Correct/update release notes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 09:11:17 -07:00 · 2010-09-27 09:11:17 -07:00 · f33912d5f7
commit f33912d5f7
parent ac646930a3
1 changed files with 7 additions and 6 deletions
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -55,23 +55,24 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
           I I.  K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------

-1)  On systems running Upstart, shorewall-init cannot reliably start the
-    firewall before interfaces are brought up.
-
-2)  Shorewall now uses the 'conntrack' utility for 'show connections'
-    if that utility is installed.
+1)  On systems running Upstart, shorewall-init cannot reliably secure
+    the firewall before interfaces are brought up.

 ----------------------------------------------------------------------------
      I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------

 1)  Multiple source or destination ipset matches can be generated by
-    enclosing the ipset list in [...].
+    enclosing the ipset list in +[...].

    Example (/etc/shorewall/rules):

        ACCEPT $FW net:+[dest-ip-map,dest-port-map]

+2)  Shorewall now uses the 'conntrack' utility for 'show connections'
+    if that utility is installed. Going forward, the Netfilter team
+    will be enhancing this interface rather than the /proc interface.
+
 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------