Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are:
1. The packaging and dependencies have changed in this release.
2. There are minor migration issues.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The start and restart commands in Shorewall Lite and Shorewall6
Lite now correctly handle the 'trace' and 'debug'
keywords. Previously, those keywords were ignored.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) The rules generated by the following interface options are now
traversed after those generated by the blrules file.
dhcp
maclist
nosmurfs
sfilter
tcpflags
As part of this change, the BLACKLIST section in the rules file has
been eliminated. If you have rules in that section, you must move
them to the blrules file prior to installing this Shorewall
version.
2) The timeout interval after which the previous state is restored
may now be specified in the safe-start and safe-restart commands.
3) The packing of the Shorewall products has been changed. Beginning
with this release, the packages are:
- Shorewall Core -- Core libraries installed in
/usr/share/shorewall/
- Shorewall -- Requires Shorewall Core. Together with
Shorewall Core, provides IPv4 firewalling.
- Shorewall6 -- Requires Shorewall. Provides IPv6 firewalling.
- Shorewall Lite -- Requires Shorewall Core. As before.
- Shorewall6 Lite -- Requires Shorewall Core. As before.
- Shorewall Init -- As before.
----------------------------------------------------------------------------
V. M I G R A T I O N I S S U E S
----------------------------------------------------------------------------
1) If you are migrating from Shorewall 4.2.x or earlier, please see
http://www.shorewall.net/pub/shorewall/4.4/shorewall-4.4.27/releasenotes.txt
2) The BLACKLIST section of the rules file has been eliminated.
If you have entries in that file section, you must move them to the
blrules file.
3) This version of Shorewall requires the Digest::SHA1 Perl module.
Debian: lib-digest-sha1-perl
Fedora: perl-Digest-SHA1
OpenSuSE: perl-Digest-SHA1
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
