RC 1 is now available for testing. Problems corrected:
1) Previously, when per-IP rate limiting was invoked, the compiler
would use the deprecated '--ratelimit' option, even if the
preferred '--ratelimit-upto' option was available. Now, the
compiler uses the preferred option if it is supported by the
installed version of iptables.
2) Prior to this release, using a manual chain in the ACTION column of
a macro body generated an error:
ERROR: Invalid Action (mychain) in macro, macro.FOO (line ...)
This now works correctly and generates a jump to the specified
manual chain.
New Features:
1) The 'refresh' command now allows additional options:
-d - Run the rules compiler under the Perl debugger.
-n - Don't modify routing.
-T - Produce a Perl Stack trace on errors and warnings.
-D <directory> - Look in <directory> first for configuration files.
2) The interfaces file now supports two formats:
FORMAT 1 - (default, deprecated)
Includes the BROADCAST column (UNICAST in Shorewall6).
FORMAT 2
Does not include the BROADCAST (UNICAST) column.
The format is specified by a line line this:
FORMAT {1|2}
The Sample configurations have been updated to use FORMAT 2.
3) A change has been made in the packaging for Slackware. On
Slackware, there is an /etc/rc.d/firewall.rc script that looks for
/etc/rc.d/shorewall.rc and /etc/rc.d/shorewall6.rc and runs them,
passing it's own arguments.
The file installed as firewall.rc is named
init.slackware.firewall.sh and has traditionally been included in
the Shorewall package. Beginning with this release, it is moved to
the Shorewall-core package. This opens the door for releasing
Slackware versions of the -lite products in the future.
The init scripts for Slackware are now described in slackware.rc
as:
AUXINITSOURCE=init.slackware.firewall.sh
AUXINITFILE=rc.firewall
INITSOURCE=init.slackware.$PRODUCT.sh
INITFILE=rc.$PRODUCT
4) Previously, errors reported in macros were hard to analyze.
Example:
ERROR: Unknown destination zone (bar)
/usr/share/shorewall/macro.SSH (line 11),
In this case, we don't know where the SSH macro was invoked
incorrectly. Beginning with this release, the stack of
includes/opens will be included in ERROR and WARNING messages.
Example:
ERROR: Unknown destination zone (bar)
/usr/share/shorewall/macro.SSH (line 11)
from /etc/shorewall/rules (line 42)
This shows that the SSH macro was invoked on line 42 of the rules
file.
5) There is now a BLACKLIST macro that works as follows:
- If BLACKLIST_LOGLEVEL is set, then the macro invokes the
'blacklog' action.
- Otherwise, the macro invokes the BLACKLIST_DISPOSITION action.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
