-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11
In addition to correcting several bugs, this version adds the following
features:
1) The default Drop and Reject actions now invoke the new standard
action ''AllowICMPs''. This new action accepts critical ICMP
types:
Type 3 code 4 (fragmentation needed)
Type 11 (TTL exceeded)
2) Explicit control over the kernel''s Martian logging is now provided
using the new ''logmartians'' interface option. If you
include
''logmartians'' in the interface option list then logging of
Martian
packets on will be enabled on the specified interface.
If you wish to globally enable martian logging, you can set
MARTIAN_LOGGING=Yes in shorewall.conf.
3) You may now cause Shorewall to use the ''--set-mss'' option
of the
TCPMSS target. In other words, you can cause Shorewall to set the
MSS field of SYN packets passing through the firewall to the value
you specify. This feature extends the existing CLAMPMSS option in
/etc/shorewall/shorewall.conf by allowing that option to have a
numeric value as well as the values "Yes" and "No".
Example:
CLAMPMSS=1400
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBbor+O/MAbZfjDLIRAqEcAJ938Av9E3DL50onNmR7KPahYPs9gACfZKGu
JlU6yC9wdagYZ3AqNT/eMRc=he4z
-----END PGP SIGNATURE-----
