_mac" Failed<br><br>6) At VERBOSITY 1 and higher, the 'shorewall add' and 'shorewall<br> delete' commands generated a fractured message. The message<br> contents depended in the setting of IPSECFILE as follows:<br><br> IPSECFILE=ipsec<br><br> ipsec...<br><br> IPSECFILE=zones<br><br> IPSEC...<br><br> The messages have been corrected and are only produced at VERBOSITY<br> 2 and higher as follows:<br><br> IPSECFILE=ipsec<br><br> Processing /etc/shorewall/ipsec...<br><br> IPSECFILE=zones<br><br> Processing IPSEC...<br><br>7) Previously, when <action>:none appeared in a rule, the name of the<br> action chain created was preceded by "%" and might have a one- or<br> two-digit number appended. If both <action> and <action>:none<br> appeared, then two chains were created. This has been corrected<br> such that <action> and <action>:none are treated identically.<br><br>8) If SAVE_IPSETS=Yes in shorewall.conf, the "shorewall[-lite] save"<br> command produced error messages as follows:<br><br> Dynamic Rules Saved<br> Currently-running Configuration Saved to /var/lib/shorewall/restore<br> grep: /var/lib/shorewall/restore-base: No such file or directory<br> grep: /var/lib/shorewall/restore-base: No such file or directory<br> Current Ipset Contents Saved to<br> /var/lib/shorewall/restore-ipsets<br><br>9) If BRIDGING=No in shorewall.conf, then an attempt to define a zone<br> using ipsets fails as follows:<br><br> ERROR: BRIDGING=Yes is needed for this zone definition: z eth0:+iset<br><br>Other Changes in 3.2.6.<br><br>1) The "shorewall [re]load" command now supports a "-c" option.<br><br> Example:<br><br> shorewall reload -c gateway<br><br> When -c is given, Shorewall will capture the capabilities of the<br> remote system to a file named "capabilities" in the export<br> directory before compiling the configuration.<br><br> If the file "capabilities" does not currently exist in the <br> export directory then "-c" is automatically assumed.<br><br>2) If 0 (zero) is specified for the IN-BANDWIDTH in<br> /etc/shorewall/tcdevices then no ingress qdisc will be created for<br> the device.<br></pre>
|
||||
<span style="font-weight: bold;">2006-10-28 Shorewall 3.2.5<br>
|
||||
</span><span style="font-weight: bold;"></span>
|
||||
<pre>Problems Corrected in 3.2.5<br><br>1) Entries such as the following in /etc/shorewall/masq generate a<br> run-time error:<br><br> eth0 eth1!192.168.1.12 206.124.146.176<br><br> Omitting the exclusion (!192.168.1.12) avoids the error.<br><br>2) Previously, the 'provider' portion of the packet mark was not being<br> cleared after routing for traffic that originates on the firewall<br> itself.<br><br>3) In prior releases, it was not possible to mark an outgoing packet<br> with a high mark (HIGH_ROUTE_MARKS=Yes) when the packet originated<br> on the firewall itself.<br><br>4) The detected capabilities were not displayed by 'shorewall dump'<br> when the effective VERBOSITY was less than 2.<br><br>Other changes in 3.2.5<br><br>1) For users whose kernel and iptables have Extended MARK Target<br> support, it is now possible to logically AND or OR a value into the<br> current packet mark by preceding the mark value (and optional mask)<br> with an ampersand ("&") or vertical bar ("|") respectively.<br><br> Example: To logically OR the value 4 into the mark value for<br> packets from 192.168.1.1:<br><br> #MARK SOURCE<br> |4 192.168.1.1<br><br>2) A new macro (macro.RDP) has been added for Microsoft Remote<br> Desktop. This macro was contributed by Tuomo Soini.<br><br>3) A new 'maclog' extension file has been added. This file is<br> processed just before logging based on the setting of<br> MACLIST_LOG_LEVEL is done. When the script is copyied at compile<br> time, the CHAIN variable will contain the name of the chain where<br> rules should be inserted. Remember that if you have specified<br> MACLIST_TABLE=mangle, then your run_iptables commands should<br> include "-t mangle".<br><br>4) Beginning with this release, Shorewall and Shorewall lite will<br> share the same change log and release notes.<br></pre>
|
||||
|
BIN
web/images/leaflogo.jpg
Normal file
BIN
web/images/leaflogo.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.5 KiB |
@ -20,7 +20,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with
|
||||
no Back-Cover Texts. A copy of the license is included in the section
|
||||
entitled “<a href="GnuCopyright.htm" target="_self">GNU Free
|
||||
Documentation License</a>”.</p>
|
||||
<p>2006-10-30</p>
|
||||
<p>2006-11-18</p>
|
||||
<hr>
|
||||
<h2>Table of Contents</h2>
|
||||
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction
|
||||
@ -104,17 +104,17 @@ Features page</a>.<br>
|
||||
<h3><a name="Releases"></a>Current Shorewall Versions</h3>
|
||||
<p style="margin-left: 40px;">The <span style="font-weight: bold;">current
|
||||
Stable Release</span> version
|
||||
is 3.2.5<br>
|
||||
is 3.2.6<br>
|
||||
</p>
|
||||
<ul style="margin-left: 40px;">
|
||||
<li>Here are the <a
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/releasenotes.txt">release
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.6/releasenotes.txt">release
|
||||
notes</a> <br>
|
||||
</li>
|
||||
<li>Here are the <a
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/known_problems.txt">known
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.6/known_problems.txt">known
|
||||
problems</a> and <a
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5/errata/">updates</a>.</li>
|
||||
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.6/errata/">updates</a>.</li>
|
||||
</ul>
|
||||
<div style="margin-left: 40px;">The <span style="font-weight: bold;">previous
|
||||
Stable Release</span> version is 3.0.9<br>
|
||||
|
Loading…
Reference in New Issue
Block a user