forked from extern/shorewall_code
408a8a3968
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3189 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
267 lines
5.6 KiB
Plaintext
Executable File
267 lines
5.6 KiB
Plaintext
Executable File
Changes in 3.0.4
|
|
|
|
1) Console-friendly version of shorewall.conf.
|
|
|
|
2) Add 'Limit' as a standard action.
|
|
|
|
3) Enabled loopback traffic under the DISABLE_IPV6 option.
|
|
|
|
4) Close hole in bridged configurations.
|
|
|
|
5) Fix bug in NONE intra-zone policy handling.
|
|
|
|
6) Fix bug in RETAIN_ALIASES=Yes.
|
|
|
|
7) Wildcard port support.
|
|
|
|
Changes in 3.0.3
|
|
|
|
1) Implement "shorewall show macros"
|
|
|
|
2) Comments regarding bridge configuration were improved.
|
|
|
|
3) Applied Tuomo Soini's patch to pretty up the tc4shorewall files.
|
|
|
|
4) Fix 'safe-start' and 'safe'restart' -- add support for -q in the process.
|
|
|
|
5) Fix help text for restore. Add -q to help for safe-start and safe-restart.
|
|
|
|
6) Add more migration information to release notes.
|
|
|
|
7) Allow "-" in the ADDRESS/SUBNET column of the blacklist file.
|
|
|
|
8) Add traffic shaping information to "dump" output.
|
|
|
|
9) Allow 'none' in the COPY column of /etc/shorewall/providers.
|
|
|
|
10) Implement 'ipdecimal' command.
|
|
|
|
11) Implement 'reload' in the init script.
|
|
|
|
12) Correct README.txt
|
|
|
|
13) Add upgrade considerations for 2.0 users to release notes.
|
|
|
|
14) Change default for CLEAR_TC to "Yes".
|
|
|
|
15) Added warning to the zones file.
|
|
|
|
16) Fixed bug in tcrules processing (interface name in SOURCE column).
|
|
|
|
17) Create /var/log/shorewall-init.log when installing on Debian.
|
|
|
|
Changes in 3.0.2
|
|
|
|
1) Typos in the Samples corrected.
|
|
|
|
2) Incompatibility with old kernels worked around.
|
|
|
|
3) Added new Webmin macro
|
|
|
|
4) Arch Linux installation routines improved
|
|
|
|
Changes in 3.0.1
|
|
|
|
1) Set policies for chains in nat, mangle and raw tables.
|
|
|
|
2) Applied Tuomo's patch for Makefile.
|
|
|
|
3) Add Farkas ordering to generated SOURCE and DEST column when expanding
|
|
macros.
|
|
|
|
4) Clarify PORTS column in blacklist file.
|
|
|
|
5) Correct CLAMPMSS/FASTACCEPT interaction.
|
|
|
|
Changes in 3.0.0 Final
|
|
|
|
None.
|
|
|
|
Changes in 3.0.0 RC 3.
|
|
|
|
1) ROUTE target and Extended Mark removed from capabilities.
|
|
|
|
2) Suppress 'ambiguous redirect' error messages.
|
|
|
|
3) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon).
|
|
|
|
4) Stop whining about ipt_owner messages under kernel 2.6.14.
|
|
|
|
5) Update config files with cmd-owner info.
|
|
|
|
6) Fix DHCP with MACLIST_TABLE=mangle.
|
|
|
|
7) Remove Slackware special case from INSTALL instructions.
|
|
|
|
Changes in 3.0.0 RC 2.
|
|
|
|
1) Fix support for OpenVPN and tcp.
|
|
|
|
2) Correct cut-and-paste error in 'arp_ignore' processing.
|
|
|
|
3) Add 'src' to gateway routes. Make 'find_first_interface_address' look for
|
|
global addresses only.
|
|
|
|
4) Update /etc/shorewall/interfaces to describe multiple interfaces to a zone.
|
|
|
|
Changes in 3.0.0 RC 1.
|
|
|
|
1) Correct spelling of MACLIST_TABLE in shorewall.conf.
|
|
|
|
Changes in 3.0.0 Beta 1.
|
|
|
|
1) Add TC_ENABLED=Internal
|
|
|
|
2) Fix default tc class bug.
|
|
|
|
Changes in 2.5.8
|
|
|
|
1) Fix 'shorewall refresh' with long tcrules entries.
|
|
|
|
2) Implement MACLIST_TABLE.
|
|
|
|
3) Make tc class ids unique between devices.
|
|
|
|
Changes in 2.5.7
|
|
|
|
1) Fix ADMINISABSENTMINDED=Yes vs. entries in /etc/shorewall/routestopped.
|
|
|
|
2) Fix traffic shaping and "shorewall refresh"
|
|
|
|
3) Add capabilities report to "shorewall dump".
|
|
|
|
4) Rename 'plain' to 'ipv4'
|
|
|
|
5) Deimplement NEWNOTSYN
|
|
|
|
6) Fix logging IPP2P rules.
|
|
|
|
7) Add zone type to /var/lib/shorewall/zones.
|
|
|
|
8) Give better diagnostics when IPP2P match isn't available.
|
|
|
|
9) Do not touch mangle chain during "refresh".
|
|
|
|
10) Implement support for UDP IPP2P Matching.
|
|
|
|
Changes in 2.5.6
|
|
|
|
1) Finish install/fallback cleanup.
|
|
|
|
2) Fix startup failure.
|
|
|
|
3) Add "-n" option.
|
|
|
|
Changes in 2.5.5
|
|
|
|
1) Zone file alchemy attempted.
|
|
|
|
2) Fix install.sh re: Makefile
|
|
|
|
3) Fix error handling.
|
|
|
|
4) Add SHOREWALL_LIBRARY function.
|
|
|
|
Changes in 2.5.4
|
|
|
|
1) Allow TAG to be used as a general parameter mechanism [hack].
|
|
|
|
2) Fix some ghastly bugs in macros.
|
|
|
|
3) "shorewall check" now checks the masq file.
|
|
|
|
4) "shorewall check" now checks the proxyarp file.
|
|
|
|
5) "shorewall check" now checks the nat file.
|
|
|
|
6) "shorewall check" now checks the providers file.
|
|
|
|
7) Merge 'tc4shorewall'
|
|
|
|
8) Modify tc4shorewall so that it plays well with Shorewall
|
|
save/restore.
|
|
|
|
Changes in 2.5.3
|
|
|
|
1) Allow exclusion lists in /etc/shorewall/tcrules.
|
|
|
|
2) Added 'openvpnserver' and 'openvpnclient' tunnel types.
|
|
|
|
3) Set COMMAND=restore in restore-base.
|
|
|
|
4) Allow exclusion lists in actions.
|
|
|
|
5) Make intra-zone policies more rational.
|
|
|
|
6) Clear the raw table on stop and [re]start
|
|
|
|
7) Section the rules file.
|
|
|
|
8) Fixed tunnels/rules interaction problems.
|
|
|
|
9) Provide hack for passing arguments to action extension scripts.
|
|
|
|
Changes in 2.5.2
|
|
|
|
1) Allow port lists in /etc/shorewall/accounting.
|
|
|
|
2) Fix PKTTYPE=No and packet type match capability reporting.
|
|
|
|
3) Add FASTACCEPT option.
|
|
|
|
4) Generate error if norfc1918 is specified on an interface with an RFC
|
|
1918 IP address.
|
|
|
|
5) Implement exclusion lists in /etc/shorewall/rules.
|
|
|
|
Changes in 2.5.1
|
|
|
|
1) Make "shorewall add" work with 'ipsec' in hosts file.
|
|
|
|
2) Remove dependence on 'which'
|
|
|
|
3) Rename "status" to "dump" and add real status command.
|
|
|
|
4) Fix Makefile (compare to restore-base rather than restarted).
|
|
|
|
5) Add "all+"
|
|
|
|
6) Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME
|
|
|
|
7) Add FASTACCEPT option in shorewall.conf.
|
|
|
|
8) Generate error for 'norfc1918' on an interface with an RFC 1918 IP
|
|
address.
|
|
|
|
9) Finally implement exclude lists in rules.
|
|
|
|
Changes in 2.5.1ex/2.5.0
|
|
|
|
1) Clean up handling of zones
|
|
|
|
2) Make the removal of the ipsec file upward compatible.
|
|
|
|
3) Improve CONTINUE policy handling.
|
|
|
|
4) Implement arp_ignore support.
|
|
|
|
Changes in 2.5.0ex
|
|
|
|
1) Make warning and error messages easier to find by using
|
|
capitalization.
|
|
|
|
2) Remove /etc/shorewall/ipsec and merge it's function with
|
|
/etc/shorewall/zones.
|
|
|
|
3) Apply small fix to the above patch.
|
|
|
|
4) Remove dynamic zone support.
|
|
|
|
5) Add "established policy" support.
|
|
|
|
6) Add CRITICALHOSTS support.
|
|
|
|
7) Remove 'bogon' stuff.
|
|
|
|
8) Implement Macros.
|