I've uploaded Beta 5. Problems corrected in 4.0.0 Beta 5.
1) With Shorewall-perl, if a bridge port was used to qualify the SOURCE
in a rule where there was also a DEST interface, then the following
diagnostic was produced:
Undefined subroutine &Shorewall::Chains::source_port_to_bridge called
at /usr/share/shorewall-perl/Shorewall/Chains.pm line 1521,
<$currentfile> line 363.
2) 'shorewall dump', 'shorewall show log' and 'shorewall logwatch'
work again.
3) The 'mss' zone option and the CLAMPMSS=<number> option in
shorewall.conf could previously *increase* the MSS in a
packet; this possibility has been eliminated.
Other changes in Shorewall 4.0.0 Beta 5.
1) The Perl compiler is now externalized. Both the compiler.pl program
and the Perl Module interface are documented.
The compiler program is /usr/share/shorewall-perl/compiler.pl:
compiler.pl [ <option> ... ] [ <filename> ]
If a <filename> is given, then the configuration will be compiled
output placed in the named file. If <filename> is not given, then
the configuration will simply be syntax checked.
Options are:
-v <verbosity>
--verbosity=<verbosity>
The <verbosity> is a number between 0 and 2 and corresponds to
the VERBOSITY setting in shorewall.conf. This setting controls
the verbosity of the compiler itself.
-e
--export
If given, the configuration will be compiled for export to
another system.
-d <directory>
--directory=<directory>
If this option is omitted, the configuration in /etc/shorewall
is compiled/checked. Otherwise, the configuration in the named
directory will be compiled/checked.
-t
--timestamp
If given, each progress message issued by the compiler and by
the compiled program will be timestamped.
Example (compiles the configuration in the current directory
generating a script named 'firewall' and using VERBOSITY
2).
/usr/share/shorewall-perl/compiler.pl -v 2 -d . firewall
Note: For compatibility with Shorewall 3.4.2 and later 3.4
releases, options not passed on the run-line get their values from
environmental variables:
Option Variable
--verbosity VERBOSE
--export EXPORT
--directory SHOREWALL_DIR
--timestamp TIMESTAMP
The Perl Module is externalized as follows:
use lib '/usr/share/shorewall-perl';
use Shorewall::Compiler;
compiler $filename, $directory, $verbose, $options
The arguments to the compiler function are as follows:
$filename - Name of the compiled script to be created.
If the arguments evaluates to false, the
configuration is syntax checked
$directory - The directory containing the configuration.
If passed as '', then /etc/shorewall/ is assumed.
$verbose - The verbosity level (0-2).
$options - A bitmap of options. Shorewall::Compiler
exports two constants to help building this
argument:
EXPORT = 0x01
TIMESTAMP = 0x02
The compiler raises an exception with 'die' if it encounters an
error; $@ contains the 'ERROR' messages describing the problem.
The compiler function can be called repeatedly with different
inputs.
2) When TC_ENABLED=Internal, Shorewall-perl now validates classids in
the MARK/CLASSIFY column of /etc/shorewall/tcrules against the
classes generated by /etc/shorewall/tcclasses.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
