Shorewall 5.1.11 RC 1 is now available for testing. Problems Corrected since Beta 2:
1) In multi-ISP configurations, it is possible for an IPSEC-tunneled
connection from the Internet to be forwarded back out to the
Internet (for example, if all traffic from the remote endpoint is
sent through the tunnel). If the provider handling the tunnel has
the 'track' option (or if TRACK_PROVIDERS=Yes), then the outgoing
tunneled connection is sent back out that interface by
default (since the encapsulated initial packet arrived through that
interface). Since this is not always desirable, Shorewall now
clear the tracking mark on the connection while processing the
first packet, allowing the connection to not match routing rules
that are dependent on the tracking mark.
New Features since Beta 2:
1) Now that the route caches have been removed from the kernel,
Multi-ISP really doesn't work without the 'track' provider option.
As a consequence, TRACK_PROVIDERS=Yes is now the default. Note that
the 'track' option may still be turned off using 'notrack', when
TRACK_PROVIDERS=Yes.
Thank you for testing,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
