The Shorewall team is pleased to announce the availability of Shorewall
5.0.2.
Problems Corrected:
1) This release includes defect repair up through Shoreall 5.0.1.1.
2) The MSSQL macro now allows UDP port 1434 (Tuomo Soini).
3) A number of issues with param file processing on Cygwin have been
corrected. The most serious of these issues was introduction of
syntax errors into the generated firewall script.
4) More version numbers have been removed from configuration files
and Macros (Tuomo Soini).
5) The check for use of a circular kernel log buffer (as opposed to a
log file) has been improved.
6) Previously, HOST=default was accepted by configure[.pl], but the
generated shorewallrc file was unusable. Now, HOST=default is
equivalent to HOST=linux.
7) Previously, if a circular log buffer was being used, the output of
various commands still displayed '/var/log/messages' as the log
file. Now, it is displayed as 'logread'.
8) The 'remote-*' commands now return correct exit status.
9) Previously, if LOCKFILE specified a file in a directory other than
$VARDIR, and that directory did not exist, it was not created
automatically.
10) Previously, optional interfaces were not enabled during 'start' and
'restart' unless there was at least one entry in the 'providers'
file. This resulted in these interfaces not appearing in the
output of 'shorewall[6] status -i'.
New Features:
1) The providers file now supports a 'persistent' option. When
specified, this option removes the need to configure host routes to
systems used as the 'checkip' in LSM.
As part of this change, two other configuration files have changed:
a) The 'rtrules' file now allows the rule priority to be followed
by an exclaimation mark ("!").
b) An OPTION column has been added to the 'routes' file. The only
option currently supported is 'persistent'.
The option affects the routing configuration when the provider is
disabled:
- The provider's routing table still exists and contains the
provider's default route.
- Unless 'noautosrc' is specified, connections originating from the
interfaces IP address(es) are routed via the provider's default
gateway.
- Routing rules for the provider that specify '!' after the
priority are left in place.
- 'persistent' routes for the provider are left in place, allowing
communication with local networks that are still accessible.
2) It is now possible to replace any function in the CLI libraries
except for get_config(). This is accomplished by placing the
replacement function(s) in a shell library named 'lib.cli-user' in
a directory on the CONFIG_PATH. This allows for customization of
commands as well as working around distribution-specific issues.
3) Support for OpenWRT versions BB and later has been added. Included
in this support are:
- The log display commands (show log, logwatch, etc.) no longer
depend on the 'tac' utility (although it will be used if it is
installed).
- Shorewall-core's 'configure' script detects OpenWRT and accepts
HOST=openwrt as an argument.
- Shorewall-core, Shorewall-lite and Shoreawll6-lite installers
support openwrt. Additionally, those installers no longer depend
on the 'install' utility.
- Shorewall[6]-lite will use OpenWRT's 'lock' utility to create the
LOCKFILE.
A special thanks to Matt Darfeuille for his help in making this
support possible.
4) Configuration files and extension scripts now have uniform
introductory comments (Tuomo Soini).
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
