Just reminded me I planned to write a message yesturday and mention, I got the idea to use the new notation to consolidate the prioritizing rules for both NTP and DNS which currently is a seperate rule for outgoing queries and for outgoing replies from the local servers figuring less rules being easier to read and for iptables to process. Didn't consider it would be an issue until running shorewall check and it complained the = was unexpected. I'm guessing that it was simply not intended to be used in the tcrules file as there was no other error messages to indicate that I broke anything, just wanted to mention it as without checking the finalized documentation I can't be certain whether you meant that to work or not and I figured waiting on that could well be leaving it too late.
On 07/03/13 16:27, Tom Eastep wrote: > The first bug fix below should receive wider testing. So I have uploaded > 4.5.14 RC 2. I went ahead and included a simple new feature (see below), > but I neglected to include the change that allows generating '-m > multiport --ports <port list>' by placing '=' SOURCE PORT(S) columns. > Given that it won't affect existing configurations, I will add that > feature to 4.5.14 final (or to RC 3 if required). > > Problems Corrected since 4.5.14 RC 1: > > 1) 'blackhole' routes are now copied to provider tables when > USE_DEFAULT_RT=No. Previously, these routes were not copied with > the result that packets could be routed to blackholed addresses. > > 2) Duplicate interface names could previously appear in a case > statement in the generated script. These duplicates are now > suppressed. > > 3) Previously, a duplicate 'echo' command could appear in the > generated script. Now only a single command appears. > > New Feature: > > 1) 'blackhole' routes may now be defined in /etc/shorewall[6]/routes. > Simply place 'blackhole' in the GATEWAY column and leave the DEVICE > column empty. > > -Tom > > > ------------------------------------------------------------------------------ > Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the > endpoint security space. For insight on selecting the right partner to > tackle endpoint security challenges, access the full report. > http://p.sf.net/sfu/symantec-dev2dev > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
