Beta 2 is now available for testing.
Problems corrected:
1) When the logical and physical name of an interface were different,
including the logical name in the tcdevices file caused the
device''s classes to be ignored. This defect was introduced in
Shorewall 4.4.23.
2) When BLACKLISTNEWONLY=Yes, the new blacklisting feature would prevent rules
in the ESTABLISHED and RELATED sections from being used.
New Feature:
1) ''6in4'' has been added as a synonum for
''6to4'' in the TYPE column of
the tunnels file.
2) The handling of IN_BANDWIDTH in both /etc/shorewall/tcdevices and
/etc/shorewall/tcinterfaces has been changed. Previously:
a) Simple rate/burst policing was applied using the value(s)
supplied.
b) IPv4 and IPv6 were policed separately.
Beginning with this release:
a) Simple rate/burst policing is applied with 110 percent of the
supplied value. The burst value is used unchanged.
b) A rate estimator is also used. The rate estimator measures the
transfer rate over 1-second intervals and then calculates an
"Exponential Weighted Moving Average" with an 8-second decay
period. The rate estimator is used to limit the average rate to
90% of the specified bandwidth.
c) IPv4 and IPv6 are policed together.
See the documents in
http://ace-host.stuart.id.au/russell/files/tc/doc/ for information
about rate estimators and policing.
These two changes has improved the accuracy of policing in my
tests. The tests were conducted on an internet connection that
reliably transfers at least 45mbps. I have specified a burst size
of 200kb and have used speedtest.net to test clamping download
speed to 30mbps, 35mbps and 40mbps.
I welcome reports from testers about your experience with this
change.
Thank you for testing,
-Tom
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct