Shorewall 4.6.11 is now available for download. Problems Corrected:
1. This release includes defect repair up to and including Shorewall
4.6.10.1.
2. Previously, when the -c option was given to the 'compile' command,
the progress message "Compiling..." was issued before it was
determined if compilation was necessary. Now, that message is
suppressed when re-compilation is not required.
3. Previously, when the -c option was given to the 'compile' command,
the 'postcompile' extension script was executed even when there was
no (re-)compilation. Now, the 'postcompile' script is only invoked
when a new script is generated.
4. If CONFDIR was other than /etc, then ordinary users would not
receive a clear error message when they attempted to execute one of
the commands that change the firewall state.
5. Previously, IPv4 DHCP client broadcasts were blocked by the
'rpfilter' interface option. That has been corrected.
6) The 'update' command incorrectly added the INLINE_MATCHES option
to shorewall6.conf with a default value of 'Yes'. This caused
'start' to fail with invalid ip6tables rules when the alternate
input format using ';' is used.
Note: This last issue is not documented in the release notes included
with the release.
New Features:
1) Over the years, a number of changes have been added to Shorewall
that work around defects in other products. When running a current
distribution, these workarounds are unnecessary and add to the time
required for normal Shorewall operations.
Beginning in this release, those workarounds may be disabled by
setting WORKAROUNDS=No in shorewall.conf.
2) Previously, both lib.cli and lib.cli-std included nearly-identical
usage() functions. Now, only lib.cli includes the function which
produces its output based on which product's CLI is invoking it.
3) To accomodate compiled scripts produced by Shorewall versions
before 4.4.8, Shorewall products from 4.4.8 onward have run scripts
twice. The first time is simply to capture the output of the
'version' command. Based on the script's version, it is then invoked
to execute the requested command.
Beginning in this release, scripts will only be run once if:
- WORKAROUNDS=No, or
- the script was compiled as part of executing the command, or
- AUTOMAKE=Yes and it was determined that re-compilation was not
required.
4) When the 'conntrack' utility program is installed, the 'show
connections' command can now display a subset of the entire
conntrack table by simply following the 'connections' keyword with
one or more conntrack filter parameters.
For example, to display all http connections:
shorewall show connections -p tcp --dport 80
See conntrack(8) for a description of the available parameters.
5) To ensure that the compiler has an adequate PATH, the default
Shorewall PATH is now appended to the compiler's active PATH.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
