This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t have any configuration problems that will prevent a successful restart. 2. Added MERGE_HOSTS variable in shorewall.conf to provide saner behavior of the /etc/shorewall/hosts file. 3. The time that the counters were last reset is now displayed in the heading of the ''status'' and ''show'' commands. 4. Added MUTEX_TIMEOUT variable in shorewall.conf and changed the way in which Shorewall protects itself from concurrent state changes. Previously, if a state-changing operation (like restart) found a lock file, it would wait for 30 seconds for the lock file to be removed. If the file was not removed within 30 seconds, a message was issued and the operation was aborted. With the new code, the wait time is determined by the value of MUTEX_TIMEOUT (default 60 seconds). If the file is not removed within MUTEX_TIMEOUT, the state-changing operation will assume that the lock file is stale and will issue a message and continue. An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes your firewall system to process a "shorewall restart" command. 5. Added ''proxyarp'' interface option to facilitate Proxy ARP subnetting as described in the Proxy ARP subnetting mini-HOWTO (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/) Specifying this option for an interface causes Shorewall to set /proc/sys/net/ipv4/conf/<interface>/proxy_arp. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom, Thanks for all the hard work and effort you put into this firewall. The addition of the proxy-arp interface option will be really nice and I''m looking forward to implementing it seeing as I have 254 entries in my current proxyarp file and we are in the process of adding another Class c sub-net. Your Documentation already Kicks Ass and I really appreciate it. Thanks Again and take it easy. Mike -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Thursday, July 25, 2002 3:27 PM To: Shorewall Users; Shorewall Announcements Subject: [Shorewall-users] Shorewall 1.3.5 This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t have any configuration problems that will prevent a successful restart. 2. Added MERGE_HOSTS variable in shorewall.conf to provide saner behavior of the /etc/shorewall/hosts file. 3. The time that the counters were last reset is now displayed in the heading of the ''status'' and ''show'' commands. 4. Added MUTEX_TIMEOUT variable in shorewall.conf and changed the way in which Shorewall protects itself from concurrent state changes. Previously, if a state-changing operation (like restart) found a lock file, it would wait for 30 seconds for the lock file to be removed. If the file was not removed within 30 seconds, a message was issued and the operation was aborted. With the new code, the wait time is determined by the value of MUTEX_TIMEOUT (default 60 seconds). If the file is not removed within MUTEX_TIMEOUT, the state-changing operation will assume that the lock file is stale and will issue a message and continue. An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes your firewall system to process a "shorewall restart" command. 5. Added ''proxyarp'' interface option to facilitate Proxy ARP subnetting as described in the Proxy ARP subnetting mini-HOWTO (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/) Specifying this option for an interface causes Shorewall to set /proc/sys/net/ipv4/conf/<interface>/proxy_arp. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
I cant seem to get the new rpm file. Is it updated on the server? --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com URL: www.amadmax.com "It said, ""Insert disk #3,"" but only two will fit!" "One picture is worth 128K words."
On Fri, 26 Jul 2002, Aaron Axelsen wrote:> I cant seem to get the new rpm file. Is it updated on the server? >It is now -- sorry for the screwup.... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
No problem. We all make screw ups from time to time, but none of us are as bad as Microsoft :) --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com URL: www.amadmax.com "It said, ""Insert disk #3,"" but only two will fit!" "One picture is worth 128K words." -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep Sent: Friday, July 26, 2002 3:12 PM To: Aaron Axelsen Cc: shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Shorewall 1.3.5 On Fri, 26 Jul 2002, Aaron Axelsen wrote:> I cant seem to get the new rpm file. Is it updated on the server? >It is now -- sorry for the screwup.... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
Microsoft.. Don''t make mistakes, we call it a MONEY Making SCAM -----Original Message----- From: Aaron Axelsen [mailto:axelseaa@amadmax.com]=20 Sent: Friday, July 26, 2002 22:33 To: ''Tom Eastep'' Cc: shorewall-users@shorewall.net Subject: RE: [Shorewall-users] Shorewall 1.3.5 No problem. We all make screw ups from time to time, but none of us are as bad as Microsoft :) --- Aaron Axelsen AIM: AAAK2 Email: axelseaa@amadmax.com URL: www.amadmax.com =20 "It said, ""Insert disk #3,"" but only two will fit!" "One picture is worth 128K words." -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net] On Behalf Of Tom Eastep Sent: Friday, July 26, 2002 3:12 PM To: Aaron Axelsen Cc: shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Shorewall 1.3.5 On Fri, 26 Jul 2002, Aaron Axelsen wrote:> I cant seem to get the new rpm file. Is it updated on the server? >=20It is now -- sorry for the screwup.... -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users