In this release: 1. The 'try' command now accepts an optional timeout. If the timeout is given in the command, the standard configuration will automatically be restarted after the new configuration has been running for that length of time. This prevents a remote admin from being locked out of the firewall in the case where the new configuration starts but prevents access.
2. Kernel route filtering may now be enabled globally using the new ROUTE_FILTER parameter in /etc/shorewall/shorewall.conf. 3. Individual IP source addresses and/or subnets may now be excluded from masquerading/SNAT. 4. Simple "Yes/No" and "On/Off" values are now case-insensitive in /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user