holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
99a35c1bf0
shorewall_code/Shorewall/releasenotes.txt

58 lines
2.0 KiB
Plaintext
Raw Blame History

Shorewall 4.5.0
----------------------------------------------------------------------------
R E L E A S E 4 . 5 H I G H L I G H T S
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
M I G R A T I O N I S S U E S
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 5 . 0
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 5 . 0
----------------------------------------------------------------------------
1) Previously, the following sequence of policies would produce a
'Duplicate Policy' error:
$FW all ACCEPT
$FW dmz REJECT info
Begining with 4.5.0, this sequence produces the same result as this
one:
$FW dmz REJECT info
$FW all ACCEPT
2) Shorewall now allows DNAT rules that change only the destination
port.
Example:
DNAT loc net::456 udp 234
That rule will modify the destination port in UDP packets received
from the 'loc' zone from 456 to 234. Note that if the destination
is the firewall itself, then the destination port will be rewritten
but that no ACCEPT rule from the loc zone to the $FW zone will have
been created to handle the request. So such rules should probably
exclude the firewall's IP addresses in the ORIGINAL DEST column.
View Git Blame Copy Permalink