Beta 4 is now available for testing. Problems Corrected:
None.
New Features:
1) Shorewall now supports the SECMARK and CONNSECMARK targets for
manipulating the SELinux context of packets.
See the shorewall-secmarks and shorewall6-secmarks manpages for
details.
As part of this change, the tcrules file now accepts chain
designators 'I' and 'CI' for marking packets in the input chain.
2) The 'blacklist' interface option may now have one of 2 values:
1 - Inbound blacklisting
2 - Outbond blacklisting
Inbound blacklisting is targeted for use on Internet-facing
interfaces. Incoming packets are passed against the blacklist
entries with the 'from' option (either explicitly or defaulted).
Traffic originating on the firewall is passed against the blacklist
entries with the 'to' option.
Outbound blacklisting is targeted for use on internal
interfaces. Packets arriving on these interfaces is passed against
the blacklist entries with the 'to' option.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
