[Shorewall-users] Shoewall 5.2.4 Beta 1

Tue, 10 Mar 2020 11:18:26 -0700 

Shorewall 5.2.4 Beta 1 is now available for testing.

Problems Corrected:

1)  This release includes all defect repair through Shorewall 5.2.3.7.

2)  Previously, when a Shorewall6 firewall was placed into the
    'stopped' state, ICMP6 packets required by RFC 4890 were not
    automatically accepted by the generated ruleset.

    Beginning with this release, those packets are automatically
    accepted.

3)  Previously, the output of 'shorewall[6] help' displayed the
    superseded 'load' command. That text has been deleted.

4)  The QOSExample.html file in the documentation and on the web site
    previously showed tcrules content for the /etc/shorewall/mangle
    file (recall that 'mangle' superseded 'tcrules'). That page has
    been corrected.

New Features:

1)  Previously, Shorewall's Docker support assumed that the default
    Docker Bridge (docker0) was being used. Beginning with this
    release, the DOCKER_BRIDGE option in Shorewall.conf allows an
    arbitrary name to be assigned to the bridge. In particular, when
    CNI is being used, DOCKER_BRIDGE=cni0 is the appropriate setting.

2)  The CLI keywords 'debug' and 'trace' have been replaced by -D and
    -T options respectively (e.g., 'shorewall trace reload' is now
    'shorewall -T reload'). Like the keywords, only one of these
    options can be active at a time; if both are entered, only the
    last one is activated. A similar change has been made to the
    generated script.

    The -T option (formerly 'trace') now applies only to shell-level
    tracing in the CLI and generated script. Those commands that
    invoke the rules compiler now accept a -D command option which
    causes the compiler to generate debugging information (e.g.,
    'shorewall check -D').

    The 'nolock' keyword is now deprecated in favor of the -N
    option (e.g., 'shorewall nolock reload' becomes 'shorewall -N
    reload').

    See shorewall(8) for details.

3)  Within the source code and documentation, 'shorewall.net' has been
    replaced by 'shorewall.org'.

Thank you for testing,

-Tom
-- 
Tom Eastep        \ Q: What do you get when you cross a mobster
Shoreline,         \    with an international standard?
Washington, USA     \ A: Someone who makes you an offer you
http://shorewall.org \    can't understand
                      \________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users














    











					Reply via email to