Beta 3 is now available for download. http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 ftp://ftp.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3
New Features:
1) Beginning with Shorewall 4.0.0, the -f option was no longer the
default for '/etc/init.d/shorewall start'. Beginning with 4.0.13
and 4.2.0-Beta3, this is also true for Shoreawall-lite.
2) A new USE_DEFAULT_RT option has been added to shorewall.conf. When
set to 'Yes', it causes the Shorewall multi-ISP feature to create
a different set of routing rules which are resilient to changes in
the main routing table. Such changes can occur for a number of
reasons, VPNs going up and down for example.
The USE_DEFAULT_RT option is currently classified as
EXPERIMENTAL. As a consequence, if you have a problem with it, the
Shorewall support team may not be able to supply you with a
solution.
The idea is to send packets through the main table prior to
applying any of the Shorewall-generated routing rules. So changes
to the main table will affect the routing of packets by default.
When USE_DEFAULT_RT=Yes:
a) Both the DUPLICATE and the COPY columns in the providers file
must remain empty (or contain "-").
b) The 'balance' option is assumed for all interfaces except those
specified as 'loose'.
c) The default route is added to the the 'default' table rather
than to the main table.
d) Packets are sent through the main routing table by a rule with
priority 999. In /etc/shorewall/routing_rules, the range 1-998
may be used for inserting rules that bypass the main table.
e) All provider gateways must be specified explicitly in the
GATEWAY column. 'detect' may not be specified.
f) You should disable all default route management outside of
Shorewall. If a default route is added to the main table while
Shorewall is started, then all policy routing will stop working
(except for those routing rules in the priority range 1-998).
3) The 'shorewall restart' command now supports an -f option. When
this option is specified, no compilation occurs; rather, the script
which last started or restarted Shorewall is used.
4) A macro supporting RNDC (BIND remote management protocol) traffic
has been added. It can be used as any other macro (e.g., RNDC/ACCEPT)
in the rules file.
Happy Testing,
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
