> The first bug fix below should receive wider testing. So I have uploaded > 4.5.14 RC 2. I went ahead and included a simple new feature (see below), > but I neglected to include the change that allows generating '-m > multiport --ports <port list>' by placing '=' SOURCE PORT(S) columns. > I am not sure I understand this - care to elaborate?
> Given that it won't affect existing configurations, I will add that > feature to 4.5.14 final (or to RC 3 if required). > > Problems Corrected since 4.5.14 RC 1: > > 1) 'blackhole' routes are now copied to provider tables when > USE_DEFAULT_RT=No. Previously, these routes were not copied with > the result that packets could be routed to blackholed addresses. > > 2) Duplicate interface names could previously appear in a case > statement in the generated script. These duplicates are now > suppressed. > > 3) Previously, a duplicate 'echo' command could appear in the > generated script. Now only a single command appears. > > New Feature: > > 1) 'blackhole' routes may now be defined in /etc/shorewall[6]/routes. > Simply place 'blackhole' in the GATEWAY column and leave the DEVICE > column empty. > Good on all counts as far as I can see. The fictitious interface name in "providers" is fixed as well, though when I add "lo" (loopback) (loopback is in a state of "ignore" in my "interfaces" - just FYI) I get a few funnies generated which should not be there, like: run_ip route replace <default gateway address> src $SW_LO_ADDRESS dev lo run_ip route replace <default gateway address> src $SW_LO_ADDRESS dev lo table XX run_ip route add default via <default gateway address> src $SW_LO_ADDRESS dev lo table XX Would there be a way for me to manipulate the blackhole routes in my main table or is this for another day? ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
