Shorewall 5.0.8 RC 2 is now available for download. Problems corrected since 5.0.8 RC 1:
1) Previously, the 'reload' command did not produce a system log
message when it succeeded. That has been corrected.
2) Previously, when compilation was done as part of a reload or
restart operation, compiler logging to the STARTUP_LOG was
suppressed. Such logging is now enabled.
3) The compiler now uses a uniform format for timestamps in the
STARTUP_LOG and on standard output (when the -t option is
specified). Previously, some messages suppressed a leading zero in
the hour where others did not. Now, the leading zero is never
suppressed for compatibility with the timestamps produced by the
generated script.
4) Previously, the compiler would allow 0 to be specified in the MARK
column of the tcclasses file, resulting in a run-time failure:
Setting up Traffic Control...
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
ERROR: Command "tc filter add dev eth0 protocol all parent 1:0
prio 276 handle 0 fw classid 1:10" Failed
Now, the following error is generated by the compiler:
ERROR: MARK value must be non-zero
As part of this change, the shorewall[6]-tcclasses(5) manpages have
been updated:
- Specifity a filter priority in the MARK column is now documented
(this feature has been in the code for several years)
- The default priorities of the filters for tos= and tcp-ack have
been correcgted.
5) For consistency with Docker, when bridge docker0 is listed in
/etc/shorewall/interfaces, the following rule is now generated:
-A FORWARD -o docker0 -m conntrack \
--ctstate RELATED,ESTABLISHED -j ACCEPT
6) Previously, the safe-* commands did not direct the compiler to
write to the STARTUP_LOG. That has been corrected. The commands
which direct the compiler to write to that log are now:
start
try
refresh
reload
restart
safe-*
7) In the last several releases, the following Known Problem
Remaining has been listed:
The 'enable', 'reenable' and 'disable' commands do now work
correctly in configurations with USE_DEFAULT_RT=No.
That description is a bit broader than is necessary and is now
restricted to the case where an optional provider is listed in the
DUPLICATE column. Additionally, the compiler now generates a
warning in that case:
WARNING: An optional provider (xxxx) is listed in the
DUPLICATE column - enable and disable will not work
correctly on that provider
New Features after 5.0.8 RC 1
Normally, I don't release enhancements after RC 1, but these have been
requested and I believe that they are quite safe.
1) The system log messages created by Shorewall via the 'logger'
utility may now be augmented using logger's -t (--tag) option
through use of the SW_LOGGERTAG environmental variable. If this
variable is set to a non-empty value, then its contents will be
passed as the -t option (e.g. logger -t "$SW_LOGGERTAG" ...).
2) Similar to ?ERROR, which was introduced in Shorewall 5.0.7, this
release supports additional ?WARNING and ?INFO directives
?ERROR <message>
?WARNING <message>
?INFO <message>
The <message> is written to STDERR prefaced by the directive name
(WARNING or INFO) followed by a colon (':'). It is also written to
the STARTUP_LOG if:
- A STARTUP_LOG has been configured
- The command is start, try, restart, reload, refresh or one of the
safe-* commands
Unlike ?ERROR, ?WARNING and ?INFO do not cause compilation to be
aborted.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
