forked from extern/shorewall_code
Update migration issues document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b9139a4ec8
commit
ef3652fc98
@ -180,21 +180,64 @@
|
||||
<filename>/etc/shorewall[6]/notrack</filename> file was renamed
|
||||
<filename>/etc/shorewall[6]/conntrack</filename>. When upgrading to a
|
||||
release >= 4.5.7, the <filename>conntrack</filename> file will be
|
||||
installed along side of an existing <filename>notrack</filename> file.
|
||||
</para>
|
||||
installed along side of an existing <filename>notrack</filename>
|
||||
file.</para>
|
||||
|
||||
<para>If the 'notrack' file is non-empty, a warning message is issued
|
||||
during compilation: </para>
|
||||
during compilation:</para>
|
||||
|
||||
<blockquote>
|
||||
<para>WARNING: Non-empty notrack file (...); please move its
|
||||
contents to the conntrack file </para>
|
||||
contents to the conntrack file</para>
|
||||
</blockquote>
|
||||
|
||||
<para>This warning can be eliminated by removing the notrack file (if
|
||||
it has no entries), or by moving its entries to the conntrack file and
|
||||
removing the notrack file. Note that the conntrack file is always
|
||||
populated with rules </para>
|
||||
populated with rules</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In Shorewall 4.5.8, the /etc/shorewall[6]/routestopped files
|
||||
were deprecated if favor of new /etc/shorewall[6]/stoppedrules
|
||||
counterparts. The new files have much more familiar and
|
||||
straightforward semantics. Once a stoppedrules file is populated, the
|
||||
compiler will process that file and will ignore the corresponding
|
||||
routestopped file.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In Shorewall 4.5.8, a new variable (VARLIB) was added to the
|
||||
shorewallrc file. This variable assumes the role formerly played by
|
||||
VARDIR, and VARDIR now designates the configuration directory for a
|
||||
particular product.</para>
|
||||
|
||||
<para>This change should be transparent to all users:</para>
|
||||
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>If VARDIR is set in an existing shorewallrc file and VARLIB
|
||||
is not, then VARLIB is set to ${VARDIR} and VARDIR is set to
|
||||
${VARLIB}/${PRODUCT}.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If VARLIB is set in a shorewallrc file and VARDIR is not,
|
||||
then VARDIR is set to ${VARLIB}/${PRODUCT}.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para> The Shorewall-core installer will automatically update
|
||||
~/.shorewallrc and save the original in ~/.shorewallrc.bak.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Previously, the macro.SNMP macro opened both UDP ports 161 and
|
||||
162 from SOURCE to DEST. This is against the usual practice of opening
|
||||
these ports in the opposite direction. Beginning with Shorewall 4.5.8,
|
||||
the SNMP macro opens port 161 from SOURCE to DEST as before, and a new
|
||||
SNMPTrap macro is added that opens port 162 (from SOURCE to
|
||||
DEST).</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
Loading…
Reference in New Issue
Block a user