Version Corrected. I was ambitious today and implemented a ''zero-configuration'' feature. Essentially, it is a Universal configuration that can be installed on any system. It allows: - All outgoing connections - Incoming SSH connections - Incoming ''Ping'' By default, it also allows all forwarded connections. That can be disabled with a simple configuration change. This version also corrects several bugs from Beta 2. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
Tom I have been testing Shorewall with iptables 1.4.9. When Shorewall generates the following rule: -A eth1_fwd -p tcp -m set --set z1_eth1 src -m policy --pol none --dir in -j tcpflags iptables-restore produces the following information message: --set option deprecated, please use --match-set Steven. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 8/3/10 2:49 PM, Steven Jan Springl wrote:> Tom > > I have been testing Shorewall with iptables 1.4.9. > > When Shorewall generates the following rule: > > -A eth1_fwd -p tcp -m set --set z1_eth1 src -m policy --pol none --dir in -j > tcpflags > > iptables-restore produces the following information message: > > --set option deprecated, please use --match-setThanks, Steven. I''m not going to do anything about that for a while but I''ll put it on my list of things to do when I get to iptables 1.4.9. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm
On 8/3/10 2:57 PM, Tom Eastep wrote:> On 8/3/10 2:49 PM, Steven Jan Springl wrote: >> Tom >> >> I have been testing Shorewall with iptables 1.4.9. >> >> When Shorewall generates the following rule: >> >> -A eth1_fwd -p tcp -m set --set z1_eth1 src -m policy --pol none --dir in -j >> tcpflags >> >> iptables-restore produces the following information message: >> >> --set option deprecated, please use --match-set > > Thanks, Steven. I''m not going to do anything about that for a while but > I''ll put it on my list of things to do when I get to iptables 1.4.9.Okay -- Beta4 will get rid of the warning; I won''t support IPv6 ipsets until it is available to test. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm