diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 65e5dbbca..f0ec2d038 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,6 +1,6 @@ Changes in Shorewall 4.4.11.1 -None. +1) Fix IPv6 shorecap program. Changes in Shorewall 4.4.11 diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt index d0cdf65b3..e7fcd59e4 100644 --- a/Shorewall/known_problems.txt +++ b/Shorewall/known_problems.txt @@ -1 +1,18 @@ -There are no known problems in Shorewall 4.4.11 +1) In all versions of Shorewall6 lite, the 'shorecap' program is + using the 'iptables' program rather than the 'ip6tables' program. + This causes many capabilities that are not available in IPv6 to + be incorrectly reported as available. + + This results in errors such as: + + ip6tables-restore v1.4.2: Couldn't load match `addrtype': + /lib/xtables/libip6t_addrtype.so: cannot open shared + object file: No such file or directory + + To work around this problem, on the administrative system: + + a) Remove the incorrect capabilties file. + b) In shorewall6.conf, set the IP6TABLES option to the + path name of ip6tables on the firewall (example: + IP6TABLES=/sbin/ip6tables). + c) 'shorewall6 load '. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 73b24a514..e9bc85ef2 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -218,6 +218,14 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES I I I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- +4.4.11.1 + +1) Previously, the Shoreall6-lite version of shorecap was using + iptables rather than ip6tables, with the result that many capabilities + that are only available in IPv4 were being reported as available. + +4.4.11 + 1) The IPv6 allowBcast action generated an invalid rule. 2) If IPSET= was specified in shorewall.conf, then when an