> I've been able to work on Shorewall in the evenings and have uploaded > 4.5.13 RC 3. I believe that it addresses all of the issues that testers > have identified in RC 2. > I'll give it all another go later today (Saturday) or in the early part of Sunday and report back then.
> Changes since RC 2: > > 1) The syntax error in action.Untracked has been corrected. > > 2) A number of corrections have been made in suppressing unmatchable > rules. > > 3) Superfluous cruft was removed from action.New and action.Untracked. > > 4) Rules in the NEW section that are conditioned by a connection > tracking state are no longer suppressed when there is a RETURN in > the state's corresponding SECTION. > > 5) The '-g' iptables option is avoided when generating SECTION-ending > rules. > > 6) The legacy 'dropInvalid' and 'allowInvalid' built-in actions have > been converted to inline standard actions that invoke the Invalid > action. > I take it, ESTABLISHED isn't optimised (in other words, things are the same as before), is that correct? > Thank you for testing, > One suggestion on your todo list if/when you have the time: Suppose I have this: action1 with, say, 2 parameters which in turn calls action2 with the same number of parameters. In other words: action1 ~~~~~ action2($1,$2) As things stand, if I execute action1(-,something), the first parameter doesn't have a value (and rightly so), but that in effect screws up the action2 call. So, what I currently have to do is this: action1 ~~~~~ IF $1 ?SET p1 $1 ?ELSE ?SET p1 "-" ?ENDIF IF $2 ?SET p2 $2 ?ELSE ?SET p2 "-" ?ENDIF action2($p1,$p2) The above isn't very nice. Perhaps you may thing of allowing a call like "action2(,something) (first parameter is not specified) to avoid this - just a suggestion. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
