Beta 1 is now available for testing.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) If the current environment exported the VERBOSE variable with a
non-zero value, then startup would fail.
2) If a route existed for an entire RFC1918 subnet (10.0.0.0/8,
172.20.0.0/12 or 192.168.0.0/16), then setting
NULL_ROUTE_RFC1918=Yes would cause the route to be replaced with an
'unreachable' one.
3) Shorewall6 failed to start correctly if all the following were true:
- Shorewall was installed using the tarball. It may have
subsequently been installed using a distribution-specific package
or the rpm from shorewall.net without first unstalling the
tarball components.
- Shorewall6 was installed using a distribution-specific package or
the rpm from shorewall.net.
- The file /etc/shorewall6/init was not created.
4) If an interface with physical='+' is given the 'optional' or
'required', then invalid shell variables names were generated by the
compiler.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Previously, /usr/share/shorewall/compiler.pl expected the contents
of the params file to be passed in the environment. Now, the
compiler invokes a small shell program
(/usr/share/shorewall/getparams) to process the file and to pass
the (variable,value) pairs back to the compiler.
Shell variable expansion uses the value from the params file if the
parameter was set in that file. Otherwise the current environment
is used. If the variable does not appear in either place, an error
message is generated.
2) Shared IPv4/IPv6 traffic shaping configuraiton is now
available. The device and class configuration can be included in
either the Shorewall or the Shorewall6 configuration. To place it
in the Shorewall configuration:
a) Set TC_ENABLED=Internal in shorewall.conf
b) Set TC_ENABLED=Shared in shorewall6.conf
c) Create symbolic link /etc/shorewall6/tcdevices pointing to
/etc/shorewall/tcdevices.
d) Create symbolic link /etc/shorewall6/tcclasses pointing to
/etc/shorewall/tcclasses.
e) Entries for both IPv4 and IPv6 can be included in
/etc/shorewall/tcfilters. This file has been extended to allow
both IPv4 and IPv6 entries to be included in a single file.
f) Packet marking rules are included in both configurations'
tcrules file as needed. CLASSIFY rules in
/etc/shorewall6/tcrules are validated against the Shorewall TC
configuration.
In this setup, the tcdevices and tcclasses will only be updated
when Shorewall is restarted. The IPv6 marking rules are updated
when Shorewall6 is restarted.
The above configuration may be reversed to allow Shorewall6 to
control the TC configuration.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
