This is a bugfix roll up of the following:
1) Tuomo Soini has supplied a correction to a problem that occurs using
some versions of ''ash''. The symptom is that "shorewall
start" fails
with:
local: --limit: bad variable name
iptables v1.2.8: Couldn''t load match
`-j'':/lib/iptables/libipt_-j.so:
cannot open shared object file: No such file or directory
Try `iptables -h'' or ''iptables --help'' for more
information.
2) Andres Zhoglo has supplied a correction that avoids trying to use
the multiport match iptables facility on ICMP rules.
Example of rule that previously caused "shorewall start" to fail:
ACCEPT loc $FW icmp 0,8,11,12
3) Previously, if the following error message was issued, Shorewall
was left in an inconsistent state.
Error: Unable to determine the routes routes through interface xxx
4) Handling of the LOGUNCLEAN option in shorewall.conf has been
corrected.
5) In Shorewall 1.4.2, an optimization was added. This optimization
involved creating a chain named "<zone>_frwd" for most zones
defined using the /etc/shorewall/hosts file. It has since been
discovered that in many cases these new chains contain redundant
rules and that the "optimization" turns out to be less than
optimal. The implementation has now been corrected.
6) When the MARK value in a tcrules entry is followed by ":F" or
":P",
the ":F" or ":P" was previously only applied to the first
Netfilter
rule generated by the entry. It is now applied to all entries.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
