forked from extern/shorewall_code
44 lines
1.5 KiB
Plaintext
44 lines
1.5 KiB
Plaintext
1) On systems running Upstart, shorewall-init cannot reliably secure
|
|
the firewall before interfaces are brought up.
|
|
|
|
2) The 4.4.20 Shorewall6 installer always installs the 'plain'
|
|
(unannotated) version of shorewall6.conf, regardless of the '-p'
|
|
option.
|
|
|
|
3) Fixed item 1 from 4.4.19.4 was inadvertently omitted from
|
|
4.4.20.
|
|
|
|
2) A defect introduced in 4.4.20 can cause the following failure at
|
|
start/restart:
|
|
|
|
ERROR: Command "tc qdisc add dev eth0 parent 1:11 handle 1:
|
|
sfq quantum 12498 limit 127 perturb 10" failed
|
|
|
|
The error occurs when explicit interface numbers are assigned in
|
|
/etc/shorewall/tcdevices and the default HTB queuing discipline is
|
|
used.
|
|
|
|
3) The 'sfilter' interface option introduced in 4.4.20 is not applied
|
|
to traffic addressed to the firewall itself.
|
|
|
|
4) IPSEC traffic is incorrectly included in the rules generated by
|
|
sfiltering.
|
|
|
|
5) Shorewall 4.4.20 can, under some circumstances, fail during
|
|
iptables-restore with a message such as the following:
|
|
|
|
iptables-restore v1.4.10: Couldn't load target
|
|
`dsl0_fwd':/usr/lib/xtables/libipt_dsl0_fwd.so: cannot open shared object
|
|
file: No such file or directory
|
|
|
|
Error occurred at line: 113
|
|
Try `iptables-restore -h' or 'iptables-restore --help' for more
|
|
information.
|
|
|
|
ERROR: iptables-restore Failed. Input is in
|
|
/var/lib/shorewall/.iptables-restore-input
|
|
|
|
6) The following extraneous warning message may be ignored:
|
|
|
|
WARNING: sfilter is ineffective with FASTACCEPT=Yes
|