Problems Corrected in 2.4.7
1) When MACLIST_TABLE=mangle and an interface is enabled for DHCP (the
''dhcp'' option is specified in /etc/shorewall/interfaces)
then broadcasts
on UDP port 67 to address 255.255.255.255 from address 0.0.0.0 were being
dropped and logged. While this did not prevent the client from acquiring
an IP address, it could result in lots of log messages.
2) Entries for openvpn tunnels (including openvpnclient and
openvpnserver) that specify a port but no protocol cause startup
errors as follows:
iptables v1.3.3: unknown protocol `1194'' specified
Try `iptables -h'' or ''iptables --help'' for
more information.
ERROR: Command "/usr/sbin/iptables -A net2fw -p 1194 -s
0.0.0.0/0 --sport 1194 -j ACCEPT" Failed
The problem may be worked around by specifying the protocol as well
(e.g., "openvpn:udp:3455).
3) If the previous firewall configuration included a policy other than
ACCEPT in the nat, mangle or raw tables then Shorewall would not set
the policy to ACCEPT. This could result in a ruleset that rejected or
dropped all traffic.
4) Specifying an interface name in the SOURCE column
of /etc/shorewall/tcrules resulted in a startup error.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key