Shorewall 4.6.12.1 is now available for download. After 4.6.12 was uploaded but before it was announced, a couple of defects from earlier releases were found. Rather than announce two releases within a couple of days, I decided to wait and only announce 4.6.12.1.
Problems Corrected:
4.6.12.1
1) Beginning with Shorewall 4.6.10, a fatal error during a start or
restart operation can leave the firewall in an indeterminent state.
That problem has been corrected so that the intended action takes
place:
- If there is a current executable RESTOREFILE, then the firewall
is restored using that file.
- Otherwise, the firewall is placed in the stopped state.
2) Previously, if 'none' were passed as the log level argument to the
AutoBL action, compilation failed silently. Now, the intended
behavior (no logging) is produced.
4.6.12
1) This release includes defect repair up through Shorewall 4.6.11.1.
2) Previously, when Perl 5.18.0 or later was used with Shorewall,
multiple compilations of an unchanging configuration could produce
different but equivalent script files. Now, the script files
produced will be identical (accept for dates and times) for any
given Shorewall version.
3) Previously, if a binary interface option (those that have a value
of zero or 1) was specified with a value of zero on such an
interface, compilation failed.
For example, this interface definition:
- eth2 arp_filter=0,routeback=0,tcpflags=0,proxyarp=0
would generate the following error message:
ERROR: The "routeback" option may not be specified on a
multi-zone interface
Now, the option is allowed.
4) Several issues with 'update -b' have been corrected.
New Features:
1) The initial 'Compiling...', 'Checking...' and 'Updating..."
progress messages now include the Product name and version.
2) Debian-specific .service files have been added.
3) There are now two shorewallrc files for Debian - one for sysvinit
and one for systemd. The configure and configure.pl scrips
determine which to use by examining /sbin/init.
4) Two new options are available for the 'update' command:
-r converts a routestopped file to an equivalent stoppedrules file.
-n converts a notrack file to an equivalent conntrack file. If
there is already an existing conntrack file, the converted rules
are appended to the existing file.
WARNING: If you include /usr/share/shorewall/configfiles (or
wherever your distro places empty files) in your CONFIG_FILE
setting and there is no new file in your config directory (such as
/etc/shorewall), then the 'update' command will update the copy of
the file in /usr/share/shorewall/configfiles. This is probably not
what you want, since files in that directory (or your distro's
corresponding directory) will be overwritten by the next upgrade.
5) Shorewall now uses NYTProf as its profiler rather than the
deprecated DProf.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
