Shorewall 4.0.15 is now available from shorewall.net, SourceForge and Debian Sid. Additionally, I have updated my Debian Etch repository with 4.0.15 packages.
Problems Corrected in Shorewall 4.0.15.
1) Beginning with iptables version 1.4.1, the syntax for commands using the
conntrack module has changed. Shorewall now detects if the installed
version of iptables requires the new syntax.
2) Support for the LENGTH column in /etc/shorewall/tcrules was
incomplete in Shorewall-perl with the result that the LENGTH column
was ignored. Thanks go to Lennart Sorensen for the patch.
3) When ipranges were used to define zones, Shorewall-perl could
generate invalid iptables-restore input if 'Repeat Match' was not
available. Repeat Match is not a true match -- it rather is a
feature of recent iptables releases that allows a match to be
repeated within a rule.
4) The DISABLE_IPV6 option has been documented in the shorewall.conf
man page. The option has been there all along, but it was not
previously documented in the man page.
5) If a no-NAT rule (DNAT-, ACCEPT+, NONAT) included a destination IP
address and no zone name in the DEST column, Shorewall-perl would
reject the rule. If a zone name was specified, Shorewall-perl
would issue a Warning message.
6) Following the Netfilter tradition, the IPP2P maintainer has made an
incompatible syntax change (the --ipp2p option has been
removed). Shorewall has always used "-m ipp2p --ipp2p" when
detecting the presence of IPP2P support.
Shorewall-common and Shorewall-perl have been modified to use
"-m ipp2p --edk" instead.
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
