[Shorewall-users] Shorewall 5.2.8 Beta 1

Mon, 07 Sep 2020 15:19:09 -0700 

Shorewall 5.2.8 Beta 1 is now available for testing.

New Features:

1)  The 'show tc' command now shows the classifiers associated with
    each interface (as displayed by the 'show classifiers'
    command). This integrated qdisc/filter information is also included
    in the output of the 'dump' command. This change deprecates the
    'show classifiers' ('show filters') command, as that command's
    output is now included in the 'show tc' output.

2)  The 'show tc' and 'show classifiers' ('show filters') commands now
    display the policing filter(s) that enforce IN-BANDWIDTH settings.

    Note: The code implementing this change assumes that a policing
    filter's handle is ffff. This is the handle that Shorewall assigns
    and is the same as that shown in many examples.

    Example (output folded to fit in 80 columns):

    $ shorewall show tc eth0
    Shorewall 5.2.8-Beta1 Traffic Control at gateway -
        Mon 03 Aug 2020 12:52:52 PM PDT

    Device eth0:
    ...

    filter protocol all pref 10 basic chain 0
    filter protocol all pref 10 basic chain 0 handle 0x1
        action order 1:  police 0x1 rate 0bit burst 0bit mtu 4096Mb
                         avrate 200Mbit
                         action drop overhead 0b linklayer unspec
        ref 1 bind 1 installed 58904 sec used 0 sec
        Action statistics:
        Sent 26645 bytes 249 pkt (dropped 0, overlimits 0 requeues 0)
        rate 4608bit 6pps       backlog 0b 0p requeues 0

3)  Shorewall6 normally generates rules to silently drop unhandled
    traffic sent to subnetwork anycast addresses for IPv6 subnets
    associated with all active interfaces. Beginning with this
    release, this behavior can be disabled for subnets on an interface
    by specifying the'noanycast' option in the interface's entry in
    shorewall-interfaces(5).

Thank you for testing,

-Tom
-- 
Tom Eastep        \ Q: What do you get when you cross a mobster
Shoreline,         \    with an international standard?
Washington, USA     \ A: Someone who makes you an offer you
http://shorewall.org \    can't understand
                      \________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users














    











					Reply via email to