Beta 1 is now available for testing.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The Shorewall-init installer now installs the proper init script on
Redhat and Fedora.
2) A typo has been corrected in the blrules man pages.
3) Previously, if the interface appearing in the HOSTS column of
/etc/shorewall6/hosts was not defined in
/etc/shorewall6/interfaces, then the compiler would terminate with
a Perl diagnostic:
Can't use an undefined value as a HASH reference at
/usr/share/shorewall/Shorewall/Zones.pm line 1817,
<$currentfile> line ...
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Support is now included for IMQ. This takes the form of of
IMQ(<number>) in the MARK/CLASSIFY column of
/etc/shorewall/tcrules.
2) It is no longer necessary to specify a MARK value for the default
class under a device that does not specify the 'classify'
option. Simple set the MARK column to '-' in the default class.
3) Previously, the install scripts included in the Shorewall packages
were very restrictive. They could either be run to install directly
onto the system in a distribution-dependent way, or they could
install into a directory in a distribution-independent way. This
limited their usefullness to packagers.
Beginning with this release, the install scripts handle the install
system and the target system independently. When running an
installer, the following environmental variables can be set:
a) INSTALLSYS - Describes the system where the installer is
running. Accepted values are:
CYGWIN - Cygwin running under a Microsoft OS
MAC - OS X
DEBIAN - Debian
REDHAT - Redhat,Centos,Foobar,etc.
FEDORA - Fedora
SLACKWARE - Slackware
ARCHLINUX - Arch Linux
LINUX - Generic Linux
INSTALLSYS is not set, then the installer uses its existing
algorithm for detecting the current OS and distribution.
b) TARGET - Describes the system where the installed package
will run.
- For Shorewall and Shorewall6, the possible values are
the same as for INSTALLSYS. The values REDHAT and FEDORA are
synonyms.
- If TARGET is not set, the value of INSTALLSYS (through
setting or detection) is used.
- For Shorewall-lite and Shorewall6-lite, the possible choices
are DEBIAN, FEDORA, REDHAT, SLACKWARE, ARCHLINUX and
LINUX. Again, REDHAT and FEDORA are synonyms.
- For Shorewall-init, the possible choices are DEBIAN, FEDORA,
REDHAT, and SUSE.
4) A SWITCH column has been added to /etc/shorewall/masq. This column
allows for enabling and disabling a rule based on a setting in
/proc/net/nf_condition. See shorewall-masq(5) for details.
5) The rules compiler now issues a warning when the 'src' ipset flag
is used in a destination column or the 'dst' ipset flag is used in
a source column.
Thank you for testing,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
