The Shorewall Team is pleased to announce that version 4.6.2.1 is now available for download. Version 4.6.2 was uploaded yesterday; this morning, however, a couple of issues affecting all 4.6 versions surfaced, thus prompting the release of 4.6.2.1.
Problems Corrected:
4.6.2.1
1) Two issues with tcrules processing have been corrected:
- SAVE and RESTORE generated fatal compilation errors.
- '|' and '&' were ignored. That issue is also present in the
processing of the mangle file
4.6.2
1) The DSCP match in the mangle and tcrules files didn't work with
service class names such as EF, BE, CS1, ... (Thibaut Chèze)
2) The SAVE and RESTORE actions were disallowed in the OUTPUT chain in
tcrules and mangle; this was a regression from 4.5.21.
3) Additional ports required by Asus, Supermicro and Dell have been
added to the IPMI macro (Tuomo Soini).
4) Some issues regarding install under Cygwin64 have been addressed.
- configure.pl did not understand CYGWIN returned from `uname`
- Shorewall-core install.sh did not understand CYGWIN returned from
`uname`.
- The Shorewall and Shorewall6 installers tried to run the command
'mkdir -p //etc/shorewall[6]' which is broken in the current
Cygwin64.
New Features:
1) The 'status' command now allows a -i option which causes the state
of all optional and provider interfaces to be displayed.
Example:
root@gateway:/etc/shorewall# shorewall status -i
Shorewall-4.6.1 Status at gateway - Wed Jun 18 14:27:19 PDT 2014
Shorewall is running
State:Started (Wed Jun 18 09:50:01 PDT 2014) from /etc/shorewall/
(/var/lib/shorewall/firewall compiled by Shorewall version 4.6.1)
Interface eth0 is Enabled
Interface eth1 is Enabled
Interface lo is Enabled
2) A 'shorewall show blacklists' command has been
implemented. The abbreviation 'bl' may be used in place of
'blacklists'.
The command displays the output of the 'dynamic' chain together
with the chains created by entries in the blrules file.
3) A TIME column has been added to the mangle file. It has the same
use in that file as the corresponding column in the rules file.
4) A stateful port knocking example has been added to the Events
article (http://www.shorewall.net/Events.html). This example allows
a sequence of knocking ports to be defined (Gerhard Weisinger).
5) A macro supporting HP's Integrated Lights Out (ILO) has been added
(Tuomo Soini).
6) It is now possible to specify the MAC address of a provider
GATEWAY. This is useful when there are multiple providers serviced
by a single interface as it avoids the need for the generated
script to detect the MAC during start/restart.
7) The copyrights in the sample configuration files have been updated.
Thank you for using Shorewall.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
