[Shorewall-devel] Shorewall 4.4.15 RC 1

[Tom Eastep]

RC 1 is now available for testing.

Problems Corrected.

1)  Previously, if

    a) syn flood protection was enabled in a policy that
       specified 'all' for the SOURCE or DEST, and
    b) there was only one pair of zones matching that policy, and
    c) PROPAGATE_POLICIES=Yes in shorewall.conf, and
    d) logging was specified on the policy

    then the chain implementing the chain had "all" in its name while
    the logging rule did not.

    Example

        On a simple standalone configuration, /etc/shorewall/policy
        has:

             #SOURCE    DEST    POLICY  LOGGING
             net        all     DROP    info

        then the chain implementing syn flood protection would be named
        @net2all while the logging rule would indicate net2fw.

    Now, the chain will be named @net2fw.

New Features:

1)   A Munin macro has been contributed by Tuomo Soini.

2)   The Shorewall6 accounting, tcrules and rules files now include a
     HEADERS column which allows matching based on the IPv6 extension
     and protocol headers included in a packet.

     The contents of the column are:

         [any:|exactly:]<header list>

     where <header list> is a comma-separated list of headers from the
     following:

        Long Name       Short Name      Number
        --------------------------------------
        auth            ah              50
        esp             esp             51
        hop-by-hop      hop             0
        route           ipv6-route      41
        frag            ipv6-frag       44
        none            ipv6-nonxt      59      
        protocol        proto           255

     If 'any:' is specified, the rule will match if any of the listed
     headers are present. If 'exactly:' is specified, the will match
     packets that exactly include all specified headers. If neither is
     given, 'any:' is assumed.

     This change adds a new capability (Header Match) so if you use a
     capabilities file, you will need to regenerate using this release.

Thank you for testing.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel