I've uploaded 3.9.6.
Problems corrected in 3.9.6.
1) Placing 'ipp2p' in the PROTOCOL column of configuration files now
works.
2) Previously, '!' in the TEST column of the tcrules file was not
handled correctly.
3) The code generated for copying routing tables from provider file
entries was previously incorrect, resulting in run-time errors.
4) Previously, using an ipset in a rule would generate invalid
iptables-restore input.
5) Previously, use of CONTINUE in the tcrules file would cause
generation of invalid iptables-restore input.
6) If a chain's only reference is in the ACTION column of an
accounting rule, a run-time error would occur:
iptables-restore v1.3.6: Couldn't load target
`SJS':/lib/iptables/libipt_SJS.so: cannot open shared object file: No
such file or directory
7) A problem with merging the log level and tag in macro or action
invocations has been corrected.
8) An empty action body no longer results in a run-time error.
9) Shorewall-perl now traps the case where an action invokes itself.
10) Shorewall-perl now traps COMMENT followed by a colon (":") and a
log level.
11) COMMENT in an action body is now properly handled.
12) LOG rules in macros are now handled correctly.
13) Parsing of 'ipp2p' rules has been corrected.
14) Inversion is now handled correctly in packet/connection mark tests.
15) Parsing errors in RATE/BURST and USER/GROUP columns have been
eliminated.
16) ipsets have now been tested and several bugs in their handling have
been corrected.
17) Errors in handling the SOURCE and DEST column during macro
expansion have been corrected.
19) Shorewall-perl now correctly handles the COPY column in provider
definitions.
20) A number of cases where Shorewall-perl did not handle undefined
zones have been corrected.
21) A number of bugs relating to parsing the tunnels file have been
corrected.
Other changes in Shorewall 3.9.6.
1) Eariler generations of Shorewall Lite required that remote root
login via ssh be enabled in order to use the 'load' and 'reload'
commands.
Beginning with this release, you may define an alternative means
for accessing the remote firewall system.
Two new options have been added to shorewall.conf:
RSH_COMMAND
RCP_COMMAND
The default values for these are as follows:
RSH_COMMAND: ssh [EMAIL PROTECTED] ${command}
RCP_COMMAND: scp ${files} [EMAIL PROTECTED]:${destination}
Shell variables that will be set when the commands are envoked are
as follows:
root - root user. Normally 'root' but may be overridden using
the '-r' option.
system - The name/IP address of the remote firewall system.
command - For RSH_COMMAND, the command to be executed on the
firewall system.
files - For RCP_COMMAND, a space-separated list of files to
be copied to the remote firewall system.
destination - The directory on the remote system that the files
are to be copied into.
2) The accounting, masq, rules and tos files now have a 'MARK' column
similar to the column of the same name in the tcrules file. This
column allows filtering by MARK and CONNMARK value.
3) SOURCE and DEST are now reserved zone names to avoid problems with
bi-directional macro definisions which use these as names as key
words.
-Tom
--
Tom Eastep
NonStop OS & Languages
NonStop[tm] Enterprise Division, Hewlett-Packard Company
206-542-7751 (Voice and Fax)
[EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
