Shorewall 4.5.20 is now available for download. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ----------------------------------------------------------------------------
1) On some distributions, the shorewall-lite and shorewall6-lite
uninstallers could fail with a syntax error.
2) A typographical error in the usage text produced by the -h command
in the compiled firewall script has been corrected.
3) The handling of INITSOURCE is now uniform between the standard and
the -lite installers.
4) Previously, when SYSCONFFILE was specified in shorewallrc, the
installers would always install default.debian rather than the
named file. That has been corrected.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) A new TRACK_RULES option has been added to shorewall[6].conf. When
set to 'Yes', this option causes most rules to be tagged with a
comment which gives the configuration file name and line number
that caused the rule to be generated. These comments replace any
comments added via AUTOCOMMENT=Yes and ?COMMENT entries.
Setting this option to 'Yes' requires the 'Comments' capability in
your kernel and ip[6]tables.
2) You may now specify 'OPTIMIZE=All' in shorewall[6].conf to enable
all optimizations. If new optimization levels are added in the
future, OPTIMIZE=All will automatically enable those optimizations.
For completeness, 'OPTIMIZE=None' disables all optimizations.
3) 'list' and 'ls' are now documented alternatives for 'show' in the
CLI programs. /sbin/shorewall and /sbin/shorewall6 now accept 'ck'
as an abbreviation for 'check' and 'co' as an abbreviation for
'compile'.
4) Beginning with this release, if /etc/os-release exists during
installation, then the ID setting in that file will be used to
determine which Linux distribution is running on the system.
5) The 'status' command now obeys the effective VERBOSITY and will
produce no output when the effective VERBOSITY is less than 1.
6) The CLI exit status codes are now documented in the manpages
(shorewall(8), shorewall6(8), etc.).
7) Beginning with this release, the shorewallrc file supports a
SERVICEFILE variable. SERVICEFILE is only relevant when SERVERD is
non-empty, in which case it names the file to be installed as the
product's .service file. If SERVERD is specified but SERVICEFILE is
not, the assumed value of SERVERFILE is $PRODUCT.service.
8) The ${SBINDIR}/shorewall-init utility will now compile
configurations if needed
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
