Shorewall 4.4.0 Beta 2 is now available for download. http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2/ ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta2
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 2
----------------------------------------------------------------------------
1) The find_first_interface_address() and
find_first_interface_addresss_if_any() functions were not in scope when
/etc/shorewall/params was processed.
2) The compiled script could fail with an error such as the following
when the internal traffic shaper was enabled:
ERROR: Command "tc qdisc add dev dsl0 root handle 1: htb
default 0 r2q 5.5" Failed
3) The help output from the install.sh scripts mentioned the '-n'
option but support for that option has been removed.
4) The 'continue' script is no longer used in Shorewall 4.4 but it was
still being released.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0 Beta 2
----------------------------------------------------------------------------
1) A 'upnpclient' option has been added to
/etc/shorewall/interfaces. This option is intended for laptop users
who always run Shorewall on their system yet need to run
UPnP-enabled client apps such as Transmission (BitTorrent client).
The option causes Shorewall to detect the default gateway through
the interface and to accept UDP packets from that gateway. Note
that, like all aspects of UPnP, this is a security hole so use this
option at your own risk.
2) 'iptrace' and 'noiptrace' commands have been added to both
/sbin/shorewall and /sbin/shorewall6.
These are low-level debugging commands that cause
iptables/ip6tables TRACE log messages to be generated. See 'man
iptables' and 'man ip6tables' for details.
The syntax for the commands is:
iptrace <iptables/ip6tables match expression>
noiptrace <iptables/ip6tables match expression>
iptrace starts the trace; noiptrace turns it off.
The match expression must be an expression that is legal in both
the raw table OUTPUT and PREROUTING chains.
Examaple:
To trace all packets destined for IP address 206.124.146.176:
shorewall iptrace -d 206.124.146.176
To turn that trace off:
shorewall noiptrace -d 206.124.146.176
3) A USER/GROUP column has been added to /etc/shorewall/masq. The
column works similarly to USER/GROUP columns in other Shorewall
configuration files. Only locally-generated traffic is matched.
4) A new extension script, 'lib.private' has been added. This file is
intended to include declarations of shell functions that will be
called by the other run-time extension scripts.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
