1) Shorewall-perl now correctly permits zones of type 'ipsec' in the
ZONE column of /etc/shorewall/tunnels.
2) The shorewall-common install.sh may now be run multiple times from
the same directory. Previously, the manpages were gzipped in-place
which made it impossible to rerun the script.
3) The implementation of LITEDIR has always been
unsatisfactory. Furthermore, there have been other cases where
people have asked to be able to designate the state directory
(default /var/lib/shorewall[-lite]).
To meet these objectives:
a) The LITEDIR variable has been eliminated in
/usr/share/shorewall[-lite]/configpath.
b) A new file /etc/shorewall[-lite]/vardir has been added. This
file is not created by default but may be added as needed. It
is expected to contain a single variable assignment:
VARDIR=<directory>
Example:
VARDIR=/root/shorewall
To change VARDIR, copy the old directory to the new one before you
restart Shorewall[-lite].
To use this feature with Shorewall-lite, all packages involved
(compiler, shorewall-common and shorewall-lite) must be version
4.0.0-RC2 or later.
4) Several bugs in Shorewall-perl's handling of ipsec zones have been
corrected.
Other changes in Shorewall 4.0.0 RC 2.
1) The -f option is no longer the default when Shorewall is started at
boot time (usually via /etc/init.d/shorewall). With Shorewall-perl,
"shorewall start" is nearly as fast as "shorewall restore" and
"shorewall start" uses the current configuration which avoids
confusion.
2) Code in Shorewall-perl that allowed it to run under Shorewall 3.4
has been removed (although it might still work under 3.4.4).
3) Tuomo Soini has contributed bi-directional macros for various
tunnel types:
IPsecah
GRE
IPsec
IPIP
IPsecnat
L2TP
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
