forked from extern/shorewall_code
39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
1) On systems running Upstart, shorewall-init cannot reliably secure
|
|
the firewall before interfaces are brought up.
|
|
|
|
Corrected in Shorewall 4.4.19.1
|
|
|
|
2) There is a harmless duplicate ACCEPT rule in the INPUT filter chain
|
|
when the firewall is stopped.
|
|
|
|
Corrected in Shorewall 4.4.19.1
|
|
|
|
3) Shorewall interprets all 'nexthop' routes as default routes when
|
|
analyzing the pre-start routing configuration. This can lead to
|
|
unwanted default routes when the firewall was started or stopped.
|
|
|
|
Corrected in Shorewall 4.4.19.1
|
|
|
|
3) A defect introduced in Shorewall 4.4.17 broke the ability to
|
|
specify ':<low port>-<high port>' in the ADDRESS column of
|
|
/etc/shorewall/masq.
|
|
|
|
Corrected in Shorewall 4.4.19.1
|
|
|
|
4) The changes in 4.4.19.1 that corrected long-standing issues with
|
|
default route save/restore are incompatible with 'gawk'. When
|
|
'gawk' is installed (rather than 'mawk'), awk syntax errors having
|
|
to do with the symbol 'default' were issued.
|
|
|
|
Workaround: Install mawk
|
|
|
|
5) An entry in the USER/GROUP column in the rules and tcrules files
|
|
can cause run-time start/restart failures if the rule(s) being
|
|
added did not have the firewall as the source or and was not being
|
|
added to the POSTROUTING chain.
|
|
|
|
Workaround: Insure that all USER/GROUP matches are only specified
|
|
when the SOURCE is $FW (rules file) or is being added to the
|
|
POSTROUTING chain (:T designator in the tcrules file).
|
|
|