Shorewall 5.2.7 Beta 1 is now available for testing. Problems Corrected:
1) This release contains defect repair up through Shorewall 5.2.6.1.
New Features:
1) Previously, it was not possible to classify traffic by destination
IP address when using an Intermediate Functional Block (IFB) for
traffic shaping. This is because such classification takes place
before the traffic passes through the mangle PREROUTING chain.
Such filtering is now possible by setting the 'connmark' option in
the tcdevices file. This option causes the current connection mark
to be copied to the packet mark prior to filtering, thus allowing
the packet mark to be used for classification.
Rodrigo Araujo provided the bulk of the code for this enhancement.
2) The tcpri file now supports ?FORMAT 2 which inserts an SPORT
column directly to the right of the PORT column. As part of this
change, the PORT column is renamed to DPORT while allowing both
'port' and 'dport' to be used in the alternate input format. See
shorewall-tcpri(5) and
http://shorewall.org/simple_traffic_shaping.html for additional
information.
Note: The releasenotes and change log in the packages is the 5.2.6
version and not the 5.2.7 Beta 1 version.
Thank you for testing,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
