4.3.3 is available for download. There are two incompatible changes in this release. 1) Rather than square brackets ([]), addresses following an interface name are now enclosed in angle brackets (<>). This change is made to avoid confusion in the documentation with the meta characters ''['' and '']''. 2) Only those macros that have different contents in IPv6 are now included in /usr/share/shorewall6/. As a consequence, /usr/share/shorewall must be added to your CONFIG_PATH in /etc/shorewall6/shorewall6.conf. ---------------------------------------------------------------------------- R E L E A S E 4 . 3 H I G H L I G H T S ---------------------------------------------------------------------------- 1) Support is included for IPv6. Minimun system requirements: - Kernel 2.6.25 or later. - iptables 1.4.0 or later with 1.4.1 strongly recommended. - Perl 5.10 if you wish to use DNS names in your IPv6 config files. In that case you will also have to install Perl Socket6 support. Problems Corrected in 4.3.3 1) Previously, if IP6TABLES wasn''t specified in shorewall6.conf, it was set to iptables rather than ip6tables. Other changes in 4.3.3 1) In as much as ip6tables doesn''t support the ECN target, the ''ecn'' file has been removed and its processing disabled. 2) The ''maclist'' option is now supported in /etc/shorewall6/interfaces and in /etc/shorewall6/hosts. The following IPv6 traffic is exempt from MAC validation: a) Multicast. b) Source or destination is a link-level address (ff80::/10). 3) Traffic shaping is now enabled in Shorewall6. See below. 4) Shorewall6 and Shorewall6 Lite now check the kernel version during ''start'' processing. If the kernel version is less than 2.6.25, a fatal error is generated. 5) The AllowICMPs macro has been converted to a standard action. This allows for more efficient processing in the case where ipv6-icmp is specified as the PROTO in the invocation of AllowICMPs. e.g., AllowICMPs $FW net ipv6-icmp 6) A ''proxyndp'' option has been added to /etc/shorewall6/interfaces. The option is the IPv6 analog of the ''proxyarp'' option in /etc/shorewall/interfaces. 7) Source anycast addresses defined by RFC 2526 are now trapped by ''nosmurfs''. 8) Manpages are now included for Shorewall6 and Shorewall6-lite. Attached is a patch which should be applied to /usr/share/shorewall-perl/Shorewall/rules.pm after installation. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/