Given that there are new features and there are external changes to get
around the Fireparse fiasco, I have called this release 1.4.4 rather than
1.4.3b.
Problems Corrected:
None.
New Features:
1) A REDIRECT-rule target has been added. This target behaves for
REDIRECT in the same was as DNAT-does for DNAT in that the
Netfilter nat table REDIRECT rule is added but not the companion
filter table ACCEPT rule.
2) The LOGMARKER variable has been renamed LOGFORMAT and has been
changed to a ''printf'' formatting template which accepts
three
arguments (the chain name, logging rule number and the disposition).
To use LOGFORMAT with fireparse, set it as:
LOGFORMAT="fp=%s:%d a=%s "
CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT
string (up to but not including the first ''%'') to find log
messages
in the ''show log'', ''status'' and
''hits'' commands. This part should
not be omitted (the LOGFORMAT should not begin with "%") and the
leading part should be sufficiently unique for /sbin/shorewall to
identify Shorewall messages.
3) When logging is specified on a DNAT[-] or REDIRECT[-] rule, the
logging now takes place in the nat table rather than in the filter
table. This way, only those connections that actually undergo DNAT
or redirection will be logged.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net
