Shorewall 5.1.9 is now available for download. Problems Corrected:
1) This release includes defect repair through Shorewall 5.1.8.1.
2) Previously, Shorewall6 did not accept square brackets ("[...]")
around the GATEWAY address in a Providers file entry. That has been
corrected, so that the usual convention of enclosing IPv6 addresses
in square brackets is allowed in that context.
3) Previously, if the IP variables was set in a remote firewall's
configuration directory, and the named file did not exist on the
local administrative system, then a fatal error was raised.
Example:
ERROR: The program specified in IP (/usr/bin/ip) does not exist
or is not executable
Beginning with this release, the contents of the IP option will not
be verified at compile time when compiling for export.
New Features:
1) The mangle file now supports a TCPMSS action for setting the MSS
value in TCP SYN packets. See shorewall-mangle(5) for details. As
part of this change, the TCPMSS rule generated by the CLAMPMSS
option has been moved from the filter table FOWARD chain to the
mangle table FORWARD chain.
2) The Broadcast and Multicast actions are now inlined when the
Address Type Match capability is available.
3) It is now possible to specify 'noinline' in an entry in
/etc/shorewall[6]/actions to override the 'inline' option
specified in /usr/share/shorewall/actions.std.
4) Logging is now supported in the snat file.
- Log levels may be specified on SNAT, MASQUERADE and CONTINUE
rules.
- The NFLOG, ULOG and LOG actions are now supported.
See shorewall-snat(5) for details.
5) A logging manpage (shorewall-logging(5)) has been added.
6) The IPMI macro now includes support for Redfish remote consoles.
7) The Sample configuration files now use logical interface names to
simplify adapting them to fit the newer interface naming
convention adopted by the kernel.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
