Shorewall 4.5.4.2 is now available for download.
Problems Corrected:
1) The problems corrected section of the 4.5.4.1 release notes was
missing the third problem corrected in the release. It has now been
added.
2) A number of problems in Shorewall-init have been corrected:
a) When Shorewall-init was installed using the tarball installer,
it was not enabled at boot. That has been corrected.
b) If more than one product was listed in the PRODUCTS setting in
/etc/default/shorewall-init (/etc/sysconfig/shorewall-init) then
the second product would not be started/stopped.
c) Shorewall-init used 'restart' in response to an optional
provider interface coming up. If the interface has been marked
unusable (1 in the interface's .status file), then the 'restart'
would not enable the interface.
d) Shorewal-init produced a lot of clutter on the console during
boot. You may now specify a LOGFILE in
/etc/default/shorewall-init (/etc/sysconfig/shorewall-init) and
all output produced by up and down events will be sent to that
log. If no log is specified, this output is sent to /dev/null.
3) The order in which the compiler processes line-continuation (line
ending in '\') and conditional-inclusion directives (?IF, ?ELSE,
and ?ENDIF) has been reversed.
Previously, the compiler built a concatenated line, then checked
to see if the line began with ?IF, ?ELSE or ?ENDIF. Now, the
compiler checks for ?IF, ?ELSE or ?ENDIF first and prevents those
lines from becoming part of the concatenation.
Example:
Previously, given these lines and assuming that $FOO was
non-empty and non-zero:
ACCEPT:\
?IF $FOO
bar
?ELSE
baz
?END
then the lines would become
ACCEPT:\?IF $FOO
bar
?ELSE
baz
?END
Now, they will be become simply
ACCEPT:bar
3) Two issues with the shorecap programs have been corrected:
a) The Shorewall6-lite version failed to run with the message:
/usr/share/shorewall6-lite/lib.cli: No such file or directory
b) The Shorewall-lite version would not run if SHAREDIR was set to
a value other than /usr/share in shorewallrc.
4) If an iprange appeared in the SOURCE column of /etc/shorewall/masq,
then compilation would fail on RHEL5-based systems with the error:
Address Ranges require the Multiple Match capability in
your kernel and iptables
5) The Shorewall 4.5.2.3 fix for the Shorewall-core installer's
handling of --host=linux was not brought forward into 4.5.3. It has
been included again in this version.
6) Single-line embedded PERL and SHELL commands have been
re-enabled.
7) If an iprange appeared in the SOURCE column of /etc/shorewall/masq,
then compilation would fail on RHEL5-based systems with the error:
Address Ranges require the Multiple Match capability in
your kernel and iptables
Thank you for using Shorewall.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
