[Shorewall-users] Shorewall 4.4.7.5

[Tom Eastep]

Shorewall 4.4.7.5 is now available for download.

----------------------------------------------------------------------------
       P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 7 . 5
----------------------------------------------------------------------------

1)  A CONTINUE rule specifying a log level would cause the compiler to
    generate an incorrect rule sequence. The packet would be logged
    but the CONTINUE action would not occur.

2)  If multiple entries were present in /etc/shorewall/tcdevices and
    globally unique class numbers were not explicitly specified in
    /etc/shorewall/tcclasses, then 'shorewall start' would fail with a
    diagnostic such as:

    Setting up Traffic Control...
    RTNETLINK answers: File exists
      ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq
             quantum 1500 limit 127 perturb 10" Failed
    Processing /etc/shorewall/stop ...

3)  Previously, when a low per-IP rate limit (such as 1/hour) was
    specified, the effective enforced rate was much higher
    (approximately 6/min). The Shorewall compiler now configures the
    hashlimit table idle timeout based on the rate units (min, hour,
    ...) so that the rate is more accurately enforced.

    As part of this change, a unique hashlimit table name is assigned
    to each per-IP rate limiting rule that does not specify a table name
    in the rule. The assigned names are of the form 'shorewallN' where
    N is an integer. Previously, all such rules shared a single
    'shorewall' table which lead to unexpected results.

4)  All prior versions of Shorewall-perl mishandle per-IP rate limiting
    ACCEPT+ rules. The effective rate and burst are 1/2 of the values
    given in the rule. This problem has been corrected so that the
    specified rate is now the effective rate.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users