I had hoped to be able to avoid another RC but there have been enough
changes that I''ve decided that the safe thing to do is to release RC3.
http://www1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-RC3/
ftp://ftp1.shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-RC3/
Problems Corrected in 3.4.0 RC3
1) The route_rules file was being ignored. This has been corrected.
2) If an IP range was specified in a ''drop'' or
''reject'' command
(including the logging forms) and a ''shorewall save'' was
performed,
then the next time that Shorewall was restarted, new connections
from outside the firewall were totally blocked.
3) If a ''start'' or restart'' command failed during
the compile phase,
/sbin/shorewall erroneously returned an exit status of 0.
4) If IMPLICIT_CONTINUE=Yes was in effect, then sub-zones received the
implicit CONTINUE policy for their intra-zone traffic (rather than
the implicit ACCEPT policy for such traffic). This could cause
intra-zone traffic to be rejected by rules for one of the
parent zones.
Other Changes in 3.4.0 RC3
1) A warning is now issued when ''loose'' and
''balance'' are specified
together for a provider. This combination of options can lead to packets
being dropped as ''martians''.
2) If the ''setkey'' program is installed, then the IPSEC SPD
and SAD
are displayed in the output of "shorewall[-lite] dump. All key
information (E: and A: lines) is suppressed in the command output
so that the output of "dump" cannot be used to breach IPSEC
security.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV