Shorewall devel - Oct 2011 - Shorewall 4.4.25 Beta 2

Beta 2 is now available for testing.

Problems corrected:

1)  When the logical and physical name of an interface were different,
    including the logical name in the tcdevices file caused the
    device''s classes to be ignored. This defect was introduced in
    Shorewall 4.4.23.

2)  When BLACKLISTNEWONLY=Yes, the new blacklisting feature would prevent rules
in the ESTABLISHED and RELATED sections from being used.

New Feature:

1)  ''6in4'' has been added as a synonum for
''6to4'' in the TYPE column of
    the tunnels file.

2)  The handling of IN_BANDWIDTH in both /etc/shorewall/tcdevices and
    /etc/shorewall/tcinterfaces has been changed. Previously:

    a) Simple rate/burst policing was applied using the value(s)
       supplied.

    b) IPv4 and IPv6 were policed separately.

    Beginning with this release:

    a) Simple rate/burst policing is applied with 110 percent of the
       supplied value. The burst value is used unchanged.

    b) A rate estimator is also used. The rate estimator measures the
       transfer rate over 1-second intervals and then calculates an
       "Exponential Weighted Moving Average" with an 8-second decay
       period. The rate estimator is used to limit the average rate to
       90% of the specified bandwidth.

    c) IPv4 and IPv6 are policed together.

    See the documents in
    http://ace-host.stuart.id.au/russell/files/tc/doc/ for information
    about rate estimators and policing.

    These two changes has improved the accuracy of policing in my
    tests. The tests were conducted on an internet connection that
    reliably transfers at least 45mbps. I have specified a burst size
    of 200kb and have used speedtest.net to test clamping download
    speed to 30mbps, 35mbps and 40mbps.
       
    I welcome reports from testers about your experience with this
    change.

Thank you for testing,
-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct