[Shorewall-devel] Shorewall 4.5.16 Beta 2

[Tom Eastep]

Beta 2 is now available for testing.

Problems corrected since Beta 1:

1)  Previously, the TOS target and tos match did not work on older
    iptables versions such as 1.3.5 in RHEL5-based distributions. That
    has been corrected. To correct this problem, a new capability (New
    tos Match) was created, so users of these old distros will need to
    regenerate the capabilities files from those systems.

New Features since Beta 1:

1)  A new INLINE action has been added. This action allows defining
    arbitrary iptables rules in the blrules and rules files, as well as
    in action and macro bodies.

    The basic form of an INLINE rule is as follows:

        INLINE  <src> <dst> <proto> ... ; <iptables matches and jump>

    The <iptables matches and jump> are added to the rule generated by
    the contents of the other supplied columns. Given the 'raw' nature
    of this action, you should examine the rule generated by the entry
    (e.g., 'shorewall check -r') prior to attempting a 'start' or
    'restart' operation.

    Example:

        INLINE  $FW   net   tcp   1234  ; -j SETCTX --name foo

    This entry generates the following:

        -A fw2net -p 6 --dport 1234 -j SETCTX --name foo

    As part of this change, a new 'builtin' action type has been added.
    ip[6]tables targets not supported by Shorewall (such as 'SETCTX' in
    the example above), must be defined in your
    /etc/shorewall[6]/actions file:

    Example:

       SETCTX   builtin

    Such builtin actions may only be used in INLINE action invocations;
    they may not appear in the ACTION column of a rule.

Thank you for testing,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel