The Shorewall team is pleased to announce the availability of Shorewall 4.6.5.
Problems Corrected:
1) This release includes defect repair through release 4.6.4.3.
2) On kernel 3.17, LOG_BACKEND=LOG previously failed with the
diagnostics:
Setting up log backend
/var/lib/shorewall/.restart: line 2075: echo: write error:
No such file or directory
WARNING: Unable to set log backend to ipt_LOG
3) A number of corrections have been made to the manpages (Thomas D).
4) Previously, if $OPTIONS was set in /etc/sysconfig/shorewall-init,
then servicd failed to start/stop Shorewall-init.
New Features:
1) The configure scripts and installers now support SERVICEDIR as an
alternative to SYSTEMD. For compatability, SERVICED is an alias
for SERVICEDIR.
2) The installers now offer a choice of .service files, selected by
the SERVICEFILE option. The default remains $PRODUCT.service. Each
product supplying a .service file now supplies a .service.214. The
differences between the standard .service files and the service.214
files are:
a) They specify 'after=network-online.target' rather than
'after=network.target'.
b) The file shorewall-init.service.214 specifies
'before=network-pre.target' rather than
'before=network.target'. That file requires serviced 214 or
later, hence the names of the new files.
Regardless of which file is selected, it is installed in
$SERVICEDIR/$PRODUCT.service.
3) The RATE LIMIT column of the rules files now allows specification
of both a per-source and per-destination limit. See
shorewall[6]-rules(5) for details.
4) Previously, /bin/sh was used unconditionally to process the helper
script 'getparams'. That shell script reads the params file and
passes back the (variable,value) pairs to the compiler. Beginning
with this release, $SHOREWALL_SHELL is used to process that script,
unless the compilation is for export, in which case /bin/sh is
still used.
Note that the default value of $SHOREWALL_SHELL is /bin/sh, so
unless your configuration sets that variable, this enhancement will
have no effect. Similarly, on an administrative system, this
enhancement has no effect on the processing of the 'compile -e',
'load', 'reload' and 'export' commands.
5) A -C option has been added to several commands to allow the
ip[6]tables packet and byte counters to be preserved.
- save command
Causes the packet and byte counters to be saved along with the
chains and rules.
- restore command
Causes the packet and byte counters (if saved) to be restored
along with the chains and rules.
- start command
With Shorewall and Shorewall6, the -C option only has an effect
if the -f option is also specified. If a previously-saved
configuration is restored, then the packet and byte counters (if
saved) will be restored along with the chains and rules.
- restart command
If an existing compiled script is used (no recompilation
required) and if that script generated the current running
configuration, then the current netfilter configuration is
reloaded as is so as to preserve the current packet and byte
counters.
If you wish to (approximately) preserve the counters over a
possibly unexpected reboot, then:
- Create a cron job that periodically does 'shorewall save -C'
- Specify the -C and -f option in the STARTOPTIONS variable in
either /etc/default/shorewall[6][-lite] or
/etc/sysconfig/shorewall[6][-lite], whichever is supported by your
distribution. Note that some distributions do not distribute these
files so you may have to create the one(s) you need (such as
/etc/sysconfig/shorewall).
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
