forked from extern/shorewall_code
5fe2bef29e
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
47 lines
1.5 KiB
Plaintext
Executable File
47 lines
1.5 KiB
Plaintext
Executable File
This is a major release of Shorewall.
|
|
|
|
Function from 1.3 that has been omitted from this version include:
|
|
|
|
1) The MERGE_HOSTS variable in shorewall.conf is no longer
|
|
supported. Shorewall 1.4 behavior is the same as 1.3 with
|
|
MERGE_HOSTS=Yes.
|
|
|
|
2. Interface names of the form <device>:<integer> in
|
|
/etc/shorewall/interfaces now generate an error.
|
|
|
|
3. Shorewall 1.4 implements behavior consistent with
|
|
OLD_PING_HANDLING=No. OLD_PING_HANDLING=Yes will generate an error
|
|
at startup as will specification of the 'noping' or 'filterping'
|
|
interface options.
|
|
|
|
4. The 'routestopped' option in the /etc/shorewall/interfaces and
|
|
/etc/shorewall/hosts files is no longer supported and will generate
|
|
an error at startup if specified.
|
|
|
|
5. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer
|
|
accepted.
|
|
|
|
6. The ALLOWRELATED variable in shorewall.conf is no longer
|
|
supported. Shorewall 1.4 behavior is the same as 1.3 with
|
|
ALLOWRELATED=Yes.
|
|
|
|
Changes for 1.4 include:
|
|
|
|
1. shorewall.conf has been completely reorganized into logical
|
|
sections.
|
|
|
|
2. LOG is now a valid action for a rule (/etc/shorewall/rules).
|
|
|
|
3. The firewall script and version file are now installed in
|
|
/usr/share/shorewall.
|
|
|
|
4. Late arriving DNS replies are now silently dropped in the common
|
|
chain by default.
|
|
|
|
5. In addition to behaving like OLD_PING_HANDLING=No, Shorewall 2.0 no
|
|
longer unconditionally accepts outbound ICMP packets. So if you want
|
|
to 'ping' from the firewall, you will need the appropriate rule or
|
|
policy.
|
|
|
|
|