Problems Corrected:
1) A problem seen on RH7.3 systems where Shorewall encountered start
errors when started using the "service" mechanism has been worked
around.
New Features:
1) A ''newnotsyn'' interface option has been added. This option
may be
specified in /etc/shorewall/interfaces and overrides the setting
NEWNOTSYN=No for packets arriving on the associated interface.
2) The means for specifying a range of IP addresses in
/etc/shorewall/masq to use for SNAT is now
documented. ADD_SNAT_ALIASES=Yes is enabled for address ranges.
3) Shorewall can now add IP addresses to subnets other than the first
one on an interface.
4) DNAT[-] rules may now be used to round-robin over a set of
servers. Up to 256 servers may be specified in a range of addresses
given as <first address>-<last address>.
Example:
DNAT net loc:192.168.10.2-192.168.10.5 tcp 80
I believe that this version corrects problems seen with the previous
snapsnot on older and stripped down shells such as ash.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net
