Shorewall 4.6.13 is now available for download. Shorewall 4.6.13 is scheduled to be the last 4.6 release. In the fall of this year, Shorewall 5.0.0 will be available - please see http://www.shorewall.org/Shorewall-5.html for information about preparing to migrate to Shorewall 5.
Problems Corrected:
1) The 'rules' file manpages have been corrected regarding the packets
that are processed by rules in the NEW section.
2) Parsing of IPv6 address ranges has been corrected. Previously, use
of ranges resulted in 'Invalid IPv6 Address' errors.
3) The shorewall6-hosts man page has been corrected to show the
proper contents of the HOST(S) column.
4) Previously, INLINE statements in the mangle file were not
recognized if a chain designator (:F, :P, etc.) followed
INLINE(...). As a consequence, additional matches following a
semicolon were interpreted as column/value pairs unless
INLINE_MATCHES=Yes, resulting in compilation failure.
5) Inline matches on IP[6]TABLE rules could be ignored if
INLINE_MATCHES=No. They are now recognized.
6) Specifying an action with a logging level in one of the _DEFAULT
options in shorewall[6].conf (e.g., REJECT_DEFAULT=Reject:info)
produced a compilation error:
ERROR: Invalid value (:info) for first Reject parameter
/usr/share/shorewall/action.Reject (line 52)
That has been corrected. Note, however, that specifying logging
with a default action tends to defeat one of the main purposes of
default actions which is to suppress logging.
7) Previously, it was necessary to set TC_EXPERT=Yes to have full
access to the user mark in fw marks. That has been corrected so
that any place that a mark or mask can be specified, both the TC
mark and the User mark are accessible.
New Features:
1) 'update -t' now converts both the tcrules and tos files.
2) 'second' and 'minute' are now allowed in the LOGLIMIT
specification in place of 'sec' and 'min' respectively.
3) The 'update' command now converts additional deprecated option
settings:
- LOGRATE/LOGBURST are converted to the equivalent LOGLIMIT
setting.
- BLACKLISTNEWONLY is now converted to the equivalent BLACKLIST
setting.
4) Two settings now have more reasonable defaults if they don't appear
in the .conf file being updated:
- USE_DEFAULT_RT now defaults to No
- EXPORTMODULES now defaults to No.
5) When the 'update' command is converting a deprecated file, it now
makes additional checks when it finds a target file (mangle,
stoppedrules or blrules) to append the converted rules to:
- If the file is in the directory $SHAREDIR/$product/configfiles/,
the file is not opened.
- If the file is in the directory
$SHAREDIR/doc/$product/default-config/, the file is not opened.
- If the file is not writable, the file is not opened.
When the file isn't opened because of one of these checks, an
attempt is made to create a new file in either the directory
specified on the command line (if any) or in the first directory
listed in the CONFIG_PATH setting.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
