1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
|
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
2) If you install 4.6.4 and then use the 'safe-restart' command to
restart your firewall, confusing output is produced:
# shorewall safe-restart
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
...
Optimizing Ruleset...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Currently-running Configuration Saved to /var/lib/shorewall/.safe
Usage: /var/lib/shorewall/firewall [ options ] <command>
<command> is one of:
start
stop
clear
disable <interface>
down <interface>
enable <interface>
reset
refresh
restart
run <command> [ <parameter> ... ]
status
up <interface>
version
Options are:
-v and -q Standard Shorewall verbosity controls
-n Don't update routing configuration
-p Purge Conntrack Table
-t Timestamp progress Messages
-V <verbosity> Set verbosity explicitly
-R <file> Override RESTOREFILE setting
Restarting...
Restarting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
...
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
Do you want to accept the new firewall configuration? [y/n]
The above 'usage' information, while confusing, does not represent a
problem and it is safe to answer 'y'.
Corrected in Shorewall 4.6.4.1.
3) The 'Universal' sample configuration fails to start.
Workaround: Remove the 'optional' option from the interfaces file
entry.
Corrected in Shorewall 4.6.4.1.
4) Setting LOGBACKEND=ipt_LOG may result in the following startup
failure at boot:
Starting shorewall ...
/var/lib/shorewall/firewall: line 2080: echo: write error: No such file or directory
WARNING: Unable to set log backend to ipt_LOG
Partially corrected in Shorewall 4.6.4.2. Fixed on Squeeze and
RHEL6 (and derivatives). Not fixed on Fedora, Ubuntu and OpenSuSE.
Corrected on other distros in 4.6.4.3.
|