pool/shorewall
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
shorewall/README.openSUSE
Bruno Friedmann d012054f24 Accepting request 790648 from home:bruno_friedmann:branches:security:netfilter 
- Update to version 5.2.4
  https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt 
  + Previously, when a Shorewall6 firewall was placed into the
    'stopped' state, ICMP6 packets required by RFC 4890 were not
    automatically accepted by the generated ruleset.
    Beginning with this release, those packets are automatically
    accepted.
  + Previously, the output of 'shorewall[6] help' displayed the
    superseded 'load' command. That text has been deleted.
  + The QOSExample.html file in the documentation and on the web site
    previously showed tcrules content for the /etc/shorewall/mangle
    file (recall that 'mangle' superseded 'tcrules'). That page has
    been corrected.
  + The 'Starting and Stopping' and 'Configuration file basics'
    documents have been updated to align them with the current product
    behavior.
  +  The 'ipsets' document has been updated to clarify the use of
    ipsets in the stoppedrules file.
- Packaging
  + shorewall-init package has a removed %service_del_postun
    macro to close bug boo#1166114 Restarting this service can
    lock down admin out of the system.
  + shorewall(6) and shorewall(6)-lite conflict has they shouldn't
    be installed together on the same system.
  + conf_update flag is set to 1 to activate update reminder
  + Adjust and cleanup requires

OBS-URL: https://build.opensuse.org/request/show/790648
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/shorewall?expand=0&rev=259
2020-04-01 18:47:35 +00:00

33 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

WARNING
========
Some openSUSE packages include a service file for ease of the
SuSEfirewall2 or firewalld configuration, opening the necessary ports.
You have to open the required ports yourself using the Shorewall
configuration files.
SuSEfirewall2, firewalld are integrated with Yast so configuration
can be done via a GUI.
This is not the case for Shorewall.
Enabling Firewall in /etc/sysconfig/network/config or in individual
ifcfg-xxx files is not enough.
If using shorewall-init /etc/sysconfig/shorewall-init should be
configured.
As the shorewall web page states
"Shorewall is not the easiest to use of the available iptables
configuration tools but I believe that it is the most flexible
and powerful. So if you are looking for a simple point-and-click
set-and-forget Linux firewall solution that requires a minimum of
networking knowledge, check out alternatives."
On each version upgrade Major and or Major,Minor you have to
upgrade your configuration with the shorewall update -a
command.
Now that you are warned, remember to have fun !
Reference in New Issue View Git Blame Copy Permalink