This release just fixes a few bugs. Problems corrected in Shorewall 4.0.11.
1) Previously, when IP_FORWARDING=Yes in shorewall.conf, Shorewall
would enable ip forwarding before instantiating the rules. This
could lead to incorrect connection tracking entries being created
between the time that forwarding was enabled and when the nat table
rules were instantiated.
Beginning with Shorewall 4.0.11, enabling of forwarding is deferred
until after the rules are in place.
2) If /etc/shorewall/vardir is used to move Shorewall's state
directory from /var/lib/shorewall, then the 'stop' will not delete
IP addresses added by ADD_IP_ALIASES=Yes or ADD_SNAT_ALIASES=Yes
nor will it delete proxy ARP entries.
3) The init script on Debian now reads and utilizes the value of the
OPTIONS variable from /etc/default/shorewall[-lite]. Previously,
the value of that variable was not passed to the shorewall[-lite]
command.
Problems corrected in Shorewall-perl 4.0.11.
1) If both the ESTABLISHED and RELATED sections were present then
each connection through chains controlled by a RATE/LIMIT in
/etc/shorewall/policies was counted twice toward the limit.
2) If DYNAMIC_ZONES=Yes and an entry in /etc/shorewall/hosts for an
IPv4 zone specified 'ipsec', dynamic IPSEC zone members were
mis-handled by the generated ruleset.
3) Previously, Shorewall-perl did not handle rates expressed in
bytes/second properly:
- The 'bps' suffix was not recognized
- The result was not rounded to the nearest kbit
4) If ADMINISABSENTMINDED=No, entries in /etc/shorewall/routestopped
are mis-handled.
5) Shorewall-perl now accepts upper case A through F in the MARK
column of the tcclasses file when the mark value is expressed in
hex. Previously, only lower-case A through F were accepted.
Problems corrected in Shorewall-shell 4.0.11.
None.
Known Problems Remaining.
1) The 'refresh' command doesn't refresh the mangle table. So changes
made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may
not be reflected in the running ruleset.
Other changes in 4.0.11.
None.
-The Shorewall Team
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
