Shorewall 4.0.10 is available for download from
http://www1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.10
ftp://ftp1.shorewall.net/pub/shorewall/4.0/shorewall-4.0.10
It will be available at the mirrors shortly.
Problems corrected in Shorewall-perl 4.0.10.
1) Shorewall-perl 4.0.9 erroneously reported an error message when a
bridge port was defined in /etc/shorewall/interfaces:
ERROR: Your iptables is not recent enough to support bridge ports
2) Under Shorewall-perl, if an empty action was invoked or was named
in one of the DEFAULT_xxx options in shorewall.conf, an
iptables-restore error occured.
3) If $ADMIN was empty, then the rule:
ACCEPT loc:$ADMIN all
became
ACCEPT loc net
It is now flagged as an error.
4) Previously, Shorewall-perl would reject an IP address range in the
ecn and routestopped files.
5) A POLICY of ":" in /etc/shorewall/policy would produce Perl
run-time errors.
6) An INTERFACE of ":" in /etc/shorewall/interfaces would produce
Perl
run-time errors.
7) A MARK of ":" in /etc/shorewall/tcrules would produce Perl
run-time errors.
Problems corrected in Shorewall-shell 4.0.10.
1) Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in
a fatal error at compile time.
Known Problems Remaining.
1) The ''refresh'' command doesn''t refresh the mangle
table. So changes
made to /etc/shorewall/providers and/or /etc/shorewall/tcrules may
not be reflected in the running ruleset.
Other changes in 4.0.10.
1) The Sample configurations have been updated to set
LOG_MARTIANS=keep. In 4.2, this will be changed to
LOG_MARTIANS=Yes.
2) Shorewall-perl now generates a fatal error if a non-existant shell
variable is used in any configuration file (except
/etc/shorewall/params).
3) Shorewall-perl now supports an ''l2tp'' tunnel type. It
opens UDP
port 1701 in both directions and assumes that the source port will
also be 1701. Some implementations (particularly OS X) use a
different source port. In that case, you should use
''generic:udp:1701'' rather than ''l2tp''.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace