The Shorewall Team is pleased to announce the availability of Shorewall 5.0.4.
Problems Corrected:
1) There previously existed a slight possibility that starting both
Shorewall and Shorewall6 simultaneously could lead to a failure
such as this one:
Dec 18 13:18:35 elmo.example.com shorewall6[1889]: Loading
Modules...
Dec 18 13:18:38 elmo.example.com shorewall6[1889]: Another app is
currently holding the xtables lock. Perhaps you want to use
the -w option?
Dec 18 13:18:40 elmo.example.com shorewall6[1889]:
ERROR: Cannot Create Mangle chain fooX2349
Dec 18 13:18:40 elmo.example.com systemd[1]: shorewall6.service:
main process exited, code=exited, status=255/n/a
That problem can no longer occur.
2) Previously, when a source- or destination-specific RATE was
specified on a logging rule (LOG, ULOG or NFLOG), the compiler
incorrectly applied both the specified RATE as well as the global
LOGLIMIT. That has been corrected so that only the specified RATE
is applied.
3) Previously, when @caller was used within an action body, the
compiler would not create unique ip[6]tables chains for each
invocation of the action, even though the invocations had different
values of @caller. Now, each invocation of such an action creates a
separate ip[6]tables chain for each unique caller.
4) Previously, the 'status -i' command produced error output when
there were no optional interfaces. That erroneous output is no
longer produced.
5) Traffic shaping configurations that use red or codel will now
produce consistent compiled scripts. Previously, these
configurations could produce equivalent but different scripts on
consecutive compilations.
6) Previously, the Shoreall compiler enforced old rules about where
country codes could appear. As those restrictions have now been
removed, the compiler no longer issues messages such as these:
ERROR: A countrycode list may not be used in this context
New Features:
1) Shorewall Init is now supported on OpenWRT.
2) The IPTABLES and IP6TABLES actions in the rules and mangle files
can now correctly handle logging targets (LOG, ULOG and
NFLOG). Previously, an attempt to use these targets would result in
an error similar to:
ERROR: LOG requires a level
3) To further reduce the possibility of failures caused by Shorewall
and Shorewall6 starting concurrently, a new WAIT_OPTION capability
has been implemented. On systems with that capability, all
'iptables' and 'ip6tables' commands will use the --wait option.
4) The .214.service files have been removed and the .service files
(with the exception of Debian) have been updated to use the
network-pre.target (Tuomo Soini).
5) Shorewall, Shorewall6, Shorewall-lite and Shorewall6-lite now
install /etc/sysconfig/<product> files for specifying
start/restart/reload options on those distributions that use
/etc/sysconfig.
6) The mangle file now supports an DIVERTHA action that provides
support for HAProxy.
To setup the HAProxy configuration described at
http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x,
place this entry in shorewall-providers(5):
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
TProxy 1 - - lo - tproxy
and use this DIVERTHA entry:
#ACTION SOURCE DEST PROTO ...
DIVERTHA - - tcp
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
