4.4.12 Beta 1 is available for testing:
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Previously, the Shoreall6-lite version of shorecap was using
iptables rather than ip6tables, with the result that many
capabilities that are only available in IPv4 were being reported as
available.
2) In a number of cases, Shorewall6 generated incorrect rules
involving the IPv6 multicast network. The rules specified
ff00::/10 where they should have specified ff00::/8. Also, rules
instantiated when the firewall was stopped used ff80::/10 rather
than fe80::/10 (IPv6 Link Local network).
3) Previously, using a destination port-range with :random produced a
fatal compilation error in REDIRECT rules.
4) A number of problems associated with Shorewall-init and Upstart
have been corrected.
If you use Shorewall-init, then when upgrading to this version, be
sure to recompile all firewall scripts before you take interfaces
down or reboot.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Support has been added for ADD and DEL rules in
/etc/shorewall/rules. ADD allows either the SOURCE or DESTINATION
IP address to be added to an ipset; DEL deletes an address
previously added.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Tom; When the following rule is coded: ADD(set1:src,dst) lan brd tcp 80 "shorewall start" produces the error message: ERROR: Unknown action (ADD(set1) : ....... Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On 7/24/10 11:27 AM, Steven Jan Springl wrote:> Tom; > > When the following rule is coded: > > ADD(set1:src,dst) lan brd tcp 80 > > "shorewall start" produces the error message: > > ERROR: Unknown action (ADD(set1) : .......The attached patch should fix you up (Once you replace ''set1'' with ''+set1''). Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
On Saturday 24 July 2010 19:48:48 Tom Eastep wrote:> On 7/24/10 11:27 AM, Steven Jan Springl wrote: > > Tom; > > > > When the following rule is coded: > > > > ADD(set1:src,dst) lan brd tcp 80 > > > > "shorewall start" produces the error message: > > > > ERROR: Unknown action (ADD(set1) : ....... > > The attached patch should fix you up (Once you replace ''set1'' with > ''+set1''). > > Thanks, > -TomTom That''s fixed it. Thank you. The example in the shorewall-docs-html rules manpage does not preceed the IPSET name with a "+". Steven. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
Just wanted to ask Tom.. Are you a machine? The volume and speed of the development is just incredible! I am always impressed, keep it coming. THANKS W On 24 July 2010 07:50, Tom Eastep <teastep@shorewall.net> wrote:> 4.4.12 Beta 1 is available for testing: > > > ---------------------------------------------------------------------------- > P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E > > ---------------------------------------------------------------------------- > > 1) Previously, the Shoreall6-lite version of shorecap was using > iptables rather than ip6tables, with the result that many > capabilities that are only available in IPv4 were being reported as > available. > > 2) In a number of cases, Shorewall6 generated incorrect rules > involving the IPv6 multicast network. The rules specified > ff00::/10 where they should have specified ff00::/8. Also, rules > instantiated when the firewall was stopped used ff80::/10 rather > than fe80::/10 (IPv6 Link Local network). > > 3) Previously, using a destination port-range with :random produced a > fatal compilation error in REDIRECT rules. > > 4) A number of problems associated with Shorewall-init and Upstart > have been corrected. > > If you use Shorewall-init, then when upgrading to this version, be > sure to recompile all firewall scripts before you take interfaces > down or reboot. > > > ---------------------------------------------------------------------------- > K N O W N P R O B L E M S R E M A I N I N G > > ---------------------------------------------------------------------------- > > None. > > > ---------------------------------------------------------------------------- > N E W F E A T U R E S I N T H I S R E L E A S E > > ---------------------------------------------------------------------------- > > 1) Support has been added for ADD and DEL rules in > /etc/shorewall/rules. ADD allows either the SOURCE or DESTINATION > IP address to be added to an ipset; DEL deletes an address > previously added. > > Thank you for testing, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/
On 7/25/10 9:12 PM, William Hamilton wrote:> Just wanted to ask Tom.. Are you a machine? The volume and speed of > the development is just incredible! I am always impressed, keep it coming.Thanks, William -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/