forked from extern/shorewall_code
38 lines
1.3 KiB
Plaintext
38 lines
1.3 KiB
Plaintext
1) On systems running Upstart, Shorewall-init cannot reliably close
|
|
the firewall before interfaces come up.
|
|
|
|
2) Under rare circumstances where COMMENT is used to attach comments
|
|
to rules, OPTIMIZE 8 through 15 can result in invalid
|
|
iptables-restore (ip6tables-restore) input.
|
|
|
|
Corrected in Shorewall 4.4.12.1.
|
|
|
|
3) Under rare circumstances unvolving exclusion, OPTIMIZE 8 through 15
|
|
canresult in invalid iptables-restore (ip6tables-restore) input.
|
|
|
|
Corrected in Shorewall 4.4.12.1.
|
|
|
|
4) The change in 4.4.12 to detect and use the new ipset match syntax
|
|
broke the ability to detect the old ipset match capability.
|
|
|
|
Corrected in Shorewall 4.4.12.1.
|
|
|
|
5) If REQUIRE_INTERFACE=Yes then start/restart will fail
|
|
if the last optional interface tested is not available.
|
|
|
|
Corrected in Shorewall 4.4.12.1.
|
|
|
|
6) The fix for COMMENT and optimization in 4.4.12.1 is incomplete.
|
|
|
|
Corrected in Shorewall 4.4.12.2
|
|
|
|
7) Exclusion in the blacklist file is correctly validated but is then
|
|
ignored when generating iptables (ip6tables) rules.
|
|
|
|
Corrected in Shorewall 4.4.12.2.
|
|
|
|
8) Shorewall allows CONTINUE rules with exclusion. These rules
|
|
generate valid but incorrect iptables (ip6tables) input.
|
|
|
|
Corrected in Shorewall 4.4.12.2 -- these rules are now disallowed.
|