forked from extern/shorewall_code
16de6e1b86
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@561 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
38 lines
1.2 KiB
Plaintext
38 lines
1.2 KiB
Plaintext
This is a minor release of Shorewall.
|
|
|
|
Problems Corrected:
|
|
|
|
1) There were several cases where Shorewall would fail to remove a
|
|
temporary directory from /tmp. These cases have been corrected.
|
|
|
|
2) The rules for allowing all traffic via the loopback interface have
|
|
been moved to before the rule that drops status=INVALID
|
|
packets. This insures that all loopback traffic is allowed even if
|
|
Netfilter connection tracking is confused.
|
|
|
|
New Features:
|
|
|
|
1) IPV6-IPV4 (6to4) tunnels are now supported in the
|
|
/etc/shorewall/tunnels file.
|
|
|
|
2) Shorewall can now be easily integrated with fireparse
|
|
(http://www.fireparse.com) by setting LOGMARKER="fp=" in
|
|
/etc/shorewall/shorewall.conf. Note: You may not use ULOG
|
|
with fireparse unless you modify fireparse.
|
|
|
|
3) If you are running iptables 1.2.7a and kernel 2.4.20, then
|
|
Shorewall will return reject replies as follows:
|
|
|
|
a) tcp - RST
|
|
b) udp - ICMP port unreachable
|
|
c) icmp - ICMP host unreachable
|
|
d) Otherwise - ICMP host prohibited
|
|
|
|
If you are running earlier software, Shorewall will follow it's
|
|
traditional convention:
|
|
|
|
a) tcp - RST
|
|
b) Otherwise - ICMP port unreachable
|
|
|
|
4) UDP Port 135 is now silently dropped in the common.def chain.
|