-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The Shorewall team is pleased to announce the availability of
Shorewall 5.1.3.
Problems Corrected:
1) This release includes defect repair for releases through 5.1.2.4.
2) The documentation for 'reload' has been corrected:
- A command synopsis has been added in shorewall(8).
- The command synopsis in the 'help' output has been corrected.
3) The CONFIG_PATH setting has been corrected in the IPv6 Universal
sample configuration.
New Features:
1) The tarball installers and uninstallers have been unified and
now use a common library that is included in each tarball (Matt
Darfuille).
2) The installers now print a diagnostic if the relevant shorewallrc
file cannot be loaded (Matt Darfuille).
3) The /etc/default/... files installed on Debian are now dependent on
whether systemd is used or not (Matt Darfuille).
4) In Perl 5.8.1 and again in 5.18.0, the Perl developers altered the
behavior of the hash function used in the implementation of
hashes. The hash key is now chosen randomly as a defense against
DOS attacks targeting Perl programs. Such attacks supply input data
that causes a single hash bucket to be used. While those changes
improved security, they cause non-deterministic program behavior
when the 'keys', 'values' and 'each' functions are used.
Prior to this release, Shorewall sorted the lists produced by those
functions to ensure that consecutive compilations of the same
configuration produced the same ruleset. In this release,
compilation speed has been improved by removing the sort calls and
by instructing Perl to use a constant hash key.
Note: The ruleset produced by this release will be equivalent
to that produced by 5.1.2, but will likely be different.
5) All builtin actions have been replaced with standard actions. In
some cases. the standard action produces different but equivalent
rules when compared to those produced by the corresponding builtin
action.
6) The PROTO columns may now specify tcp:!syn (6:!syn) which matches
TCP packets with the SYN flag reset or one or more of ACK, RST or
FIN set. The dropNotSyn and rejNotSyn actions have been modified to
use this feature.
7) During 'update', the settings of all _LEVEL and _DEFAULT options
are now enclosed in quotes. This is done because these settings
often contain parentheses and the .conf files are process by
the shell. The sample configurations also have these settings
enclosed in quotes.
Update will continue to also enclose in quotes any settings that
contains characters other than alphanumeric, '/', and '.'.
Thank you for using Shorewall,
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYyGZ1AAoJEJbms/JCOk0QKpYP/iAggzcfcbs5S4p0iAn6n98K
LH5j7q3J90Ro5Yp+J9E5113hieacuR27tWLFtKzpJfEwS4Y4YnqUOHW7ji+O3o9c
gPOwWv6E0nHnQ73KaGwhlpYgYlq+KS5eIUgqGRnya+pjIpSQTa5HRdj6HsXcA6GX
4C4yAvUR+T11BmtG20B3UnAFXLEJ7cKMvjSNwNEt0PJ3DSl8qmH3oLQ49DnEUdCd
ESY14QIrgRlqjbYzAIB9CBrb9oR6Ob8YJRxzqoiabkPvEmy1i8xMGxw1rllNOk8v
lEAvwgKB5NpfHkiiO07o29/u+Mva7/ZHo6ybUwkQNhK6Rp7MP3AqR4ZPAcr5jx4I
tIdl388Hl7JjXSjUXjOB7rpL9HSOmBhz5HOGSkNBHjrmimhl9IQiq5RUQwPMW/vD
+ut67rtxLVtutYFOKImadtm/Av+GB/EtQDpF/MCN9vbVCf4PTC3epsnDpXloBvur
NtEQMbFsRSYX70A+NSJvjOPNSGy5wgojdyT5AqrV42fDe9Qbu8AYfiY5y5E1EUSO
PE73Y6DQPCWBM3CG01D86oT7BNz8IkGny3tN15RWJwxt+mnycAJ4xhpM2Q3kpW8J
A//KiYG+K+TcP42h07Ivuy4xLvc+wPz90s1c4E0WMAhwdyW8x/15beljfWvmUlF+
ZERqi+ZMT8SZrpfy6Om6
=+Wwu
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
