http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8
Problems Corrected:
1. A typo in the /etc/shorewall/interfaces file has been corrected.
2. Previously, the "add" and "delete" commands were
generating
incorrect policy matches when policy match support was
available.
New Features:
1. Recent 2.6 kernels include code that evaluates TCP packets based
on TCP Window analysis. This can cause packets that were
previously classified as NEW or ESTABLISHED to be classified as
INVALID.
The new kernel code can be disabled by including this command in
your /etc/shorewall/init file:
echo 1
> /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
Additional kernel logging about INVALID TCP packets may be
obtained by adding this command to /etc/shorewall/init:
echo 1
> /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
Traditionally, Shorewall has dropped INVALID TCP packets early.
The new DROPINVALID option allows INVALID packets to be passed
through the normal rules chains by setting DROPINVALID=No.
If not specified or if specified as empty (e.g.,
DROPINVALID="")
then DROPINVALID=Yes is assumed.
2. The "shorewall add" and "shorewall delete" commands
now accept a
list of hosts to add or delete.
Examples:
shorewall add eth1:1.2.3.4 eth1:2.3.4.5 z12
shorewall delete eth1:1.2.3.4 eth1:2.3.4.5 z12
The above commands may also be written:
shorewall add eth1:1.2.3.4,2.3.4.5 z12
shorewall delete eth1:1.2.3.4,2.3.4.5 z12
-Tom
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
