The Shorewall team is pleased to announce the availability of Shorewall
4.6.4.
Problems Corrected:
1) This release includes defect repair through release 4.6.3.4.
2) Two corrections have been made to the .service files:
- The .service files now correctly specify
WantedBy=basic.target
- Conflicting services have been added.
3) A warning message generated during stoppedrules processing
previously referred to the file as routestopped.
4) Previously, the stoppedrules file did not work properly when
ADMINISABSENTMINDED=No.
- A warning message was issued stating that the file would be
processed as if ADMINISABSENTMINDED=Yes, and it was.
- Unfortunately, part of the surrounding rule-generating logic
proceded as if ADMINISABSENTMINDED=No, leading to an unusable
ruleset.
This problem has been corrected by changing the way that
stoppedrules works with ADMINISABSENTMINDED=No. In the new
implementation:
- All existing connections continue to work.
- Response packets and related connection requests to new accepted
connections are accepted (in other words, the resulting ruleset
is stateful).
See shorewall[6].conf(5) for additional details.
5) The .spec files now set SBINDIR correctly.
6) The -lite installers now create INITDIR if it doesn't exist.
7) The installers no longer attempt to create a symbolic link to the
init script when no init script is installed.
8) A large number of defects in the uninstallers have been corrected.
New Features:
1) Install support for Centos 7 and Foobar 7 has been added (Tuomo
Soini).
2) A 'terminating' option has been added to shorewall[6].actions.
this option, when used with the 'builtin' option, indicates to the
compiler that the built-in action is terminating. This allows the
optimizer to omit rules after an unconditional jump to the
built-in.
3) A LOG_BACKEND option has been added to allow specification of the
default logging backends. See shorewall.conf(5) and
shorewall6.conf(5) for details.
4) The SAVE_IPSETS option may now specify a list of ipsets to be
saved. When such a list is specified, only those ipsets together
with the ipsets supporting dynamic zones are saved.
Shorewall6 now supports the SAVE_IPSETS option. When
SAVE_IPSETS=Yes, only ipv6 ipsets are saved. For Shorewall, if
SAVE_IPSETS=ipv4, then only ipv4 ipsets are saved. Both features
require ipset version 5 or later.
Note that shorewall.conf and shorewall6.conf may now both specify
SAVE_IPSETS.
5) The SBINDIR setting for SuSE now defaults to /usr/sbin/.
6) With the exception of Shorewall-core, the tarball installers and
uninstallers now support a -n option which inhibits any attempt to
change the startup configuration. The -n option can be
automatically invoked by setting the SANDBOX variable to a
non-empty value, either in the environment or in your shorewallrc
file.
Thank you for using Shorewall,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/Zoho