The Shorewall team is pleased to announce the availability of Shorewall 4.0.9.
Problems corrected in Shorewall 4.2.9
1) The Shorweall-perl 4.2.8 compiler did not rename the output script
file with the result that:
a) Shorewall would not start for the first time after
installation.
b) Configuration changes were apparently ignored.
2) Placing a broadcast address in the BROADCAST column of
/etc/shorewall/interfaces caused Shorewall-perl to generate an
error:
ERROR: Invalid BROADCAST address : /etc/shorewall/interfaces\
(line 225)
3) When Shorewall could not determine the MAC address of of a gateway
router where multiple providers are configured through the same
interface, invalid iptables-restore input was generated. This
resulted in an error message similar to the following:
iptables-restore v1.3.5: Bad mac address `-j'
4) Shorewall-perl was not processing the tcrules file when
TC_ENABLED=No.
5) When 'all' appeared in the SOURCE column of a DNAT rule, no rule to
redirect output from the firewall itself was generated.
6) The 'shorewall iprange' command failed to produce a minimal list of
networks.
Known Problems Remaining:
1) When exclusion is used in an entry in /etc/shorewall/hosts, then
Shorewall-shell produces an invalid iptables rule if any of the
following OPTIONS are also specified in the entry:
blacklist
maclist
norfc1918
tcpflags
2) Shorewall-shell generates inversion rules which produce
warnings with iptables 1.4.3.
Example:
iptables -A lan2fw -p 6 --dport 999 -s ! 192.168.20.1 -j ACCEPT
with iptables 1.4.3.1 the following information message is produced:
Using intrapositioned negation (`--option ! this`) is deprecated in
favor of extrapositioned (`! --option this`).
We don't intend to fix this. It's time to migrate to Shorewall-perl
anyway.
New Features in Shorewall 4.2.9
1) Shorewall6 has now been validated on Ubuntu Hardy running kernel
2.6.24. Shorewall6 is now supported on that kernel version.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
