http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
Problems corrected since RC1:
1) The documentation of the USERSETS column in the rules file has been
corrected.
2) If there is no policy defined for the zones specified in a rule,
the firewall script previously encountered a shell syntax error:
[: NONE: unexpected operator
Now, the absence of a policy generates an error message and the
firewall is stopped:
No policy defined from zone <source> to zone <dest>
3) Previously, if neither /etc/shorewall/common nor
/etc/shorewall/common.def existed, Shorewall would fail to start
and would not remove the lock file. Failure to remove the lock file
resulted in the following during subsequent attempts to start:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Giving up on lock file /var/lib/shorewall/lock
Shorewall Not Started
Shorewall now reports a fatal error if neither of these two files
exist and correctly removes the lock file.
4) The order of processing the various options has been changed such
that blacklist entries now take precedence over the ''dhcp''
interface setting.
5) The log message generated from the ''logunclean'' interface
option
has been changed to reflect a disposition of LOG rather than DROP.
6) The RFC1918 file has been updated to reflect recent IANA
allocations.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
Paul Gear
2003-Oct-03 06:00 UTC
[Shorewall-devel] Re: [Shorewall-announce] Shorewall 1.4.7 RC2
Tom Eastep wrote:> ... > 6) The RFC1918 file has been updated to reflect recent IANA > allocations.On that note, is there an option at the moment to do egress filtering on RFC1918 addresses? If not, does anyone have any pointers/suggestions before i go implementing it? -- Paul http://paulgear.webhop.net A: Because we read from top to bottom, left to right. Q: Why should i start my reply below the quoted text? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20031003/4b582139/attachment.bin
Tom Eastep
2003-Oct-03 07:18 UTC
[Shorewall-devel] Re: [Shorewall-announce] Shorewall 1.4.7 RC2
On Fri, 2003-10-03 at 06:00, Paul Gear wrote:> Tom Eastep wrote: > > ... > > 6) The RFC1918 file has been updated to reflect recent IANA > > allocations. > > On that note, is there an option at the moment to do egress filtering on > RFC1918 addresses?No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net