The Shorewall team is pleased to announce the availability of Shorewall 4.5.18.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes all defect repair from Shorewall 4.5.17.1.
2) The following warning message could be emitted inappropriately when
running shorewall 4.5.17.
The rule(s) generated by this entry are unreachable and have been
discarded
These warnings, which were disabled in Shorewall 4.5.17.1, are now
only emitted where appropriate. The message has also been reworded
to:
One or more unreachable rules in chain <name> have been discarded
The message is issued a maximum of once per Netfilter chain.
3) A problem that could cause the 'trace' compiler option to produce
false error messages or to produce an altered generated firewall
script has been corrected.
4) If the 'Owner Name Match' capability was not available, the
following error message would previously appear during compilation:
iptables: No chain/target/match by that name.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) 'NONE' policies are now instantiated between 'local' zone and zones
other than the firewall. Similarly, 'NONE' policies are
instantiated between 'loopback' zones and zones other than $FW
and other 'loopback' zones.
This provides a cleaner implementation than the one provided in
Shorewall 4.5.17, and one that should be easier to maintain going
forward.
2) James Shubin has contributed a Kerberos macro.
3) A new 'unmanaged' interface option has been added. This option may
be used to define interfaces that allow all traffic to/from the
firewall but that's all. They are not accessible from hosts on
other interfaces nor can traffic from an unmanaged interface be
forwarded to hosts on other interfaces.
The following interface options are mutually-exclusive with
'unmanaged':
- blacklist
- bridge
- destonly
- detectnets
- dhcp
- maclist
- nets
- norfc1918
- nosmurfs
- optional
- routeback
- rpfilter
- sfilter
- tcpflags
- upnp
- upnpclient
Unmanaged interfaces may not be associated with a zone in either
the interfaces or hosts files.
The 'lo' interface may not be unmanaged when there are vserver
zones defined.
4) The value (0 or 1) for the 'routeback' interface option may now
be specified (e.g., 'routeback=0'). This allows overriding the
Shorewall default setting for bridge devices which is
'routeback=1'.
5) The ?SHELL, ?PERL, ?BEGIN SHELL, ?END SHELL, ?BEGIN PERL and ?END
PERL directives are now case-insensitive.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
