Shorewall devel - Oct 2010 - Shorewall 4.4.14 Beta 4

Beta 4 is now available for testing (but the Shorewall home page on the
mirrors, including www.shorewall.net, still shows the current development
release as Beta 3):

Problems Corrected:

1)  The Shorewall-lite and Shorewall6-lite Debian init scripts contained a
    syntax error.

2)  If the -v or -q options were used in /sbin/shorewall-lite or
    /sbin/shorewall6-lite commands that involve the compiled firewall
    script and the resulting effective VERBOSITY was > 2 or < -1, then
    the command would fail.

3)  The log reading commands (show log, logwatch, and dump) returned no
    log records when run on one of the -lite products.

4)  To avoid future confusion, the following obsolete options have been
    deleted from the sample shorewall.conf files:

            BRIDGING
            DELAYBLACKLISTLOAD
            PKTTYPE

    They will still be recognized by the rules compiler.

5)  Exclusion now works with ipset lists (+[...]). See shorewall-exclusion
    (5).

New Features:

1)  An ''scfilter'' extension script has been added. This
extension
    script differs from other such scripts in that it is invoked by the
    command line tools (/sbin/shorewall, /sbin/shorewall6,
    /sbin/shorewall-lite and /sbin/shorewall6-lite).

    The script acts as a filter for the output of the ''show
    connections'' command. Each connection is piped through the filter
    which can modify and/or drop information as desired.

    Example:

        #!/bin/sh
        sed ''s/secmark=0 //''

    That script will remove ''secmark=0 '' from each line.

    The default script is:

        #!/bin/sh
        cat -

    which passes the output through unmodified.

    If you are using Shorewall-lite and/or Shorewall6-lite, the
    scfilter file is kept on the administrative system. The compiler
    encapsulates the script into a shell function that is copied
    into the generated auxillary configuration file
    (firewall.conf). That function is then invoked by the ''show
    connections'' command.

Thank you for testing,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb