Shorewall 4.4.25.3 is now available for download.
Problems Corrected:
1) Previously, the following configuration produced an incorrect
ruleset:
zones:
host firewall
uw ipv4
net ipv4
interfaces:
- enet detect physical=+
hosts:
net enet:0.0.0.0/0
uw enet:$N_ALL_UW_AFFILIATED
Here's an example of the problem; from 'shorewall show INPUT':
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source ...
1678 54427 dynamic all -- * * 0.0.0.0/0 ...
33631 4085K enet_in all -- * * 0.0.0.0/0 ...
0 0 ACCEPT all -- lo * 0.0.0.0/0 ...
0 0 enet_in all -- * * 0.0.0.0/0 ...
...
Note that the ACCEPT rule for the loopback device occurs after
an unconditional jump to 'enet_in' and that there are two
such jumps.
Now, this sequence is generated:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source ...
1678 54427 dynamic all -- * * 0.0.0.0/0 ...
0 0 ACCEPT all -- lo * 0.0.0.0/0 ...
33631 4085K enet_in all -- * * 0.0.0.0/0 ...
...
2) The Debian init scripts (with the exception of Shorewall-init) now
support the 'status' command.
Thank you for using Shorewall,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
