RC 1 is now available for testing from the main site (http://www1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.26-RC1 and ftp://ftp1.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.26-RC1). It will be available at the other download sites shortly. This release includes all new functionality planned for 4.4.26.
New Feature included in RC 1
1) This release introduces optimization category 16. When this
category is enabled, sequences of 'compatible' rules are combined
into a single rule.
A sequence of rules is considered compatible if the rules differ
only in their destination ports and comments.
A sequence of compatible rules is often generated when macros are
invoked in sequence.
The ability to combine adjacent rules is limited by two factors:
- Destination port lists may only be combined up to a maximum of 15
ports, where a port-pair counts as two ports.
- Rules may only be combined until the length of their concatenated
comments reach 255 characters.
When either of these limits would be exceeded, the current combined
rule is emitted and the compiler attempts to combine rules beginning
with the one that would have exceeded the limit.
Adjacent combined comments are separated by ', '. Empty comments at
the front of a group of combined comments are replaced by 'Others
and'. Empty comments at the end of a group of combined comments are
replaced by 'and others'.
Example 1: Rules with comments "FOO", <empty> and "BAR" would result in
the combined comment "FOO and others, BAR".
Example 2: Rules with comments <empty>, "FOO" and "BAR" would reult
in the combined comment "Others and FOO, BAR".
Note: Optimize level 16 requires "Extended Multi-port Match" in your
iptables and kernel.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
