Happy New Year everyone!
The Shorewall Team is pleased to announce the availability of Shorewall
5.0.3.
Problems Corrected:
1) To avoid interference with other subsystem settings, all released
shorewall6.conf files now specify IP_FORWARDING=keep. Previously,
the settings were inconsistent among the various sample files.
2) This release includes more fixes to the configure, install and
uninstall scripts (Matt Darfeuille).
3) Previously, Shorewall6 rejected rules in which the SOURCE contained
both an interface name and a MAC address (in Shorewall
format). That defect has been corrected so that such rules are now
accepted.
New Features:
1) The MODULESDIR option in shorewall[6].conf has been extended to
allow specification of additional directories to be added to those
defaulted by Shorewall. If the specified value begins with "+",
then the remainder of the value is assumed to be a colon-separated
list of directory names that are relative to /lib/modules/`uname
-r`.
For example, to load the xt_RTPENGINE module, you would create
/etc/shorewall/modules as follows:
INCLUDE /usr/share/shorewall/modules
loadmodule xt_RTPENGINE
You would then set MODULESDIR as:
MODULESDIR="+extra/rtpengine"
2) Previously, some of the column headings in the configuration files
required two lines to display. For example, in the rules file:
#ACTION SOURCE DESTINATION PROTOCOL DEST SOURCE
# PORT(S) PORT(S)
To use the alternative input format for such two-word columns, a
one-word abbreviation was required. For example, DEST PORTS(S) is
abbreviated as 'dport' and SOURCE PORT(S) is abbreviated as
'sport'.
The two-line column headings are also a nuisance for Emacs users
because when the <tab> key is struck, Emacs positions the cursor
based on the white space in the preceding line. So if an ACTION is
typed and the <tab> key is then depressed, rather than position the
cursor in the SOURCE column, Emacs positions it in the DEST PORT(S)
column.
To eliminate these issues, the multi-word columns have been
relabled to use their abbreviated names. Note that this relabelling
does not require modification of existing configurations. It simply
means that the sample files released with Shorewall and the
manpages that describe column-oriented files now use the
abbreviated names rather than the previous names (Tuomo Soini and
Tom Eastep).
3) ADD rules may now include a timeout value which will override
any timeout that was specified when the related ipset was created.
4) Commas are now allowed in log tags when LOGTAGONLY=Yes. Previously,
characters after the first comma in a log tag were discarded when
LOGTAGONLY=Yes.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
