forked from extern/shorewall_code
43 lines
1.3 KiB
Plaintext
43 lines
1.3 KiB
Plaintext
1) On systems running Upstart, shorewall-init cannot reliably start the
|
|
firewall before interfaces are brought up.
|
|
|
|
2) The date/time formatting in the STARTUP_LOG is not uniform.
|
|
|
|
Fixed in 4.4.13.1
|
|
|
|
3) The blacklisting change in 4.4.13 broke blacklisting in some simple
|
|
configurations with the effect that blacklisting was not enabled.
|
|
|
|
Fixed in 4.4.13.1
|
|
|
|
The issue may also be worked around is follows.
|
|
|
|
If you currently have an entry similar to this in
|
|
/etc/shorewall/interfaces:
|
|
|
|
#ZONE INTERFACE BROADCAST OPTIONS
|
|
net eth0 detect blacklist,...
|
|
|
|
then remove the 'blacklist' option from that entry and change the
|
|
'net' entry in /etc/shorewall/zones as follows:
|
|
|
|
#ZONE TYPE OPTIONS IN_OPTIONS
|
|
net ipv4 - blacklist
|
|
|
|
4) The Debian init scripts for Shorewall-lite and Shorewall6-lite
|
|
contain a syntax error.
|
|
|
|
Fixed in 4.4.13.2.
|
|
|
|
5) If the -v or -q option is passed to /sbin/shorewall-lite or
|
|
/sbin/shorewall6-lite on a command that involves the compiled
|
|
script, then the command will fail if the effective verbosity is
|
|
> 2 or < -1.
|
|
|
|
Fixed in 4.4.13.2.
|
|
|
|
6) When running one of the -lite packages, the log reading commands
|
|
(show log, logwatch and dump) show no log record.
|
|
|
|
Fixed in 4.4.13.3.
|