For a same configuration in which the default policy is drop and only one connection is accepted in rules, continuous pinging to devices will stop squarely in 4.0.15 as soon as a very basic firewall is enabled whereas in 4.4.26.1, pinging will still continue after the firewall is enabled.
All tests are done with proper reboot of the unit3 where the firewall is applied: unit1 <---> eth4 unit3 eth1 <---> unit2 192.168.3.2 192.168.3.1 172.30.159.103 172.30.159.102 lan zone net zone In this case, continuous pings from unit1 to unit2 will stop when the 4.0.15 firewall is applied. Rebooting unit3 with 4.4.26.1 (easily made since unit3 is booting from a different compact flash) and copying the files from 4.0.15 to it, and executing 'shorewall start' will not stop the pings from unit1 to unit2 even though the policy is DROP. Other traffic is effectively stopped, but not so with icmp packets. I've looked at the changelog an release notes for 4.4.26.1 but did not find anything about this. firewall is very basic, and shorewall.conf is the same: zones fw firewall net ipv4 lan ipv4 interfaces net eth1 lan eth4 policy all all DROP rules (none) Using the same shorewall.conf might not be appropriate so I also tried with the shorewall.conf provided in the 4.4.26.1 version, while keeping the same zones, interfaces and policy files. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users