Beta 5 is now available for testing. Problems corrected since Beta 4:
1) Previously, NFACCT accounting rules generated iptables rules with
the matches in the incorrect order. That caused the counters to be
incremented before all of the matches had been checked. Now, the
counter in an NFACCT rule is incremented only if all of the other
matches have been successful.
2) A number of ipset-related modules were incorrectly included in
/usr/share/shorewall/helpers. Those entries have now been removed.
New/modified features since Beta 4:
1) It is now possible to specify HELPERS=none in
/etc/shorewall[6]/shorewall[6].conf.
This setting has two consequences:
a) All of the *_HELPER capabilities are set to off.
b) No probing of helpers is performed, thus eliminating "xt_CT: No
such helper XXX" warnings when the compiler is probing the
system for capabilities.
2) It is now possible to specify multiple nfacct objects in an NFACCT
accounting rule. Where previously, the following rules were given:
SECTION INPUT
NFACCT(all)
NFACCT(all_in)
SECTION OUTPUT
NFACCT(all)
NFACCT(all_out)
SECTION FORWARD
NFACCT(all)
NFACCT(all_fwd)
It is now possible to do the same thing as follows:
SECTION INPUT
NFACCT(all,all_in)
SECTION OUTPUT
NFACCT(all,all_out)
SECTION FORWARD
NFACCT(all,all_fwd)
6) It is now possible to increment an nfacct counter when a packet
matches an ipset. To do that, simply include the counter object's
name in parentheses after the ipset specification.
Examples:
a) Increment the mysetcounter nfacct object when a packet's source
matches myset.
+myset[src](mysetcounter)
b) Increment the mysetcounter1 and mysetcounter2 nfacct objects
when a packet's sourcematches myset.
+myset[src](mysetcounter1,mysetcounter2)
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
