Shorewall 5.2.8 RC 1 is now available for testing. Problems Corrected:
1) Certain restrictions that apply to wildcard interfaces (interface
name ends in '+') were previously not enforced when the logical
interface name did not end in '+' but the physical interface name
did end in '+'. That has been corrected.
2) To ensure that error messages appear in the correct place in the
output stream, stderr is now redirected to stdout when the
configured PAGER is used by a command.
3) Since Shorewall 5.1.0, the Shorewall uninstall.sh script has
incorrectly removed ${SBINDIR}/shorewall, while the Shorewall-core
uninstall.sh script has failed to remove that file. Both scripts
have been corrected.
4) Previously, the Shorewall CLI included a spurious hyphen ('-')
between the product name (e.g., 'Shorewall6') and the version when
printing a command output banner.
Example:
Shorewall6 Lite 5.2.8-RC1 Logwatch at foo8 - Thu 17 Sep 2020 ...
That has been corrected.
New Features since Beta 2:
1) The 'noanycast' option introduced in Beta 1 has been renamed
'omitanycast'.
Shorewall6 has traditionally generated rules for IPv6 anycast
addresses. These rules include:
a) Packets with these destination IP addresses are dropped by
REJECT rules.
b) Packets with these source IP addresses are dropped by the
'nosmurfs' interface option and by the 'dropSmurfs' action.
c) Packets with these destination IP addresses are not logged
during policy enforcement.
d) Packets with these destination IP addresses are processes by
the 'Broadcast' action.
Beginning with this release, individual network interfaces can be
excluded from this treatment through use of the 'omitanycast'
option in /etc/shorewall6/interfaces.
2) Duplicate function names have been eliminated between the
Shorewall-core lib.cli shell library and the Shorewall lib.cli-std
library.
3) The 'status' command in Shorewall[6]-lite now precedes the
configuration directory name with the administrative host name
separated with a colon (":").
Example (Firewall script generated on host 'debianvm'):
root@gateway:~# shorewall-lite status
Shorewall Lite-5.2.8 Status at gateway - Tue 15 Sep 2020 ...
Shorewall Lite is running
State:Started Tue 15 Sep 2020 03:08:33 PM PDT from
debianvm:/home/teastep/shorewall/gateway/shorewall/
(/var/lib/shorewall-lite/firewall compiled Tue 15 Sep 2020
03:08:28 PM PDT by Shorewall version 5.2.8)
root@gateway:~#
Thank you for testing,
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
