Beta 6 is now available for testing. Pay close attention to the Blacklisting change in this release; static blacklisting is incompatible with blacklisting in Beta 5.
Problems corrected:
1) 'shorewall clear' (and 'shorewall6 clear') now work again (broken
in Beta 5).
2) To work around an issue in Netfilter/iptables, Shorewall now uses
state match rather than conntrack match for UNTRACKED state
matching.
New Features:
1) Blacklisting has undergone considerable change in Shorewall 4.4.13.
a) Blacklisting is now based on zones rather than on interfaces and
host groups.
b) Near compatibility with earlier releases is maintained.
c) The keywords 'src' and 'dst' are now preferred in the OPTIONS
column in /etc/shoreawll/blacklist, replacing 'from' and 'to'
respectively. The old keywords are still supported.
d) The 'blacklist' keyword may now appear in the OPTIONS,
IN_OPTIONS and OUT_OPTIONS fields in /etc/shorewall/zones.
i) In the IN_OPTIONS column, it indicates that packets received
on the interface are checked against the 'src' entries in
/etc/shorewall/blacklist.
ii) In the OUT_OPTIONS column, it indicates that packets being
sent to the interface are checked against the 'dst' entries.
iii) Placing 'blacklist' in the OPTIONS column is equivalent to
placing in in both the IN_OPTIONS and OUT_OPTIONS columns.
e) The 'blacklist' option in the OPTIONS column of
/etc/shorewall/interfaces or /etc/shorewall/hosts is now
equivalent to placing it in the IN_OPTIONS column of the
associates record in /etc/shorewall/zones. If no zone is given
in the ZONE column of /etc/shorewall/interfaces, the 'blacklist'
option is ignored with a warning (it was previously ignored
silently).
f) The 'blacklist' option in the /etc/shorewall/interfaces and
/etc/shorewall/hosts files is now deprecated but will continue
to be supported for several releases. A warning will be added at
least one release before support is removed.
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
