shorewall_code/Shorewall/known_problems.txt
2009-12-08 08:36:09 -08:00

47 lines
1.5 KiB
Plaintext

1) The change which removed the 15 port limitation on
/etc/shorewall/routestopped was incomplete. The result is that if
more than 15 ports are listed, an error is generated.
This problem is corrected in Shorewall 4.4.4.1.
2) If any interfaces have the 'bridge' option specified, compilation
fails with the error:
Undefined subroutine &Shorewall::Rules::match_source_interface called
at /usr/share/shorewall/Shorewall/Rules.pm line 2319.
This problem is corrected in Shorewall 4.4.4.1.
3) The 'show policies' command doesn't work in Shorewall6 and
Shorewall6-lite.
This problem is corrected in Shorewall 4.4.4.2.
4) In some contexts, DNS names are not accepted by Shorewall6.
This problem is corrected in Shorewall 4.4.4.2.
5) An iptables-restore error can occur if port 0 is specified in some
contexts.
In Shorewall 4.4.4.2, port 0 is flagged as an error in all
contexts.
6) The Shorewall6-lite shorecap program is including the wrong
library. Also, Shorewall6 capabilities detection is determining the
presense of the mangle table before it ensures that ip6tables can
be located.
Fixed in Shorewall6 4.4.4.2 and Shorewall6-lite 4.4.4.2.
7) The command 'shorewall reload -c <host>' ignores the setting of
DONT_LOAD, causing unwanted modules to be loaded.
This problem can be worked around on the firewall system by copying
/usr/share/shorewall-lite/modules to /etc/shorewall-lite/ and then
removing the unwanted modules from the copied file.