Beta2 was released last weekend. Problems Corrected in Shorewall 4.2.0 Beta 2
1) When 'norfc1918' was specified on an interface with an RFC 1918 IP address, the compiled script would terminate without changing the state of the firewall. Under these circumstances, the script now issues a warning message and continues. Problems Corrected in Shorewall-perl 4.2.0 Beta 2 1) Except in /etc/shorewall/hosts, ipset names may now be preceded by '!' to specify that matching IP addresses are not members of the set. Problems Corrected in Shorewall-shell 4.2.0 Beta 2. 1) When DYNAMIC_ZONES=Yes, certain configurations would produce an invalid /var/lib/shorewall/chains file at run-time. The invalid file contents resulted in errors during processing of the "shorewall add" command. Other Changes in Shoreall 4.2.0 Beta 2. 1) A 'save' extension script is added. The script is run after iptables-save has completed successfully. The 'load' and 'reload' commands copy the save script (if any) to /etc/shorewall-lite/ on the remove firewall system. The 'export' command copies the file to the same directory as the 'firewall' and 'firewall.conf' scripts. I have the following commands in my 'save' script:[ -s /root/ipsets.save ] && cp -a /root/ipsets.save /root/ipsets.save.backup
ipset -S > /root/ipsets.save
These commands complement my 'init' script:
qt modprobe ifb numifbs=1
qt ip link set dev ifb0 up
if [ "$COMMAND" = start ]; then
ipset -U :all: :all:
ipset -U :all: :default:
ipset -F
ipset -X
ipset -R < /root/ipsets.save
fi
Those two scripts allow me to save and restore the contents of my
ipsets automatically under Shorewall-perl/Shorewall-lite (my
routestopped file does not use ipsets).
2) A HELPER column is included in the tcrules file. The value in this
column names one of the Netfilter protocol 'helper' module sets
(ftp, sip, amanda, etc).
See http://www.shorewall.net/traffic_shaping.htm for an example.
3) DYNAMIC_ZONES=Yes is no longer supported by Shorewall-perl.
4) Farkas Levante has contributed a macro.Mail macro that covers SMTP,
SMTPS and submission.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
