[Shorewall-users] Shorewall 4.4.19.3

[Tom Eastep]

I've uploaded 4.4.19.3 which contains recent fixes:

1)  The changes in 4.4.19.1 that corrected long-standing issues with
    default route save/restore were incompatible with 'gawk'. When
    'gawk' was installed (rather than 'mawk'), awk syntax errors having
    to do with the symbol 'default' were issued.

    This incompatibility has been corrected.

2)  Previously, an entry in the USER/GROUP column in the rules and
    tcrules files could cause run-time start/restart failures if the
    rule(s) being added did not have the firewall as the source (rules
    file) and were not being added to the POSTROUTING chain (:T
    designator in the tcrules file). This error is now caught by
    the compiler.

3)  Shorewall now insures that a route to a default gateway exists in
    the main table before it attempts to add a default route through
    that gateway in a provider table. This prevents start/restart
    failures in the rare event that such a route does not exist.

4)  CLASSIFY TC rules can apply to traffic exiting only the interface
    associated with the class-id specified in the first column. In a
    Multi-ISP configuration, a naive user might create this TC rule:

        1:2     -       1.2.3.4

    This will work fine when 1.2.3.4 can only be routed out of a single
    interface. However, if we assume that eth0 is interface 1, then the
    above rule only works for traffic leaving via eth0.

    Beginning with this release, the Shorewall compiler will interpret
    the above rule as this one:

        1.2     -       eth0:1.2.3.4

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users