-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Shorewall 5.0.13 is now available for download.
Problems Corrected: 1) This release contains defect repair from 5.0.12.1. 2) The compiler now detects shell metacharacters in interface names defined in /etc/shorewall[6]/interfaces. Previously, such characters could cause runtime failures in the generated script. 3) Previously, the compiler ignored DEST column entries in inline mangle action bodies. That value is now used unless it is '-', in which case the DEST column value in the action invocation is used. New Features: 1) A 'disconnect' option has been added to the DYNAMIC_BLACKLIST setting. The option is only accepted for ipset-based dynamic blacklisting and requires that the 'conntrack' utility be installed. See shorewall[6].conf(5) for details. With this option, when an address is blackliseted using the 'blacklist' command, the conntrack utility is used to break all connections from that address. If the 'src-dst' option is also specified in the BLACKLIST setting, then all connections to the address are also broken. If the effective VERBOSITY is greater than 0, then a messages is displayed that indicated the number of flows deleted by the command. If the effective VERBOSITY is 2, the conntrack entries delected by the command are also displayed. This option is more efficient for packet processing than including the ESTABLISHED state in the BLACKLIST setting. 2) A 'timeout' option has been added to the DYNAMIC_BLACKLIST setting. The option is only accepted for ipset-based dynamic blacklisting and causes entries in the blacklist ipset to be automatically deleted if they are not matched within a specified time. See shorewall[6].conf(5) for details. 3) A new FIREWALL option has been added to shorewall[6].conf. This option is intended to be used on an admisitrative system in configurations of remote firewalls. It defines the DNS name or IP address of the remote system so that the system name does not have to be given in the remote-start, remote-reload and remote-restart commmands. See shorewall[6](8) for details. 4) Shorewall6 now allows more that one provider to specify the 'balance' or 'fallback' options. 5) When using port numbers (as opposed to service names), the hyphen ("-") is now accepted as the separator in port ranges. When service names are used, the colon (":") must still be used. Thank you for using Shorewall, - -Tom and the rest of the Shorewall Team - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYBkd3AAoJEJbms/JCOk0QVDkP/jelBsfa3yZR9fv1psgeq3f+ FerAHKTVo3W+2a49abVweDmTuVwnA+n+0XSVdKhzxPPHWMGRscE6hnc7SNupmBdU Dw9dYTdVRhAMKNrS2BlojsJon/ojhIFU9KcEqBMbWgNA1XXoa7CRg5+r9QgOIu2E feCyIyIhCq2bL+nUPqg6kp7agHmYrtRDI6HiAY02rO2uEVYlTWkQ16uoOQPS/0xg X3ka6NqWbHTneizKpbzn1YXxi4aDhoR5WpdlSmzzTJ5sU6TxAR2r7bP6lOEAaffv u1Vi3L4SIS31FtfTiAHPZhhqP2ilJJ4vGh57db3X2SellZiru9SpfFpg1c5fTf6O duR1YA31Nj5XVDugOcO4oJWZ9mMB+QK/XFTw1lAz2HMqGC9QqL+rWLiGC+ERHvqa 2BWSDkv4YUgJ03VW/kSBN4eharUMQHhy9bdJ8TuurhfQBPxSNxKpUMolhpdQD883 N0hvPpplfp9ZFLZnJecMB6o1i3H1UAvwYh5FsZyTPtlXJ5Z+EA/nb0sLZ3x1qYWe 0dCQLeytLGfO67ioA65S4+Inj4ku75t5E6Arsup6WWvj1LxG6N78YGzftO4lGZ+V DHwmUU3ipUBTbh7NS8r9KVbwKAIWNxeyWC91T1KYIuEhqEuAyOqz1pkqJUeV2CIi 3QoDYliug85bmN9Mu2iw =glXF -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users