[leaf-devel] Shorewall 3.2.4

Thu, 28 Sep 2006 07:52:14 -0700 

Shorewall 3.2.4 is available at a mirror near you.

The release notes for both Shorewall 3.2.4 and Shorewall Lite 3.2.4 may be
viewed at
http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/releasenotes.txt

One change is worth noting -- while it won't cause you any new problems if you
ignore it, it can speed up "shorewall[-lite] [re]start" and reduce kernel RAM
requirements. What follows also applies to Shorewall Lite users -- simply change
the 'shorewall' directory name to 'shorewall-lite'.

From the release note's 'Problems Corrected':

2)  Previous, when /usr/share/shorewall/xmodules had been copied to
    /etc/shorewall/modules, Shorewall was not looking in the correct
    directory for the "xt_..." modules. There are two parts to the fix:

    - The /usr/share/shorewall/xmodules file has been removed. The
      /usr/share/shorewall/modules file will now load all required
      modules regardless of which kernel version you are running.
    - The MODULESDIR option can now contain a colon-separated list of
      directories to search for modules with the default being:

      /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter:/lib/modules/$(uname
-r)/kernel/net/netfilter

And from the Migration Considerations:

     /usr/share/shorewall/modules contains a *lot* of modules. If you
     use module autoloading (which non-embedded Linux distributions
     do), then you can improve your "shorewall [re]start" time by
     trimming all but the helper modules from the file. To do that,
     create the file /etc/shorewall/modules with the following entries:

        loadmodule ip_conntrack_amanda
        loadmodule ip_conntrack_ftp
        loadmodule ip_conntrack_irc
        loadmodule ip_conntrack_netbios_ns
        loadmodule ip_conntrack_pptp
        loadmodule ip_conntrack_tftp
        loadmodule ip_nat_amanda
        loadmodule ip_nat_ftp
        loadmodule ip_nat_irc
        loadmodule ip_nat_pptp
        loadmodule ip_nat_snmp_basic
        loadmodule ip_nat_tftp

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to