Hash: SHA256

Shorewall 5.0.13 is now available for download.

Problems Corrected:

1)  This release contains defect repair from

2)  The compiler now detects shell metacharacters in interface names
    defined in /etc/shorewall[6]/interfaces. Previously, such
    characters could cause runtime failures in the generated script.

3)  Previously, the compiler ignored DEST column entries in inline
    mangle action bodies. That value is now used unless it is '-', in
    which case the DEST column value in the action invocation is used.

New Features:

1)  A 'disconnect' option has been added to the DYNAMIC_BLACKLIST
    setting. The option is only accepted for ipset-based dynamic
    blacklisting and requires that the 'conntrack' utility be
    installed. See shorewall[6].conf(5) for details.

    With this option, when an address is blackliseted using the
    'blacklist' command, the conntrack utility is used to break all
    connections from that address. If the 'src-dst' option is also
    specified in the BLACKLIST setting, then all connections to the
    address are also broken. If the effective VERBOSITY is greater than
    0, then a messages is displayed that indicated the number of flows
    deleted by the command. If the effective VERBOSITY is 2, the
    conntrack entries delected by the command are also displayed.

    This option is more efficient for packet processing than including
    the ESTABLISHED state in the BLACKLIST setting.

2)  A 'timeout' option has been added to the DYNAMIC_BLACKLIST setting.
    The option is only accepted for ipset-based dynamic blacklisting
    and causes entries in the blacklist ipset to be automatically
    deleted if they are not matched within a specified time. See
    shorewall[6].conf(5) for details.

3)  A new FIREWALL option has been added to shorewall[6].conf. This
    option is intended to be used on an admisitrative system in
    configurations of remote firewalls. It defines the DNS name or IP
    address of the remote system so that the system name does not have
    to be given in the remote-start, remote-reload and remote-restart
    commmands. See shorewall[6](8) for details.

4)  Shorewall6 now allows more that one provider to specify the
    'balance' or 'fallback' options.

5)  When using port numbers (as opposed to service names), the hyphen
    ("-") is now accepted as the separator in port ranges. When service
    names are used, the colon (":") must still be used.

Thank you for using Shorewall,

- -Tom and the rest of the Shorewall Team
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org


Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to