thr3ads.net - Shorewall users - Shorewall 2.0.10 [Oct 2004]

If this information is useful, please help other people find it:
Share via:
Tom Eastep
2004-Oct-25 15:57 UTC
Shorewall 2.0.10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10
ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10

Nothing Earth-shattering here and there is no reason to upgrade if you
are not seeing one of the corrected problems.
- -----------------------------------------------------------------------
Problems corrected in version 2.0.10

1) The GATEWAY column was previously ignored in ''pptpserver''
entries in
   /etc/shorewall/tunnels.

2) When log rule numbers are included in the LOGFORMAT, duplicate
   rule numbers could previously be generated.

3) The /etc/shorewall/tcrules file now includes a note to the effect
   that rule evaluation continues after a match.

4) The error message produced if Shorewall couldn''t obtain the routes
   through an interface named in the SUBNET column of
   /etc/shorewall/masq was less than helpful since it didn''t include
   the interface name.
- -----------------------------------------------------------------------
New Features in 2.0.10

The "shorewall status" command has been enhanced to include the values
of key /proc settings:

Example from a two-interface firewall:

/proc

   /proc/sys/net/ipv4/ip_forward = 1
   /proc/sys/net/ipv4/conf/all/proxy_arp = 0
   /proc/sys/net/ipv4/conf/all/arp_filter = 0
   /proc/sys/net/ipv4/conf/all/rp_filter = 0
   /proc/sys/net/ipv4/conf/default/proxy_arp = 0
   /proc/sys/net/ipv4/conf/default/arp_filter = 0
   /proc/sys/net/ipv4/conf/default/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth0/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth0/rp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
   /proc/sys/net/ipv4/conf/eth1/arp_filter = 0
   /proc/sys/net/ipv4/conf/eth1/rp_filter = 0
   /proc/sys/net/ipv4/conf/lo/proxy_arp = 0
   /proc/sys/net/ipv4/conf/lo/arp_filter = 0
   /proc/sys/net/ipv4/conf/lo/rp_filter = 0

- -Tom
- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBfSJgO/MAbZfjDLIRAuSdAKCXDA4qeR4k9nKP6JEzv7ZVL2lqnACfe/5V
EbA/QWhbIpqNHomzr9fwFd8=J3EJ
-----END PGP SIGNATURE-----
Shorewall users - Oct 2004 - Shorewall 2.0.10

Shorewall 2.0.10
