forked from extern/shorewall_code
473f7d7361
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4445 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
355 lines
8.7 KiB
Plaintext
355 lines
8.7 KiB
Plaintext
Changes in 3.2.4
|
|
|
|
1) Move 'do_initialize()' to functions.
|
|
|
|
2) Move common config file parsing to functions.
|
|
|
|
3) Fix handling of 'start' command with directory name.
|
|
|
|
--------------------------------------------------------------------------------
|
|
Changes in 3.2.3
|
|
|
|
1) Add 'export' command.
|
|
|
|
2) Apply Cedric Schieli's patch for the functions file.
|
|
|
|
3) Implement TC_EXPERT.
|
|
|
|
4) Correct 'del_ip_addr' screwup.
|
|
|
|
5) Make 'detectnets' fatal with default route.
|
|
|
|
6) Make 'check -e' behave properly with TC
|
|
|
|
7) Fix SUBSYSLOCK.
|
|
|
|
8) Fix mss= and the firewall zone.
|
|
|
|
9) Add Natanael Copa's fix for BusyBox ash.
|
|
|
|
10) Ensure that interface is UP and configured in multi-ISP 'optional'
|
|
detection.
|
|
|
|
11) Fix "shorewall add" command
|
|
|
|
12) Fix "shorewall refresh" so that subsequent "shorewall save" works
|
|
correctly.
|
|
|
|
13 Fix DETECT_DNAT_IPADDRS=Yes address detection bug.
|
|
|
|
--------------------------------------------------------------------------------
|
|
Changes in 3.2.2
|
|
|
|
1) Correct handling of shorewall.conf options in exported scripts.
|
|
|
|
2) Avoid creating empty files /nat and /proxyarp.
|
|
|
|
3) Add -f option to 'show' command.
|
|
|
|
4) Avoid enabling deferred output hook processing during capabilities
|
|
probe.
|
|
|
|
5) Add -n option to install.sh
|
|
|
|
6) Add -s option to "shorewall [re]load"
|
|
|
|
7) Add 'optional' option to providers file.
|
|
|
|
8) Add 'reset' command to prog.footer.
|
|
--------------------------------------------------------------------------------
|
|
Changes in 3.2.1
|
|
|
|
1) Change the detection of physdev match to use
|
|
--physdev-out. Preparation for removal of physdev-out match
|
|
capability.
|
|
|
|
2) Add missing edits to configuration parameters in firewall script.
|
|
|
|
3) Fix 'hits' formatting under BusyBox 1.2.0.
|
|
|
|
4) Remove requirement for extended marks with 'track'.
|
|
|
|
5) Fixed output of 'hits' with spaces as delimiters in /etc/services.
|
|
|
|
6) Fixed modules/xmodules snafu.
|
|
|
|
7) Fix version in shorewall.conf.
|
|
|
|
8) Add /usr/share/shorewall-lite: to the front of CONFIG_PATH in
|
|
/usr/share/shorewall/configfiles/shorewall.conf.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Final
|
|
|
|
1) Avoid extraneous double quotes in log rules generated at run-time.
|
|
|
|
Changes in 3.2.0 RC 6
|
|
|
|
1) Correct generation of the balanced default route.
|
|
|
|
2) Allow 'detect' in the ADDRESS column of the masq file.
|
|
|
|
3) Correct some permission problems.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 RC 5
|
|
|
|
1) Fix DOA 'LITEDIR' problem in /sbin/shorewall.
|
|
|
|
2) Stop the compiler from running iptables.
|
|
|
|
3) Avoid problem with ash.
|
|
|
|
4) Make the 'try' command use the correct SHOREWALL_SHELL.
|
|
|
|
5) Don't defer Action/chain extension script processing until
|
|
run-time.
|
|
|
|
6) Run extension script for policy chains.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 RC 4
|
|
|
|
1) Fix permissions on Limit file.
|
|
|
|
2) Make progress messages product-specific.
|
|
|
|
3) Add 'reload' command.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 RC 3
|
|
|
|
1) Remove hard directory references from compiled programs.
|
|
|
|
2) Fix /nat <-> /proxyarp typo.
|
|
|
|
3) Avoid use of symbolic link for /sbin/shorewall
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 RC 2
|
|
|
|
1) Update versions.
|
|
|
|
2) Rationalize the use of IPTABLES and LOGFORMAT.
|
|
|
|
3) Allow Shorewall/Shorewall-lite coexistance under RPM
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 RC 1
|
|
|
|
1) Update versions.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 8
|
|
|
|
1) Issue more helpful BRIDGING=No error messages.
|
|
|
|
2) Implement "all-" in rules file.
|
|
|
|
3) Add xmodules file.
|
|
|
|
4) Detect devices in tcdevices entries.
|
|
|
|
5) Fix for white-space in log prefix.
|
|
|
|
6) Fix rule parsing of single excluded MAC address.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 7
|
|
|
|
1) Fix mark/mask validation.
|
|
|
|
2) Restore traffic control to 'refresh'.
|
|
|
|
3) Detect MTU for entries in /etc/shorewall/tcdevices.
|
|
|
|
4) Avoid fatal error after missing forwardUPnP rule warning.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 6
|
|
|
|
1) Fix tc "notfound" errors when 'restart' is run out of ip-up.local.
|
|
|
|
2) Allow 'detectnets' to work.
|
|
|
|
3) Add TOS column to tcrules.
|
|
|
|
4) Fix 'proxyarp' interface attribute handling.
|
|
|
|
5) Fix default route generation in providers handling.
|
|
|
|
6) Change interraction of 'track' and PREROUTING marking.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 5
|
|
|
|
1) Fix compilation problem on LEAF Bering.
|
|
|
|
2) Remove traffic shaping code from the 'firewall' script to avoid
|
|
unmaintainable code duplication.
|
|
|
|
3) Fix DETECT_DNAT_IPADDRS=No bug.
|
|
|
|
4) Handle absense of mangle FORWARD chain.
|
|
|
|
5) Rename the rtrules file to route_rules.
|
|
|
|
6) Fix deletion of SNAT ip addresses.
|
|
|
|
7) Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.
|
|
|
|
8) Clear SUBSYSLOCK on Debian/Ubuntu installs.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 4
|
|
|
|
1) Fix 'routeback' with bridge ports.
|
|
|
|
2) Add support for explicit routing rules.
|
|
|
|
3) Fix mktempdir problem.
|
|
|
|
4) Implement HIGH_ROUTE_MARKS
|
|
|
|
Changes in 3.2.0 Beta 3
|
|
|
|
1) Correct handling of verbosity in the 'try' command.
|
|
|
|
2) Add IMPLICIT_CONTINUE option to shorewall.conf.
|
|
|
|
3) Fix SAME/ADD_SNAT_ALIASES interaction.
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.2.0 Beta 2
|
|
|
|
1) Make "shorewall start -f" work correctly.
|
|
|
|
2) Remove SUBSYSLOCK code from default and debian footers.
|
|
|
|
3) Add 'refreshed' extension script.
|
|
|
|
4) Implement 'logdrop' and 'logreject'
|
|
|
|
-------------------------------------------------------------------------------
|
|
Changes in 3.1.x. and 3.2.x
|
|
|
|
1) Removal of dynamic zones.
|
|
|
|
2) Implement 'generate' command.
|
|
|
|
3) Implement 'super-quiet' mode using multiple -q options (e.g., -qq).
|
|
|
|
4) Add back dynamic zones.
|
|
|
|
5) Allow remote compiles.
|
|
|
|
6) Change output of 'generate' to always be the file name entered (do not
|
|
prepend /var/lib/shorewall/)
|
|
|
|
7) Remove some restrictions on remote compiles.
|
|
|
|
8) Add error checking to generated script.
|
|
|
|
9) Merge Fabio Longerai's 'length' patch.
|
|
|
|
10) Add the "-p" option to the compile command.
|
|
|
|
11) Fix 'check' bug in setup_masq
|
|
|
|
12) Break compiler/firewall into two files
|
|
|
|
13) Make Shoreall quiet for a change.
|
|
|
|
14) Make "Compile-and-go" the only mode of operation.
|
|
|
|
15) Remove -p
|
|
|
|
16) Apply Tuomo's patches for IPSEC and Noecho.
|
|
|
|
17) Fix bridging
|
|
|
|
18) Fix QUEUE when used in the ESTABLISHED section.
|
|
|
|
19) Apply Ed Suominen's patch to tcrules.
|
|
-------------------------------------------------------------------------------
|
|
3.1.5
|
|
|
|
20) Speed up compilation by rewriting 'fix_bang()'.
|
|
|
|
21) Correct GATEWAY handling in the providers file.
|
|
|
|
22) Remove sub-zone exclusion from DNAT/REDIRECT.
|
|
|
|
23) Add compiled-program/library versioning scheme.
|
|
|
|
-------------------------------------------------------------------------------
|
|
3.1.6
|
|
|
|
24) Apply Steven Springl's help patch.
|
|
|
|
25) Fix 'allow/drop/reject' while Shorewall not running.
|
|
|
|
26) Implement bi-directional macros.
|
|
|
|
27) Fix TC bridge port handling.
|
|
|
|
28) Fix/document "check -e"
|
|
|
|
29) Automatically use capabilities file when non-root.
|
|
|
|
30) Correct typo in help file ("help drop").
|
|
|
|
31) Added 'tcpsyn'
|
|
|
|
-------------------------------------------------------------------------------
|
|
3.1.7
|
|
|
|
32) Change 'tcpsyn' to 'tcp:syn'
|
|
|
|
33) Remove superfluous rules in MAC validation.
|
|
|
|
34) Correct Makefile.
|
|
|
|
35) Add -t option
|
|
|
|
36) Restore log messages.
|
|
|
|
37) Fix "shorewall capabilities" with VERBOSITY < 2.
|
|
|
|
-------------------------------------------------------------------------------
|
|
3.1.8
|
|
|
|
38) Remove compile-time running of extension scripts.
|
|
|
|
39) Correctly handle interfaces named 'inet'.
|
|
|
|
40) SUBSYSLOCK functionality restored.
|
|
|
|
-------------------------------------------------------------------------------
|
|
3.1.9
|
|
|
|
41) Fix Provider route generation when a specific gateway is specified.
|
|
|
|
42) Be sure that restore file name is preserved regardless of 'set --' in
|
|
define_firewall().)
|
|
|
|
43) Add Simon's redhat prog files.
|
|
|
|
44) Add 'delete_nat' to compiled program.
|
|
|
|
45) Move 'shorecap' to /usr/share/shorewall
|
|
|
|
46) Add debian prog files.
|
|
|
|
47) Correct syntax error in validate_policy()
|
|
-------------------------------------------------------------------------------
|
|
3.2.0 Beta 1.
|
|
|
|
48) Streamlined some code in setup_tc1()
|
|
|
|
49) Process /etc/shorewall/params at run-time.
|
|
|
|
50) Add new modules to /etc/shorewall/modules.
|
|
|
|
51) Make default behavior of "compile" distribution-neutral.
|