[Shorewall-devel] Shorewall 4.5.9 RC 1

Fri, 26 Oct 2012 11:11:31 -0700 

RC 1 is now available for testing.

Changes since Beta 3:

1)  The 'show' command -b (brief) option now also omits chains that
     have no rules listed.

2)  A CHECKSUM action has been added to the tcrules files. This action
     computes and fills in the checksum in a packet that lacks one.
     This is particularly useful, if you need to work around old
     applications such as dhcp clients, that do not work well with
     checksum offloads, but don't want to disable checksum offload in
     your device.

     As part of this change, a new 'Checksum Target' capability has been
     added, so if you use a capabilities file, it needs to be
     re-generated after you install this release.

3)  The 'shorewall6 show routing' command now sorts the contents of
     each routing table in the same way as 'shorewall show routing'.

4)  It is now possible to specify a mark range in the ACTION column of
     the tcrules file. This causes the generated ruleset to assign marks
     in the range in round-robin fashion. As part of this change, a
     STATE column is also added that allows marks to be assigned only to
     packets that are in one of the specified states (NEW, RELATED,
     ESTABLISHED, etc.). Specifying NEW in this column along with
     a range in the ACTION column allows for load-balancing SNAT rules
     over a number of different external addresses.

     Example:

     /etc/shorewall/tcrules

     #ACTION    SOURCE          DEST            ...
     1-3:CF     eth1            172.20.1.0/24   ; state=NEW

     /etc/shorewall/masq

     #INTERFACE SOURCE          ADDRESS ...
     eth0       192.168.1.0/24  1.1.1.1 ; mark=1:C
     eth0       192.168.1.0/24  1.1.1.5 ; mark=2:C
     eth0       192.168.1.0/24  1.1.1.9 ; mark=3:C

     Specifying a mark range require the 'Statistics Match' capability
     in your iptables and kernel.

Thank you for testing,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
The Windows 8 Center 
In partnership with Sourceforge
Your idea - your app - 30 days. Get started!
http://windows8center.sourceforge.net/
what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to