Beta 3 is now available for testing. --------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ----------------------------------------------------------------------------
1) Previously, Shorewall6 produced an untidy sequence of error
messages when an attempt was made to start it on a system running a
kernel older than 2.6.24:
[r...@localhost shorewall6]# shorewall6 start
Compiling...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Compiling /etc/shorewall6/zones...
...
Shorewall configuration compiled to /var/lib/shorewall6/.start
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
/usr/share/shorewall6/lib.common: line 73:
[: -lt: unary operator expected
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
[r...@localhost shorewall6]#
This has been corrected so that a single ERROR message is
generated.
2) Previously, an ipset name appearing in the /etc/shorewall/hosts
file could be qualified with a list of 'src' and/or 'dst' enclosed
in quotes. This was virtually guaranteed not to work since the set
must match when used to verify both a packet source and a
packet destination. Now, the following error is raised:
ERROR: ipset name qualification is disallowed in this file
As part of this change, the ipset name is now verified to begin
with a letter and be composed of letters, digits, underscores ("_")
and hyphens ("-").
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Shorewall now uses the 'conntrack' utility for 'show connections'
if that utility is installed. Going forward, the Netfilter team
will be enhancing this interface rather than the /proc interface.
2) The CPU time required for optimization has been reduced by 2/3.
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
