[Shorewall-devel] Shorewall 4.6.0 Beta 2

[Tom Eastep]

Beta 2 is now available for testing.

New features since Beta 1:

1)  The 'conntrack', 'raw', 'mangle' and 'rules' files now support an
    IPTABLES (IP6TABLES) action. This action is similar to INLINE in
    that it allows arbitrary ip[6]tables matches to be specified after a
    semicolon (even when INLINE_MATCHES=No). It differs in that the
    parameter passed is an iptables target with target options.

    Example (rules file):

       #ACTION                          SOURCE  DEST    PROTO
       IPTABLES(TARPIT --honeypot)      net     pot

    If the particular target that you wish to use is unknown to
    Shorewall, you will get this error message:

       ERROR: Unknown TARGET (<target>)

    You can eliminate that error by adding your target as a builtin
    action in /etc/shoreawll[6]/actions.

    As part if this change, the /etc/shorewall[6]/actions file options
    have been extended to allow you to specify the Netfilter table(s)
    where the target is accepted. When 'builtin' is specified, you can
    also include the following options:

         filter
         nat
         mangle
         raw

    If no table is given, 'filter' is assumed for backward
    compatibility.

2)  The 'tcpflags' option is now set by default. To disable the option,
    specify 'tcpflags=0' in the OPTIONS column of the interface file.

3)  You may now use ipset names (preceded by '=') in PORT columns,
    allowing you to take advantage of bitmap:port ipsets.

4)  The counter extensions to ipset matches have been
    implemented. See shorewall[6]-ipsets for details.

5)  DROP is now a valid action in the stoppedrules files. DROP occurs
    in the raw table PREROUTING chain which avoids conntrack entry
    creation.

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel