http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems corrected since RC1: 1) The documentation of the USERSETS column in the rules file has been corrected. 2) If there is no policy defined for the zones specified in a rule, the firewall script previously encountered a shell syntax error: [: NONE: unexpected operator Now, the absence of a policy generates an error message and the firewall is stopped: No policy defined from zone <source> to zone <dest> 3) Previously, if neither /etc/shorewall/common nor /etc/shorewall/common.def existed, Shorewall would fail to start and would not remove the lock file. Failure to remove the lock file resulted in the following during subsequent attempts to start: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Giving up on lock file /var/lib/shorewall/lock Shorewall Not Started Shorewall now reports a fatal error if neither of these two files exist and correctly removes the lock file. 4) The order of processing the various options has been changed such that blacklist entries now take precedence over the ''dhcp'' interface setting. 5) The log message generated from the ''logunclean'' interface option has been changed to reflect a disposition of LOG rather than DROP. 6) The RFC1918 file has been updated to reflect recent IANA allocations. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Paul Gear
2003-Oct-03 06:00 UTC
[Shorewall-devel] Re: [Shorewall-announce] Shorewall 1.4.7 RC2
Tom Eastep wrote:> ... > 6) The RFC1918 file has been updated to reflect recent IANA > allocations.On that note, is there an option at the moment to do egress filtering on RFC1918 addresses? If not, does anyone have any pointers/suggestions before i go implementing it? -- Paul http://paulgear.webhop.net A: Because we read from top to bottom, left to right. Q: Why should i start my reply below the quoted text? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20031003/4b582139/attachment.bin
Tom Eastep
2003-Oct-03 07:18 UTC
[Shorewall-devel] Re: [Shorewall-announce] Shorewall 1.4.7 RC2
On Fri, 2003-10-03 at 06:00, Paul Gear wrote:> Tom Eastep wrote: > > ... > > 6) The RFC1918 file has been updated to reflect recent IANA > > allocations. > > On that note, is there an option at the moment to do egress filtering on > RFC1918 addresses?No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net