-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Shorewall 5.0.13 is now available for download.
Problems Corrected:
1) This release contains defect repair from 5.0.12.1.
2) The compiler now detects shell metacharacters in interface names
defined in /etc/shorewall[6]/interfaces. Previously, such
characters could cause runtime failures in the generated script.
3) Previously, the compiler ignored DEST column entries in inline
mangle action bodies. That value is now used unless it is '-', in
which case the DEST column value in the action invocation is used.
New Features:
1) A 'disconnect' option has been added to the DYNAMIC_BLACKLIST
setting. The option is only accepted for ipset-based dynamic
blacklisting and requires that the 'conntrack' utility be
installed. See shorewall[6].conf(5) for details.
With this option, when an address is blackliseted using the
'blacklist' command, the conntrack utility is used to break all
connections from that address. If the 'src-dst' option is also
specified in the BLACKLIST setting, then all connections to the
address are also broken. If the effective VERBOSITY is greater than
0, then a messages is displayed that indicated the number of flows
deleted by the command. If the effective VERBOSITY is 2, the
conntrack entries delected by the command are also displayed.
This option is more efficient for packet processing than including
the ESTABLISHED state in the BLACKLIST setting.
2) A 'timeout' option has been added to the DYNAMIC_BLACKLIST setting.
The option is only accepted for ipset-based dynamic blacklisting
and causes entries in the blacklist ipset to be automatically
deleted if they are not matched within a specified time. See
shorewall[6].conf(5) for details.
3) A new FIREWALL option has been added to shorewall[6].conf. This
option is intended to be used on an admisitrative system in
configurations of remote firewalls. It defines the DNS name or IP
address of the remote system so that the system name does not have
to be given in the remote-start, remote-reload and remote-restart
commmands. See shorewall[6](8) for details.
4) Shorewall6 now allows more that one provider to specify the
'balance' or 'fallback' options.
5) When using port numbers (as opposed to service names), the hyphen
("-") is now accepted as the separator in port ranges. When service
names are used, the colon (":") must still be used.
Thank you for using Shorewall,
- -Tom and the rest of the Shorewall Team
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYBkd3AAoJEJbms/JCOk0QVDkP/jelBsfa3yZR9fv1psgeq3f+
FerAHKTVo3W+2a49abVweDmTuVwnA+n+0XSVdKhzxPPHWMGRscE6hnc7SNupmBdU
Dw9dYTdVRhAMKNrS2BlojsJon/ojhIFU9KcEqBMbWgNA1XXoa7CRg5+r9QgOIu2E
feCyIyIhCq2bL+nUPqg6kp7agHmYrtRDI6HiAY02rO2uEVYlTWkQ16uoOQPS/0xg
X3ka6NqWbHTneizKpbzn1YXxi4aDhoR5WpdlSmzzTJ5sU6TxAR2r7bP6lOEAaffv
u1Vi3L4SIS31FtfTiAHPZhhqP2ilJJ4vGh57db3X2SellZiru9SpfFpg1c5fTf6O
duR1YA31Nj5XVDugOcO4oJWZ9mMB+QK/XFTw1lAz2HMqGC9QqL+rWLiGC+ERHvqa
2BWSDkv4YUgJ03VW/kSBN4eharUMQHhy9bdJ8TuurhfQBPxSNxKpUMolhpdQD883
N0hvPpplfp9ZFLZnJecMB6o1i3H1UAvwYh5FsZyTPtlXJ5Z+EA/nb0sLZ3x1qYWe
0dCQLeytLGfO67ioA65S4+Inj4ku75t5E6Arsup6WWvj1LxG6N78YGzftO4lGZ+V
DHwmUU3ipUBTbh7NS8r9KVbwKAIWNxeyWC91T1KYIuEhqEuAyOqz1pkqJUeV2CIi
3QoDYliug85bmN9Mu2iw
=glXF
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
