Shorewall 4.5.9 Beta 2 is now available for testing. Problems Corrected: 1) This release contains all defect repair from Shorewall 4.5.8.2. 2) A typo has been corrected in the shorewallrc.default file. 3) Beginning with Shorewall 4.5.7.2, Shorewall unconditionally restores the provider mark as the first rule in the mangle table OUTPUT and PREROUTING chains. Previously, the provider mark was restored only if it was non-zero. It has become clear that some users need it one way while others need it the other way. To resolve this issue, a RESTORE_ROUTEMARKS option has been added to shorewall.conf and shorewall6.conf. When this option is set to Yes (the default), the 4.5.7.2 approach is used (always restore the mark, even if it is zero); when it is set to No, the pre-4.5.7.2 behavior is retained. New Features: 1) Prior to this release, if a dynamic zone was associated with more than one interface, then Shorewall created a separate ipset for each interface. This meant that multiple ''add'' and ''delete'' commands might be required to change the zone composition. This release introduces a ''dynamic_shared'' zone option. When that option is specified, a single ipset is generated regardless of the number of entries the zone has in the hosts file. The ''dynamic_shared'' option may only be specified in the OPTIONS column of the zones file. The syntax of the ''add'' and ''delete'' commands is changed for zones having the ''dynamic_shared'' option: add <zone> <address>[,<address> ... ] delete <zone> <address>[,<address> ... ] Example: shorewall add direct 172.20.1.99 The syntax for ''add'' and ''delete'' for zones not having the ''dynamic_shared'' option is unchanged. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don''t let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev