Shorewall 4.5.20 is now available for download.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) On some distributions, the shorewall-lite and shorewall6-lite
uninstallers could fail with a syntax error.
2) A typographical error in the usage text produced by the -h command
in the compiled firewall script has been corrected.
3) The handling of INITSOURCE is now uniform between the standard and
the -lite installers.
4) Previously, when SYSCONFFILE was specified in shorewallrc, the
installers would always install default.debian rather than the
named file. That has been corrected.
----------------------------------------------------------------------------
I I. K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
1) On systems running Upstart, shorewall-init cannot reliably secure
the firewall before interfaces are brought up.
----------------------------------------------------------------------------
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) A new TRACK_RULES option has been added to shorewall[6].conf. When
set to ''Yes'', this option causes most rules to be tagged
with a
comment which gives the configuration file name and line number
that caused the rule to be generated. These comments replace any
comments added via AUTOCOMMENT=Yes and ?COMMENT entries.
Setting this option to ''Yes'' requires the
''Comments'' capability in
your kernel and ip[6]tables.
2) You may now specify ''OPTIMIZE=All'' in shorewall[6].conf to
enable
all optimizations. If new optimization levels are added in the
future, OPTIMIZE=All will automatically enable those optimizations.
For completeness, ''OPTIMIZE=None'' disables all
optimizations.
3) ''list'' and ''ls'' are now documented
alternatives for ''show'' in the
CLI programs. /sbin/shorewall and /sbin/shorewall6 now accept
''ck''
as an abbreviation for ''check'' and ''co''
as an abbreviation for
''compile''.
4) Beginning with this release, if /etc/os-release exists during
installation, then the ID setting in that file will be used to
determine which Linux distribution is running on the system.
5) The ''status'' command now obeys the effective VERBOSITY and
will
produce no output when the effective VERBOSITY is less than 1.
6) The CLI exit status codes are now documented in the manpages
(shorewall(8), shorewall6(8), etc.).
7) Beginning with this release, the shorewallrc file supports a
SERVICEFILE variable. SERVICEFILE is only relevant when SERVERD is
non-empty, in which case it names the file to be installed as the
product''s .service file. If SERVERD is specified but SERVICEFILE is
not, the assumed value of SERVERFILE is $PRODUCT.service.
8) The ${SBINDIR}/shorewall-init utility will now compile
configurations if needed
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
On Mon, 26 Aug 2013 12:59:25 -0700 Tom Eastep <teastep@shorewall.net> wrote:> Shorewall 4.5.20 is now available for download. > > ---------------------------------------------------------------------------- > I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A > S E > ---------------------------------------------------------------------------- > > 1) On some distributions, the shorewall-lite and shorewall6-lite > uninstallers could fail with a syntax error. > > 2) A typographical error in the usage text produced by the -h command > in the compiled firewall script has been corrected. > > 3) The handling of INITSOURCE is now uniform between the standard and > the -lite installers. > > 4) Previously, when SYSCONFFILE was specified in shorewallrc, the > installers would always install default.debian rather than the > named file. That has been corrected. > > ---------------------------------------------------------------------------- > I I. K N O W N P R O B L E M S R E M A I N I N G > ---------------------------------------------------------------------------- > > 1) On systems running Upstart, shorewall-init cannot reliably secure > the firewall before interfaces are brought up. > > ---------------------------------------------------------------------------- > I I I. N E W F E A T U R E S I N T H I S R E L E A S E > ---------------------------------------------------------------------------- > > 1) A new TRACK_RULES option has been added to shorewall[6].conf. When > set to ''Yes'', this option causes most rules to be tagged with a > comment which gives the configuration file name and line number > that caused the rule to be generated. These comments replace any > comments added via AUTOCOMMENT=Yes and ?COMMENT entries. > > Setting this option to ''Yes'' requires the ''Comments'' capability in > your kernel and ip[6]tables. > > 2) You may now specify ''OPTIMIZE=All'' in shorewall[6].conf to enable > all optimizations. If new optimization levels are added in the > future, OPTIMIZE=All will automatically enable those > optimizations. > > For completeness, ''OPTIMIZE=None'' disables all optimizations. > > 3) ''list'' and ''ls'' are now documented alternatives for ''show'' in the > CLI programs. /sbin/shorewall and /sbin/shorewall6 now accept ''ck'' > as an abbreviation for ''check'' and ''co'' as an abbreviation for > ''compile''. > > 4) Beginning with this release, if /etc/os-release exists during > installation, then the ID setting in that file will be used to > determine which Linux distribution is running on the system. > > 5) The ''status'' command now obeys the effective VERBOSITY and will > produce no output when the effective VERBOSITY is less than 1. > > 6) The CLI exit status codes are now documented in the manpages > (shorewall(8), shorewall6(8), etc.). > > 7) Beginning with this release, the shorewallrc file supports a > SERVICEFILE variable. SERVICEFILE is only relevant when SERVERD is > non-empty, in which case it names the file to be installed as the > product''s .service file. If SERVERD is specified but SERVICEFILE > is not, the assumed value of SERVERFILE is $PRODUCT.service. > > 8) The ${SBINDIR}/shorewall-init utility will now compile > configurations if needed > > Thank you for using Shorewall, > -Tom-- "A. Because it breaks the logical order of conversation. Q. Why is top posting bad?" ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
2013/8/26 Tom Eastep <teastep@shorewall.net>> Shorewall 4.5.20 is now available for download. >>>> Downloading ''http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2 '' --2013-08-26 22:35:48-- http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2 Resolving www.shorewall.net (www.shorewall.net)... 66.199.187.46, 2001:470:b:227::43 Connecting to www.shorewall.net (www.shorewall.net)|66.199.187.46|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2013-08-26 22:35:48 ERROR 403: Forbidden. Am I too fast? I see the files in http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/ but I cannot download (403). I tried multiple mirrors, same error. -- Regards, Igor ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
On 8/26/2013 1:40 PM, Igor Sverkos wrote:> 2013/8/26 Tom Eastep <teastep@shorewall.net <mailto:teastep@shorewall.net>> > > Shorewall 4.5.20 is now available for download. > > >>>> Downloading > ''http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2'' > --2013-08-26 22:35:48-- > http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2 > Resolving www.shorewall.net <http://www.shorewall.net> > (www.shorewall.net <http://www.shorewall.net>)... 66.199.187.46, > 2001:470:b:227::43 > Connecting to www.shorewall.net <http://www.shorewall.net> > (www.shorewall.net <http://www.shorewall.net>)|66.199.187.46|:80... > connected. > HTTP request sent, awaiting response... 403 Forbidden > 2013-08-26 22:35:48 ERROR 403: Forbidden. > > Am I too fast? > > I see the files in > http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/ but I > cannot download (403). > > I tried multiple mirrors, same error.I''ve re-uploaded and the main site (www1/ftp1) seems okay now; the mirrors (including www) should be okay once they are synced. Sorry for the inconvenience. I''m out of town for two weeks and am having to use makeshift procedures. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
It looks as problem in 4.5.20 folder only. http://canada.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt Forbidden You don't have permission to access /pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt on this server. Apache Server at canada.shorewall.net Port 80 Same on main site.... >-------- Оригинално писмо -------- >От: Tom Eastep teastep@shorewall.net >Относно: Re: [Shorewall-users] hShorewall 4.5.20 >До: shorewall-users@lists.sourceforge.net >Изпратено на: Вторник, 2013, Август 27 01:20:27 EEST> On 8/26/2013 1:40 PM, Igor Sverkos wrote:> > 2013/8/26 Tom Eastep >> >> > Shorewall 4.5.20 is now available for download.> >> >> >>>> Downloading> > 'http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2'> > --2013-08-26 22:35:48--> > http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/shorewall-4.5.20.tar.bz2> > Resolving www.shorewall.net> > (www.shorewall.net )... 66.199.187.46,> > 2001:470:b:227::43> > Connecting to www.shorewall.net> > (www.shorewall.net )|66.199.187.46|:80...> > connected.> > HTTP request sent, awaiting response... 403 Forbidden> > 2013-08-26 22:35:48 ERROR 403: Forbidden.> >> > Am I too fast?> >> > I see the files in> > http://www.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/ but I> > cannot download (403).> >> > I tried multiple mirrors, same error.>> I've re-uploaded and the main site (www1/ftp1) seems okay now; the> mirrors (including www) should be okay once they are synced.>> Sorry for the inconvenience. I'm out of town for two weeks and am having> to use makeshift procedures.>> -Tom> --> Tom Eastep \ When I die, I want to go like my Grandfather who> Shoreline, \ died peacefully in his sleep. Not screaming like> Washington, USA \ all of the passengers in his car> http://shorewall.net \________________________________________________----------------------------------------------------------------- Маркови парфюми с до -60% отстъпка за всички клиенти !!! http://parfiumbg.com/?utm_source=netinfo&utm_medium=abv&utm_content=Outgoingmail ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
> It looks as problem in 4.5.20 folder only. > > http://canada.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt > Forbidden > You don''t have permission to access > /pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt > on this server. > > > Apache Server at canada.shorewall.net Port 80 > > Same on main site.... >As a workaround you may use the Slovakian mirror for now: http://slovakia.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/ Simon ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
Problem is caused by following permission -rwxr-x--- it should be -rw-r--r-- instead. I did fix it temporary on canada.shorewall.net, but it has to be fixed on master. http://canada.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/ >-------- Оригинално писмо -------- >От: "Simon Matter" simon.matter@invoca.ch >Относно: Re: [Shorewall-users] hShorewall 4.5.20 >До: "Shorewall Users" <shorewall-users@lists.sourceforge.net> >Изпратено на: Вторник, 2013, Август 27 08:56:14 EEST> > It looks as problem in 4.5.20 folder only.> >> > http://canada.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt> > Forbidden> > You don't have permission to access> > /pub/shorewall/4.5/shorewall-4.5.20/releasenotes.txt> > on this server.> >> >> > Apache Server at canada.shorewall.net Port 80> >> > Same on main site....> >>> As a workaround you may use the Slovakian mirror for now:> http://slovakia.shorewall.net/pub/shorewall/4.5/shorewall-4.5.20/>> Simon>>> ------------------------------------------------------------------------------> Introducing Performance Central, a new site from SourceForge and> AppDynamics. Performance Central is your source for news, insights,> analysis and resources for efficient Application Performance Management.> Visit us today!> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk> _______________________________________________> Shorewall-users mailing list> Shorewall-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users