Shorewall users - Oct 2011 - Shorewall 4.4.24

The Shorewall Team is pleased to announce the availability of Shorewall 4.4.24.

----------------------------------------------------------------------------
     P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
----------------------------------------------------------------------------

1)  This release includes all problem corrections from releases
    4.4.23.1-4.4.23.3.

2)  The ''fallback'' option without =<weight> previously
produced invalid
    ''ip'' commands.

----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
----------------------------------------------------------------------------

1)  On systems running Upstart, shorewall-init cannot reliably secure
    the firewall before interfaces are brought up.

----------------------------------------------------------------------------
           N E W   F E A T U R E S   I N   T H I S  R E L E A S E
----------------------------------------------------------------------------

1)  Stateless NAT is now available in Shorewall6. See
    shorewall6-netmap(5) for details. Beta 2 added the ability to use
    exclusion in the NET1 column.

2)  /sbin/shorewall6 now supports the ''show rawpost'' command.

3)  This release includes support for ''Condition Match'' which
is
    included in xtables-addons. Condition match allows rules to be
    predicated on the setting of a named switch in
    /proc/net/nf_condition/. 

    See
    http://www.shorewall.net/configuration_file_basics.htm#Switches
    for details.

4)  With the preceding change, the rules file now has 14 columns. That
    makes it awkward to specify the last column as you have to insert
    the correct number of ''-'' to get the right column.

    To make that easier, Shorewall now allows you to specify columns
    using several (column-name,value) formats. See
     http://www.shorewall.net/configuration_file_basics.htm#Pairs for
    details.

5)  The generated script will now use the iptables/ip6tables -S command
    if available.

6)  The implementation of USE_DEFAULT_RT=Yes has been changed
    significantly. These changes include:

    a) A new BALANCE routing table with number 250 has been added.
    b) Routes to providers with the ''balance'' option are added
to the
       BALANCE table rather than the default table.
    c) This allows ''fallback'' to work with USE_DEFAULT_RT.
    d) For optional interfaces, the ''fallback'' option without
a value
       now works the same as if ''fallback=1'' had been
specified.

    This change also corrected several problems with
''fallback'' and
    enable/disable.

7)  Support has been added for TTL manipulation (HL in Shorewall6). 
    See shorewall-tcrules(5) or shorewall6-tcrules(5) for details.

Thank you for using Shorewall,
-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2