Version 3.4 is off to a bit of a rocky start so I''m issuing this update
to avoid problems for people who grab the latest stable release.
Problems Corrected in 3.4.1
1) The "shorewall-[lite] [re]start and stop" commands reset the
proxy_arp flag on all interfaces on the system making it impossible
to control proxy arp manually with Shorewall installed. There was a
partial fix included in 3.4.0; unfortunately, it did not correct
the problem completely. Shorewall 3.4.1 includes the rest of the
change necessarey to only clear proxy arp if there were entries in
/etc/shorewall/proxyarp the last time that Shorewall was
[re]started.
2) If the log-prefix in a log message exceeded 29 characters,
''shorewall restart'' fails with ''truncate: command
not found'' and a
possible segmentation fault in iptables.
3) Log messages specifying a log tag had two spaces appended to the
log prefix. This could cause mysterious "log-prefix truncated"
messages.
4) When nested zones were defined in the /etc/shorewall/zones file and
IMPLICIT_CONTINUE=Yes was given in /etc/shorewall/shorewall.conf,
shell error messages ( usually ''<zone>: not found'' )
during
compilation resulted.
5) Use of CONTINUE policies lead to startup errors with a message
such as the following:
Applying Policies...
iptables v1.3.7: Couldn''t load target
`CONTINUE'':/usr/local/lib/iptables/libipt_CONTINUE.so: cannot
open shared object file: No such file or directory
Try `iptables -h'' or ''iptables --help'' for
more information.
ERROR: Command "/sbin/iptables -A net2c148 -j CONTINUE"
Failed
6) If there were hosts defined as ''critical'' in
/etc/shorewall/routestopped then problems occured in two cases:
i) On a Shorewall Lite system when ''shorewall stop'' or
''shorewall
clear'' was issued.
ii) On Shorewall or Shorewall lite system when ''start'' or
''restart''
failed during execution of the compiled script and there was no
saved configuration (''shorewall[-lite] save'' has not been
issued).
The symptoms were that the following shell messages were issued and
the ''critical'' hosts were not enabled:
/var/lib/shorewall/.start: line nnn: source_ip_range: command not
found
/var/lib/shorewall/.start: line nnm: dest_ip_range: command not found
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV