4.4.12 Beta 4 is now ready for testing. There are two new features in this Beta:
1) 'icmp' is now accepted as a synonym for 'ipv6-icmp' in IPv6
compilations.
2) Shorewall now detects the presence of a recent ipset iptables
module and uses its new syntax. This avoids a warning on iptables
1.4.9. This change involves a new capabilities file version so if
you use a capabilities file, be sure to regenerate it with 4.4.12
shorewall-lite or shorewall6-lite.
3) (Inadvertently omitted from the release notes) - A new COMPLETE
option has been added to shorewall.conf and to shorewall6.conf.
When set to Yes, it signifies that the configuration is complete so
that your set of zones encompasses any hosts that can send or
receive traffic to/from/through the firewall. This causes Shorewall
to omit the rules that catch packets in which the source or
destination IP address is outside of any of your zones. Default is
No. It is recommended that this option only be set to Yes if:
- You have defined an interface whose effective physical setting is
'+'.
- That interface is assigned to a zone.
- You have no CONTINUE policies or rules.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
