Overview
Request 785384 accepted
- Update to minor bugfix version 5.2.3.7
+ When DOCKER=Yes, if both the DOCKER-ISOLATE and
DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-*
chains were not preserved through shorewall state changes.
That has been corrected so that both chains are preserved if
present.
+ Previously, the compiler always detected the OLD_CONNTRACK_MATCH
capability as being available in IPv6. When OLD_CONNTRACK_MATCH
was available, the compiler also mishandled inversion ('!') in the
ORIGDEST columns, leading to an assertion failure.
Both the incorrect capability detection and the mishandled
inversion have been corrected.
+ During 'enable' processing, if address variables associated with
the interface have values different than those when the firewall
was last started/restarted/reloaded, then a 'reload' is performed
rather than a simple 'enable'. The logic that checks for those
changes was incorrect in some configurations, leading to unneeded
reload operations. That has been corrected.
+ When MANGLE_ENABLED=No in shorewall[6].conf, some features
requiring use of the mangle table can be allowed, even though the
mangle table is not updated. That has been corrected such that use
of such features will raise an error.
+ When the IfEvent(...,reset) action was invoked, the compiler
previously emitted a spurious "Resetting..." message. That message
has been suppressed.
- Packaging
+ Do not provide anymore unsused notrack file
+ Introduce define conf_need_update to track when we activate the
+ Add version to requires in -lite version
- Created by bruno_friedmann
- In state accepted
-
Package maintainers:
bruno_friedmann and
polslinux
Request History
bruno_friedmann created request
- Update to minor bugfix version 5.2.3.7
+ When DOCKER=Yes, if both the DOCKER-ISOLATE and
DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-*
chains were not preserved through shorewall state changes.
That has been corrected so that both chains are preserved if
present.
+ Previously, the compiler always detected the OLD_CONNTRACK_MATCH
capability as being available in IPv6. When OLD_CONNTRACK_MATCH
was available, the compiler also mishandled inversion ('!') in the
ORIGDEST columns, leading to an assertion failure.
Both the incorrect capability detection and the mishandled
inversion have been corrected.
+ During 'enable' processing, if address variables associated with
the interface have values different than those when the firewall
was last started/restarted/reloaded, then a 'reload' is performed
rather than a simple 'enable'. The logic that checks for those
changes was incorrect in some configurations, leading to unneeded
reload operations. That has been corrected.
+ When MANGLE_ENABLED=No in shorewall[6].conf, some features
requiring use of the mangle table can be allowed, even though the
mangle table is not updated. That has been corrected such that use
of such features will raise an error.
+ When the IfEvent(...,reset) action was invoked, the compiler
previously emitted a spurious "Resetting..." message. That message
has been suppressed.
- Packaging
+ Do not provide anymore unsused notrack file
+ Introduce define conf_need_update to track when we activate the
+ Add version to requires in -lite version
polslinux accepted request
lgtm, thanks Bruno!
