Shorewall 4.5.19 is now available for download. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ----------------------------------------------------------------------------
1) The shorewall-init.service file previously specified an incorrect
path name for the shorewall-init utility
2) Previously, the '-q' option did not suppress all output from
certain commands such as 'check'.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The 'Limit' action now produces a warning message stating that it
is deprecated in favor of per-IP limiting using the RATE LIMIT
column.
2) Generation of logging rules has been largely re-written to directly
create rules in the compiler's internal representation.
Previously, such rules were created in iptables format then
translated into the internal form.
3) A form of 'events' or 'triggers' is now available. Events are
implemented using the ip[6]tables 'recent' match so they are
actually lists of IP addresses with associated timestamps and
packet counts. They may be tested in a number of ways:
- Any matching packets to/from an address ever?
- Any matching packets to/from an address in the last N seconds?
- M or more matching packets to/from an address?
- M or more matching packets to/from an address in the last N
seconds?
See http://www.shorewall.net/Events.html for details and usage
examples.
4) As part of adding event support, the CLI programs now support
two new variants of the 'show' command.
show events
Displays the contents of all events.
show event <event> ...
Displays the contents of the listed events.
Note that a given event can be used for both IPv4 and IPv6. So
/sbin/shorewall and /sbin/shorewall-lite will show entries that are
different from /sbin/shorewall6 and /sbin/shorewall6-lite.
5) Using the event mechanism described above, Shorewall now supports a
form of automatic blacklisting when the number of connection
attempts in a given period of time is exceeded.
See http://www.shorewall.net/Events.html for details.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
