forked from extern/shorewall_code
afee989ee5
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1099 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
62 lines
2.0 KiB
Plaintext
62 lines
2.0 KiB
Plaintext
This is a minor release of Shorewall.
|
|
|
|
Problems Corrected since version 1.4.9:
|
|
|
|
1. The column descriptions in the action.template file did not match
|
|
the column headings. That has been corrected.
|
|
|
|
2. The presence of IPV6 addresses on devices generates error messages
|
|
during [re]start if ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes are
|
|
specified in /etc/shorewall/shorewall.conf.
|
|
|
|
3. The CONTINUE action in /etc/shorewall/rules now works correctly. A
|
|
couple of problems involving rate limiting have been
|
|
corrected. These bug fixes courtesy of Steven Jan Springl.
|
|
|
|
4. Shorewall now tries to avoid sending an ICMP response to broadcasts
|
|
and smurfs.
|
|
|
|
5. Specifying "-" or "all" in the PROTO column of an action no longer
|
|
causes a startup error.
|
|
|
|
Migration Issues:
|
|
|
|
None.
|
|
|
|
New Features:
|
|
|
|
1) The INTERFACE column in the /etc/shorewall/masq file may now
|
|
specify a destination list.
|
|
|
|
Example:
|
|
|
|
#INTERFACE SUBNET ADDRESS
|
|
eth0:192.0.2.3,192.0.2.16/28 eth1
|
|
|
|
If the list begins with "!" then SNAT will occur only if the
|
|
destination IP address is NOT included in the list.
|
|
|
|
2) Output traffic control rules (those with the firewall as the source)
|
|
may now be qualified by the effective userid and/or effective group
|
|
id of the program generating the output. This feature is courtesy of
|
|
Frédéric LESPEZ.
|
|
|
|
A new USER column has been added to /etc/shorewall/tcrules.
|
|
|
|
It may contain :
|
|
|
|
[<user name or number>]:[<group name or number>]
|
|
|
|
The colon is optionnal when specifying only a user.
|
|
|
|
Examples : john: / john / :users / john:users
|
|
|
|
3) A "detectnets" interface option has been added for entries in
|
|
/etc/shorewall/interfaces. This option automatically taylors the
|
|
definition of the zone named in the ZONE column to include just
|
|
those hosts that have routes through the interface named in the
|
|
INTERFACE column. The named interface must be UP when
|
|
Shorewall is [re]started.
|
|
|
|
WARNING: DO NOT SET THIS OPTION ON YOUR INTERNET INTERFACE!
|