- Update to 4.5.7.1 For more details see changelog.txt and
releasenotes.txt
* When using IPSEC in a multi-ISP configuration, it is possible
for the kernel to mis-route ESP packets. To date, this problem
has only been observed on a system running a 3.5 kernel where
traffic is being tunneled through GRE which is in turn being
tunneled via IPSEC.
This Shorewall release includes a low-cost workaround.
* The Netfilter team have announced their intention to remove the
NOTRACK target in favor of 'CT --notrack'. Shorewall will now
map NOTRACK to 'CT --notrack' if the CT Target is available.
* Previously, the current COMMENT was not being cleared after the
blrules file was processed, causing that COMMENT to be used on
entries in the rules file. That defect has been corrected.
- Add a note to the spec for reviewer explaining the configure
command usage
- Removed following opensuse specific patches as they are merged to
upstream now
+ shorewall-lite-4.5.2-init.patch
+ shorewall6-4.5.2-init.patch
+ shorewall6-lite-4.5.2-init.patch
+ shorewall-init-4.4.21_init_sh.patch
- Added 001-required-stop-fix patch for shorewall-lite/init.suse.sh