forked from extern/shorewall_code
a9a5474f7c
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4336 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
66 lines
2.2 KiB
Plaintext
66 lines
2.2 KiB
Plaintext
Shorewall 3.3.0
|
|
|
|
Note to users upgrading from Shorewall 2.x or 3.0
|
|
|
|
Most problems associated with upgrades come from two causes:
|
|
|
|
- The user didn't read and follow the migration considerations in these
|
|
release notes.
|
|
|
|
- The user mis-handled the /etc/shorewall/shorewall.conf file during
|
|
upgrade. Shorewall is designed to allow the default behavior of
|
|
the product to evolve over time. To make this possible, the design
|
|
assumes that you will not replace your current shorewall.conf file
|
|
during upgrades. If you feel absolutely compelled to have the latest
|
|
comments and options in your shorewall.conf then you must proceed
|
|
carefully.
|
|
|
|
While you are at it, if you have a file named /etc/shorewall/rfc1918 then
|
|
please check that file. If it has addresses listed that are NOT in one of
|
|
these three ranges, then please rename the file to
|
|
/etc/shorewall/rfc1918.old.
|
|
|
|
10.0.0.0 - 10.255.255.255
|
|
172.16.0.0 - 172.31.255.255
|
|
192.168.0.0 - 192.168.255.255
|
|
|
|
If you have a file named /etc/shorewall/modules, please remove
|
|
it. The default modules file is now located in /usr/share/shorewall/
|
|
(see the "Migration Considerations" below).
|
|
|
|
Please see the "Migration Considerations" below for additional upgrade
|
|
information.
|
|
|
|
Problems Corrected in 3.3.0
|
|
|
|
None.
|
|
|
|
Other changes in 3.3.0
|
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
in http://www.shorewall.net/DynamicZones.html.
|
|
|
|
2) The 'try' command has been re-implemented. The command now does the
|
|
following:
|
|
|
|
- shorewall save
|
|
- shorewall restart <specified directory>
|
|
- if the restart is not successful, the configuration is
|
|
automatically restored
|
|
- otherwise, if a timeout is given then
|
|
- sleep for the number of seconds specified and
|
|
- shorewall restore
|
|
|
|
Migration Considerations:
|
|
|
|
1) Support for dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf and
|
|
the /sbin/shorewall "add" and "delete" commands) has been
|
|
removed. Please use ipsets to implement dynamic zones as described
|
|
in http://www.shorewall.net/DynamicZones.html.
|
|
|
|
New Features:
|
|
|
|
None.
|