diff --git a/Shorewall/accounting b/Shorewall/accounting index 8a3ba3e8e..aa4d5612c 100755 --- a/Shorewall/accounting +++ b/Shorewall/accounting @@ -92,7 +92,9 @@ # #the 'kids' group # !:kids #program must not be run by a member # #of the 'kids' group -# +upnpd #program named upnpd +# +upnpd #program named upnpd (This feature was +# #removed from Netfilter in kernel +# #version 2.6.14). # # In all of the above columns except ACTION and CHAIN, the values "-", # "any" and "all" may be used as wildcards diff --git a/Shorewall/action.template b/Shorewall/action.template index 1c35f1717..33114806e 100644 --- a/Shorewall/action.template +++ b/Shorewall/action.template @@ -168,7 +168,7 @@ # # USER/GROUP This column may only be non-empty if the SOURCE is # the firewall itself. -# +# # The column may contain: # # [!][][:][+] @@ -185,7 +185,9 @@ # #the 'kids' group # !:kids #program must not be run by a member # #of the 'kids' group -# +upnpd #program named upnpd +# +upnpd #program named upnpd (This feature was +# #removed from Netfilter in kernel +# #version 2.6.14). # ############################################################################### #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 18300ca5a..e9a01cdf2 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -8,6 +8,8 @@ Changes in 3.0.0 RC 3. 4) Stop whining about ipt_owner messages under kernel 2.6.14. +5) Update config files with cmd-owner info. + Changes in 3.0.0 RC 2. 1) Fix support for OpenVPN and tcp. diff --git a/Shorewall/macro.template b/Shorewall/macro.template index acaeeb7c2..3a3e75f8c 100644 --- a/Shorewall/macro.template +++ b/Shorewall/macro.template @@ -293,7 +293,9 @@ # #the 'kids' group # !:kids #program must not be run by a member # #of the 'kids' group -# +upnpd #program named 'upnpd' +# +upnpd #program named upnpd (This feature was +# #removed from Netfilter in kernel +# #version 2.6.14). # # A few examples should help show how Macros work. # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 2dab9c232..77aed3cef 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -14,7 +14,9 @@ Problems Corrected in 3.0.0 RC 3: 3) The test that Shorewall uses to detect the availability of the owner match capability has been changed to avoid the generation - of ipt_owner messages under kernel 2.6.14. + of ipt_owner messages under kernel 2.6.14. The affected configuration + files have been updated to warn that + is not supported + by kernel versions 2.6.14 and later. Migration Considerations: diff --git a/Shorewall/rules b/Shorewall/rules index 491a5642d..cc5272fb8 100755 --- a/Shorewall/rules +++ b/Shorewall/rules @@ -378,7 +378,9 @@ # #the 'kids' group # !:kids #program must not be run by a member # #of the 'kids' group -# +upnpd #program named 'upnpd' +# +upnpd #program named upnpd (This feature was +# #removed from Netfilter in kernel +# #version 2.6.14). # # Example: Accept SMTP requests from the DMZ to the internet # diff --git a/Shorewall/tcrules b/Shorewall/tcrules index 6da659cfd..f0aaa1840 100755 --- a/Shorewall/tcrules +++ b/Shorewall/tcrules @@ -144,7 +144,9 @@ # The colon is optionnal when specifying only a user # or a program name. # Examples : john: , john , :users , john:users , -# +mozilla-bin +# +mozilla-bin (Support for program names +# was removed from Netfilter in Kernel +# version 2.6.14). # # TEST Defines a test on the existing packet or connection # mark. The rule will match only if the test returns