forked from extern/shorewall_code
Update News for 3.0.4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3417 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
b8ab661d1e
commit
cdf340ed29
@ -13,7 +13,7 @@
|
|||||||
</h1>
|
</h1>
|
||||||
<span style="font-weight: bold;">Tom Eastep<br>
|
<span style="font-weight: bold;">Tom Eastep<br>
|
||||||
<br>
|
<br>
|
||||||
</span>Copyright © 2001-2005 Thomas M. Eastep<br>
|
</span>Copyright © 2001-2006 Thomas M. Eastep<br>
|
||||||
<p>Permission is granted to copy, distribute and/or modify this
|
<p>Permission is granted to copy, distribute and/or modify this
|
||||||
document under the terms of the GNU Free Documentation License, Version
|
document under the terms of the GNU Free Documentation License, Version
|
||||||
1.2 or any later version published by the Free Software Foundation;
|
1.2 or any later version published by the Free Software Foundation;
|
||||||
@ -25,6 +25,9 @@ Documentation License</a></span>”.<br>
|
|||||||
<hr style="width: 100%; height: 2px;">
|
<hr style="width: 100%; height: 2px;">
|
||||||
<p></p>
|
<p></p>
|
||||||
<!-- Shorewall Release 3.0.3 -->
|
<!-- Shorewall Release 3.0.3 -->
|
||||||
|
<span style="font-weight: bold;">2006-01-05 Shorewall 3.0.4<br>
|
||||||
|
</span>
|
||||||
|
<pre>Problems Corrected in 3.0.4<br><br>1) The shorewall.conf file is once again "console friendly". Patch is<br> courtesy of Tuomo Soini.<br><br>2) A potential security hole has been closed. Previously, Shorewall ACCEPTed<br> all traffic from a bridge port that was sent back out on the same port. If<br> the port was described in /etc/shorewall/hosts using the wildcard "+" (eg,<br> xenbr0:vif+), this could lead to traffic being passed in variance with the<br> supplied policies and rules.<br><br>3) Previously, an intra-zone policy of NONE would cause a startup error. That<br> problem has been corrected.<br><br>4) When RETAIN_ALIASES=Yes, the script produced by "shorewall save" did not<br> add the retained aliases. This means that the following sequence of<br> events resulted in missing aliases:<br><br> shorewall start<br> shorewall restart<br> shorewall save<br> reboot<br> shorewall -f start (which is the default during boot up)<br><br>5) When a 2.x standard action is invoked with a log level (example<br> "AllowPing:info"), logging does not occur.<br><br>New Features in 3.0.4<br><br>1) By popular demand, the 'Limit' action described at<br> http://www1.shorewall.net/PortKnocking.html#Limit has been made a standard<br> action. Limit requires 'recent match' support in your kernel and iptables.<br><br>2) DISABLE_IPV6 no longer disabled local (loopback) IPV6 traffic. This<br> change is reported to improve Java startup time on some distributions.<br><br>3) Shorewall now contains support for wildcard ports. In<br> /etc/shorewall/hosts, you may specify the port name with trailing "+" then <br> use specific port names in rules.<br><br> Example:<br><br> /etc/shorewall/hosts<br><br> vpn br0:tap+<br><br> /etc/shorewall/hosts<br><br> DROP vpn:tap0 vpn:tap1 udp 9999<br><br>4) For the benefit of those who run Shorewall on distributions that don't <br> autoload kernel modules, /etc/shorewall/modules now contains load commands <br> for a wide range of Netfilter modules.<br></pre>
|
||||||
<span style="font-weight: bold;">2005-12-13
|
<span style="font-weight: bold;">2005-12-13
|
||||||
Shorewall 3.0.3<br>
|
Shorewall 3.0.3<br>
|
||||||
</span>
|
</span>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user