The Shorewall Team is pleased to announce the availability of Shorewall 4.4.24. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all problem corrections from releases 4.4.23.1-4.4.23.3. 2) The ''fallback'' option without =<weight> previously produced invalid ''ip'' commands. ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ---------------------------------------------------------------------------- 1) On systems running Upstart, shorewall-init cannot reliably secure the firewall before interfaces are brought up. ---------------------------------------------------------------------------- N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Stateless NAT is now available in Shorewall6. See shorewall6-netmap(5) for details. Beta 2 added the ability to use exclusion in the NET1 column. 2) /sbin/shorewall6 now supports the ''show rawpost'' command. 3) This release includes support for ''Condition Match'' which is included in xtables-addons. Condition match allows rules to be predicated on the setting of a named switch in /proc/net/nf_condition/. See http://www.shorewall.net/configuration_file_basics.htm#Switches for details. 4) With the preceding change, the rules file now has 14 columns. That makes it awkward to specify the last column as you have to insert the correct number of ''-'' to get the right column. To make that easier, Shorewall now allows you to specify columns using several (column-name,value) formats. See http://www.shorewall.net/configuration_file_basics.htm#Pairs for details. 5) The generated script will now use the iptables/ip6tables -S command if available. 6) The implementation of USE_DEFAULT_RT=Yes has been changed significantly. These changes include: a) A new BALANCE routing table with number 250 has been added. b) Routes to providers with the ''balance'' option are added to the BALANCE table rather than the default table. c) This allows ''fallback'' to work with USE_DEFAULT_RT. d) For optional interfaces, the ''fallback'' option without a value now works the same as if ''fallback=1'' had been specified. This change also corrected several problems with ''fallback'' and enable/disable. 7) Support has been added for TTL manipulation (HL in Shorewall6). See shorewall-tcrules(5) or shorewall6-tcrules(5) for details. Thank you for using Shorewall, -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2