The Shorewall team is pleased to announce the availability of Shorewall 4.4.2. The release is available for download at most mirrors, and all mirrors should be populated by tomorrow.
4.4.2 Debian packages for Lenny are available in Roberto's Repository.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 2
----------------------------------------------------------------------------
1) Detection of Persistent SNAT was broken in the rules compiler.
2) Initialization of the compiler's chain table was occurring before
shorewall.conf had been read and before the capabilities had been
determined. This could lead to incorrect rules and Perl runtime
errors.
3) The 'shorewall check' command previously did not detect errors in
/etc/shorewall/routestopped.
4) In earlier versions, if a file with the same name as a built-in
action were present in the CONFIG_PATH, then the compiler would
process that file like it was an extension script.
The compiler now ignores the presence of such files.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 2
----------------------------------------------------------------------------
1) Prior to this release, line continuation has taken precedence over
#-style comments. This prevented us from doing the following:
ACCEPT net:206.124.146.176,\ #Gateway
206.124.146.177,\ #Mail
206.124.146.178\ #Server
...
Now, unless a line ends with '\', any trailing comment is stripped
off (including any white-space preceding the '#'). Then if the line
ends with '\', it is treated as a continuation line as normal.
2) Three new columns have been added to FORMAT-2 macro bodies.
MARK
CONNLIMIT
TIME
These three columns correspond to the similar columns in
/etc/shorewall/rules and must be empty in macros invoked from an
action.
3) Accounting chains may now have extension scripts. Simply place your
Perl script in the file /etc/shorewall/<chain> and when the
accounting chain named <chain> is created, your script will be
invoked.
As usual, the variable $chainref will contain a reference to the
chain's table entry.
5) Several configuration issues which previously produced an error or
warning are now handled differently.
a) MAPOLDACTIONS=Yes and MAPOLDACTIOSN= in shorewall.conf are now
handled as they were by the old shell-based compiler. That is,
they cause pre-3.0 built-in actions to be mapped automatically
to the corresponding macro invocation.
b) SAVE_IPSETS=Yes no longer produces a fatal error -- it is now a
warning.
c) DYNAMIC_ZONES=Yes no longer produces a fatal error -- it is now
a warning.
d) RFC1918_STRICT=Yes no loger produces a fatal error -- it is now
a warning.
6) Previously, it was not possible to specify an IP address range in
the ADDRESS column of /etc/shorewall/masq. Thanks go to Jessee
Shrieve for the patch.
7) The 'wait4ifup' script included for Debian compatibility now runs
correctly with no PATH.
8) The new per-IP LIMIT feature now works with ancient iptables
releases (e.g., 1.3.5 as found on RHEL 5). This change required
testing for an additional capability which means that those who use
a capabilities file should regenerate that file after installing
4.4.2.
9) One unintended difference between Shorewall-shell and
Shorewall-perl was that Shorewall-perl did not support the MARK
column in action bodies. This has been corrected.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 2
----------------------------------------------------------------------------
1) Prior to this release, line continuation has taken precedence over
#-style comments. This prevented us from doing the following:
ACCEPT net:206.124.146.176,\ #Gateway
206.124.146.177,\ #Mail
206.124.146.178\ #Server
...
Now, unless a line ends with '\', any trailing comment is stripped
off (including any white-space preceding the '#'). Then if the line
ends with '\', it is treated as a continuation line as normal.
2) Three new columns have been added to FORMAT-2 macro bodies.
MARK
CONNLIMIT
TIME
These three columns correspond to the similar columns in
/etc/shorewall/rules and must be empty in macros invoked from an
action.
3) Accounting chains may now have extension scripts. Simply place your
Perl script in the file /etc/shorewall/<chain> and when the
accounting chain named <chain> is created, your script will be
invoked.
As usual, the variable $chainref will contain a reference to the
chain's table entry.
-The Shorewall Team
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
